Index: sys/amd64/conf/GENERIC =================================================================== --- sys/amd64/conf/GENERIC (revision 239685) +++ sys/amd64/conf/GENERIC (working copy) @@ -70,6 +70,7 @@ options KDTRACE_FRAME # Ensure frames are compil options KDTRACE_HOOKS # Kernel DTrace hooks options DDB_CTF # Kernel ELF linker loads CTF data options INCLUDE_CONFIG_FILE # Include this file in kernel +options NETSTACK # Debugging support. Always need this: options KDB # Enable kernel debugger support. Index: sys/compat/freebsd32/freebsd32_sysent.c =================================================================== --- sys/compat/freebsd32/freebsd32_sysent.c (revision 239685) +++ sys/compat/freebsd32/freebsd32_sysent.c (working copy) @@ -518,10 +518,10 @@ struct sysent freebsd32_sysent[] = { { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 468 = nosys */ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 469 = __getpath_fromfd */ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 470 = __getpath_fromaddr */ - { AS(sctp_peeloff_args), (sy_call_t *)sys_sctp_peeloff, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 471 = sctp_peeloff */ - { AS(sctp_generic_sendmsg_args), (sy_call_t *)sys_sctp_generic_sendmsg, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 472 = sctp_generic_sendmsg */ - { AS(sctp_generic_sendmsg_iov_args), (sy_call_t *)sys_sctp_generic_sendmsg_iov, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 473 = sctp_generic_sendmsg_iov */ - { AS(sctp_generic_recvmsg_args), (sy_call_t *)sys_sctp_generic_recvmsg, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 474 = sctp_generic_recvmsg */ + { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 471 = sctp_peeloff */ + { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 472 = sctp_generic_sendmsg */ + { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 473 = sctp_generic_sendmsg_iov */ + { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 474 = sctp_generic_recvmsg */ #ifdef PAD64_REQUIRED { AS(freebsd32_pread_args), (sy_call_t *)freebsd32_pread, AUE_PREAD, NULL, 0, 0, 0, SY_THR_STATIC }, /* 475 = freebsd32_pread */ { AS(freebsd32_pwrite_args), (sy_call_t *)freebsd32_pwrite, AUE_PWRITE, NULL, 0, 0, 0, SY_THR_STATIC }, /* 476 = freebsd32_pwrite */ Index: sys/conf/files =================================================================== --- sys/conf/files (revision 239685) +++ sys/conf/files (working copy) @@ -77,7 +77,7 @@ snd_fxdiv_gen.h optional sound \ compile-with "${AWK} -f $S/tools/sound/snd_fxdiv_gen.awk -- > snd_fxdiv_gen.h" \ no-obj no-implicit-rule before-depend \ clean "snd_fxdiv_gen.h" -miidevs.h optional miibus | mii \ +miidevs.h optional miibus netstack | mii netstack \ dependency "$S/tools/miidevs2h.awk $S/dev/mii/miidevs" \ compile-with "${AWK} -f $S/tools/miidevs2h.awk $S/dev/mii/miidevs" \ no-obj no-implicit-rule before-depend \ @@ -437,31 +437,31 @@ contrib/dev/acpica/components/utilities/utstate.c contrib/dev/acpica/components/utilities/utxface.c optional acpi contrib/dev/acpica/components/utilities/utxferror.c optional acpi #contrib/dev/acpica/components/utilities/utxfmutex.c optional acpi -contrib/ipfilter/netinet/fil.c optional ipfilter inet \ +contrib/ipfilter/netinet/fil.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} ${NO_WSELF_ASSIGN} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_auth.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_auth.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_fil_freebsd.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_fil_freebsd.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_frag.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_frag.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_log.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_log.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_nat.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_nat.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_proxy.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_proxy.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} ${NO_WSELF_ASSIGN} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_state.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_state.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_lookup.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_lookup.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} ${NO_WSELF_ASSIGN} -Wno-error -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_pool.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_pool.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_htable.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_htable.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/ip_sync.c optional ipfilter inet \ +contrib/ipfilter/netinet/ip_sync.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/ipfilter" -contrib/ipfilter/netinet/mlfk_ipl.c optional ipfilter inet \ +contrib/ipfilter/netinet/mlfk_ipl.c optional ipfilter inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/ipfilter" contrib/libfdt/fdt.c optional fdt contrib/libfdt/fdt_ro.c optional fdt @@ -513,27 +513,27 @@ contrib/ngatm/netnatm/sig/sig_unimsgcpy.c optional compile-with "${NORMAL_C} -I$S/contrib/ngatm" contrib/ngatm/netnatm/sig/sig_verify.c optional ngatm_uni \ compile-with "${NORMAL_C} -I$S/contrib/ngatm" -contrib/pf/net/if_pflog.c optional pflog pf inet \ +contrib/pf/net/if_pflog.c optional pflog pf inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -contrib/pf/net/if_pfsync.c optional pfsync pf inet \ +contrib/pf/net/if_pfsync.c optional pfsync pf inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -contrib/pf/net/pf.c optional pf inet \ +contrib/pf/net/pf.c optional pf inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -contrib/pf/net/pf_if.c optional pf inet \ +contrib/pf/net/pf_if.c optional pf inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -contrib/pf/net/pf_ioctl.c optional pf inet \ +contrib/pf/net/pf_ioctl.c optional pf inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -contrib/pf/net/pf_lb.c optional pf inet \ +contrib/pf/net/pf_lb.c optional pf inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -contrib/pf/net/pf_norm.c optional pf inet \ +contrib/pf/net/pf_norm.c optional pf inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -contrib/pf/net/pf_osfp.c optional pf inet \ +contrib/pf/net/pf_osfp.c optional pf inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -contrib/pf/net/pf_ruleset.c optional pf inet \ +contrib/pf/net/pf_ruleset.c optional pf inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -contrib/pf/net/pf_table.c optional pf inet \ +contrib/pf/net/pf_table.c optional pf inet netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -contrib/pf/netinet/in4_cksum.c optional pf inet +contrib/pf/netinet/in4_cksum.c optional pf inet netstack crypto/blowfish/bf_ecb.c optional ipsec crypto/blowfish/bf_skey.c optional crypto | ipsec crypto/camellia/camellia.c optional crypto | ipsec @@ -630,8 +630,8 @@ dev/advansys/adw_pci.c optional adw pci dev/advansys/adwcam.c optional adw dev/advansys/adwlib.c optional adw dev/advansys/adwmcode.c optional adw -dev/ae/if_ae.c optional ae pci -dev/age/if_age.c optional age pci +dev/ae/if_ae.c optional ae pci netstack +dev/age/if_age.c optional age pci netstack dev/agp/agp.c optional agp pci dev/agp/agp_if.m optional agp pci dev/aha/aha.c optional aha @@ -656,17 +656,17 @@ dev/aic7xxx/aic7xxx.c optional ahc dev/aic7xxx/aic7xxx_93cx6.c optional ahc dev/aic7xxx/aic7xxx_osm.c optional ahc dev/aic7xxx/aic7xxx_pci.c optional ahc pci -dev/alc/if_alc.c optional alc pci -dev/ale/if_ale.c optional ale pci +dev/alc/if_alc.c optional alc pci netstack +dev/ale/if_ale.c optional ale pci netstack dev/amr/amr.c optional amr dev/amr/amr_cam.c optional amrp amr dev/amr/amr_disk.c optional amr dev/amr/amr_linux.c optional amr compat_linux dev/amr/amr_pci.c optional amr pci -dev/an/if_an.c optional an -dev/an/if_an_isa.c optional an isa -dev/an/if_an_pccard.c optional an pccard -dev/an/if_an_pci.c optional an pci +dev/an/if_an.c optional an netstack +dev/an/if_an_isa.c optional an isa netstack +dev/an/if_an_pccard.c optional an pccard netstack +dev/an/if_an_pci.c optional an pci netstack dev/asr/asr.c optional asr pci \ compile-with "${NORMAL_C} ${NO_WARRAY_BOUNDS}" # @@ -712,307 +712,307 @@ dev/ata/atapi-fd.c optional atapifd dev/ata/atapi-tape.c optional atapist dev/ata/atapi-cam.c optional atapicam # -dev/ath/if_ath_pci.c optional ath_pci pci \ +dev/ath/if_ath_pci.c optional ath_pci pci netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" # -dev/ath/if_ath_ahb.c optional ath_ahb \ +dev/ath/if_ath_ahb.c optional ath_ahb netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" # -dev/ath/if_ath.c optional ath \ +dev/ath/if_ath.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_beacon.c optional ath \ +dev/ath/if_ath_beacon.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_debug.c optional ath \ +dev/ath/if_ath_debug.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_keycache.c optional ath \ +dev/ath/if_ath_keycache.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_led.c optional ath \ +dev/ath/if_ath_led.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_tx.c optional ath \ +dev/ath/if_ath_tx.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_tx_edma.c optional ath \ +dev/ath/if_ath_tx_edma.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_tx_ht.c optional ath \ +dev/ath/if_ath_tx_ht.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_tdma.c optional ath \ +dev/ath/if_ath_tdma.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_sysctl.c optional ath \ +dev/ath/if_ath_sysctl.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_rx.c optional ath \ +dev/ath/if_ath_rx.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/if_ath_rx_edma.c optional ath \ +dev/ath/if_ath_rx_edma.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/ah_osdep.c optional ath \ +dev/ath/ah_osdep.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" # -dev/ath/ath_hal/ah.c optional ath \ +dev/ath/ath_hal/ah.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/ath_hal/ah_eeprom_v1.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ah_eeprom_v1.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/ath_hal/ah_eeprom_v3.c optional ath_hal | ath_ar5211 | ath_ar5212 \ +dev/ath/ath_hal/ah_eeprom_v3.c optional ath_hal netstack | ath_ar5211 netstack | ath_ar5212 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" dev/ath/ath_hal/ah_eeprom_v14.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" dev/ath/ath_hal/ah_eeprom_v4k.c \ - optional ath_hal | ath_ar9285 \ + optional ath_hal netstack | ath_ar9285 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" dev/ath/ath_hal/ah_eeprom_9287.c \ - optional ath_hal | ath_ar9287 \ + optional ath_hal netstack | ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/ath_hal/ah_regdomain.c optional ath \ +dev/ath/ath_hal/ah_regdomain.c optional ath netstack \ compile-with "${NORMAL_C} ${NO_WSHIFT_COUNT_NEGATIVE} ${NO_WSHIFT_COUNT_OVERFLOW} -I$S/dev/ath" # ar5210 -dev/ath/ath_hal/ar5210/ar5210_attach.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ar5210/ar5210_attach.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5210/ar5210_beacon.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ar5210/ar5210_beacon.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5210/ar5210_interrupts.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ar5210/ar5210_interrupts.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5210/ar5210_keycache.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ar5210/ar5210_keycache.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5210/ar5210_misc.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ar5210/ar5210_misc.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5210/ar5210_phy.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ar5210/ar5210_phy.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5210/ar5210_power.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ar5210/ar5210_power.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5210/ar5210_recv.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ar5210/ar5210_recv.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5210/ar5210_reset.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ar5210/ar5210_reset.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5210/ar5210_xmit.c optional ath_hal | ath_ar5210 \ +dev/ath/ath_hal/ar5210/ar5210_xmit.c optional ath_hal netstack | ath_ar5210 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" # ar5211 -dev/ath/ath_hal/ar5211/ar5211_attach.c optional ath_hal | ath_ar5211 \ +dev/ath/ath_hal/ar5211/ar5211_attach.c optional ath_hal netstack | ath_ar5211 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5211/ar5211_beacon.c optional ath_hal | ath_ar5211 \ +dev/ath/ath_hal/ar5211/ar5211_beacon.c optional ath_hal netstack | ath_ar5211 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5211/ar5211_interrupts.c optional ath_hal | ath_ar5211 \ +dev/ath/ath_hal/ar5211/ar5211_interrupts.c optional ath_hal netstack | ath_ar5211 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5211/ar5211_keycache.c optional ath_hal | ath_ar5211 \ +dev/ath/ath_hal/ar5211/ar5211_keycache.c optional ath_hal netstack | ath_ar5211 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5211/ar5211_misc.c optional ath_hal | ath_ar5211 \ +dev/ath/ath_hal/ar5211/ar5211_misc.c optional ath_hal netstack | ath_ar5211 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5211/ar5211_phy.c optional ath_hal | ath_ar5211 \ +dev/ath/ath_hal/ar5211/ar5211_phy.c optional ath_hal netstack | ath_ar5211 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5211/ar5211_power.c optional ath_hal | ath_ar5211 \ +dev/ath/ath_hal/ar5211/ar5211_power.c optional ath_hal netstack | ath_ar5211 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5211/ar5211_recv.c optional ath_hal | ath_ar5211 \ +dev/ath/ath_hal/ar5211/ar5211_recv.c optional ath_hal netstack | ath_ar5211 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5211/ar5211_reset.c optional ath_hal | ath_ar5211 \ +dev/ath/ath_hal/ar5211/ar5211_reset.c optional ath_hal netstack | ath_ar5211 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5211/ar5211_xmit.c optional ath_hal | ath_ar5211 \ +dev/ath/ath_hal/ar5211/ar5211_xmit.c optional ath_hal netstack | ath_ar5211 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" # ar5212 dev/ath/ath_hal/ar5212/ar5212_ani.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_attach.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_beacon.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_eeprom.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_gpio.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_interrupts.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_keycache.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_misc.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_phy.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_power.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_recv.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_reset.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_rfgain.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5212/ar5212_xmit.c \ - optional ath_hal | ath_ar5212 | ath_ar5416 | ath_ar9160 | ath_ar9280 | \ - ath_ar9285 ath_ar9287 \ + optional ath_hal netstack | ath_ar5212 netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | \ + ath_ar9285 ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" # ar5416 (depends on ar5212) dev/ath/ath_hal/ar5416/ar5416_ani.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_attach.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_beacon.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_cal.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_cal_iq.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_cal_adcgain.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_cal_adcdc.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_eeprom.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_gpio.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_interrupts.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_keycache.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_misc.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_phy.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_power.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_radar.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_recv.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_reset.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" dev/ath/ath_hal/ar5416/ar5416_xmit.c \ - optional ath_hal | ath_ar5416 | ath_ar9160 | ath_ar9280 | ath_ar9285 | \ - ath_ar9287 \ + optional ath_hal netstack | ath_ar5416 netstack | ath_ar9160 netstack | ath_ar9280 netstack | ath_ar9285 netstack | \ + ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" # ar9130 (depends upon ar5416) - also requires AH_SUPPORT_AR9130 # # Since this is an embedded MAC SoC, there's no need to compile it into the # default HAL. -dev/ath/ath_hal/ar9001/ar9130_attach.c optional ath_ar9130 \ +dev/ath/ath_hal/ar9001/ar9130_attach.c optional ath_ar9130 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9001/ar9130_phy.c optional ath_ar9130 \ +dev/ath/ath_hal/ar9001/ar9130_phy.c optional ath_ar9130 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9001/ar9130_eeprom.c optional ath_ar9130 \ +dev/ath/ath_hal/ar9001/ar9130_eeprom.c optional ath_ar9130 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" # ar9160 (depends on ar5416) -dev/ath/ath_hal/ar9001/ar9160_attach.c optional ath_hal | ath_ar9160 \ +dev/ath/ath_hal/ar9001/ar9160_attach.c optional ath_hal netstack | ath_ar9160 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" # ar9280 (depends on ar5416) -dev/ath/ath_hal/ar9002/ar9280_attach.c optional ath_hal | ath_ar9280 | \ - ath_ar9285 \ +dev/ath/ath_hal/ar9002/ar9280_attach.c optional ath_hal netstack | ath_ar9280 netstack | \ + ath_ar9285 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9280_olc.c optional ath_hal | ath_ar9280 | \ - ath_ar9285 \ +dev/ath/ath_hal/ar9002/ar9280_olc.c optional ath_hal netstack | ath_ar9280 netstack | \ + ath_ar9285 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" # ar9285 (depends on ar5416 and ar9280) -dev/ath/ath_hal/ar9002/ar9285_attach.c optional ath_hal | ath_ar9285 \ +dev/ath/ath_hal/ar9002/ar9285_attach.c optional ath_hal netstack | ath_ar9285 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9285_reset.c optional ath_hal | ath_ar9285 \ +dev/ath/ath_hal/ar9002/ar9285_reset.c optional ath_hal netstack | ath_ar9285 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9285_cal.c optional ath_hal | ath_ar9285 \ +dev/ath/ath_hal/ar9002/ar9285_cal.c optional ath_hal netstack | ath_ar9285 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9285_phy.c optional ath_hal | ath_ar9285 \ +dev/ath/ath_hal/ar9002/ar9285_phy.c optional ath_hal netstack | ath_ar9285 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9285_diversity.c optional ath_hal | ath_ar9285 \ +dev/ath/ath_hal/ar9002/ar9285_diversity.c optional ath_hal netstack | ath_ar9285 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" # ar9287 (depends on ar5416) -dev/ath/ath_hal/ar9002/ar9287_attach.c optional ath_hal | ath_ar9287 \ +dev/ath/ath_hal/ar9002/ar9287_attach.c optional ath_hal netstack | ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9287_reset.c optional ath_hal | ath_ar9287 \ +dev/ath/ath_hal/ar9002/ar9287_reset.c optional ath_hal netstack | ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9287_cal.c optional ath_hal | ath_ar9287 \ +dev/ath/ath_hal/ar9002/ar9287_cal.c optional ath_hal netstack | ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9287_olc.c optional ath_hal | ath_ar9287 \ +dev/ath/ath_hal/ar9002/ar9287_olc.c optional ath_hal netstack | ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" # rf backends -dev/ath/ath_hal/ar5212/ar2316.c optional ath_rf2316 \ +dev/ath/ath_hal/ar5212/ar2316.c optional ath_rf2316 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5212/ar2317.c optional ath_rf2317 \ +dev/ath/ath_hal/ar5212/ar2317.c optional ath_rf2317 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5212/ar2413.c optional ath_hal | ath_rf2413 \ +dev/ath/ath_hal/ar5212/ar2413.c optional ath_hal netstack | ath_rf2413 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5212/ar2425.c optional ath_hal | ath_rf2425 | ath_rf2417 \ +dev/ath/ath_hal/ar5212/ar2425.c optional ath_hal netstack | ath_rf2425 netstack | ath_rf2417 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5212/ar5111.c optional ath_hal | ath_rf5111 \ +dev/ath/ath_hal/ar5212/ar5111.c optional ath_hal netstack | ath_rf5111 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5212/ar5112.c optional ath_hal | ath_rf5112 \ +dev/ath/ath_hal/ar5212/ar5112.c optional ath_hal netstack | ath_rf5112 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5212/ar5413.c optional ath_hal | ath_rf5413 \ +dev/ath/ath_hal/ar5212/ar5413.c optional ath_hal netstack | ath_rf5413 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar5416/ar2133.c optional ath_hal | ath_ar5416 | \ - ath_ar9130 | ath_ar9160 | ath_ar9280 \ +dev/ath/ath_hal/ar5416/ar2133.c optional ath_hal netstack | ath_ar5416 netstack | \ + ath_ar9130 netstack | ath_ar9160 netstack | ath_ar9280 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9280.c optional ath_hal | ath_ar9280 | ath_ar9285 \ +dev/ath/ath_hal/ar9002/ar9280.c optional ath_hal netstack | ath_ar9280 netstack | ath_ar9285 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9285.c optional ath_hal | ath_ar9285 \ +dev/ath/ath_hal/ar9002/ar9285.c optional ath_hal netstack | ath_ar9285 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" -dev/ath/ath_hal/ar9002/ar9287.c optional ath_hal | ath_ar9287 \ +dev/ath/ath_hal/ar9002/ar9287.c optional ath_hal netstack | ath_ar9287 netstack \ compile-with "${NORMAL_C} -I$S/dev/ath -I$S/dev/ath/ath_hal" # ath rate control algorithms -dev/ath/ath_rate/amrr/amrr.c optional ath_rate_amrr \ +dev/ath/ath_rate/amrr/amrr.c optional ath_rate_amrr netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/ath_rate/onoe/onoe.c optional ath_rate_onoe \ +dev/ath/ath_rate/onoe/onoe.c optional ath_rate_onoe netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" -dev/ath/ath_rate/sample/sample.c optional ath_rate_sample \ +dev/ath/ath_rate/sample/sample.c optional ath_rate_sample netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" # ath DFS modules -dev/ath/ath_dfs/null/dfs_null.c optional ath \ +dev/ath/ath_dfs/null/dfs_null.c optional ath netstack \ compile-with "${NORMAL_C} -I$S/dev/ath" # -dev/bce/if_bce.c optional bce -dev/bfe/if_bfe.c optional bfe -dev/bge/if_bge.c optional bge +dev/bce/if_bce.c optional bce netstack +dev/bfe/if_bfe.c optional bfe netstack +dev/bge/if_bge.c optional bge netstack dev/bktr/bktr_audio.c optional bktr pci dev/bktr/bktr_card.c optional bktr pci dev/bktr/bktr_core.c optional bktr pci @@ -1031,12 +1031,12 @@ dev/bwi/bwirf.c optional bwi dev/bwi/if_bwi.c optional bwi dev/bwi/if_bwi_pci.c optional bwi pci dev/bwn/if_bwn.c optional bwn siba_bwn -dev/bxe/if_bxe.c optional bxe -dev/bxe/bxe_link.c optional bxe +dev/bxe/if_bxe.c optional bxe netstack +dev/bxe/bxe_link.c optional bxe netstack dev/cardbus/cardbus.c optional cardbus dev/cardbus/cardbus_cis.c optional cardbus dev/cardbus/cardbus_device.c optional cardbus -dev/cas/if_cas.c optional cas +dev/cas/if_cas.c optional cas netstack dev/cfi/cfi_core.c optional cfi dev/cfi/cfi_dev.c optional cfi dev/cfi/cfi_disk.c optional cfid @@ -1045,9 +1045,9 @@ dev/cm/smc90cx6.c optional cm dev/cmx/cmx.c optional cmx dev/cmx/cmx_pccard.c optional cmx pccard dev/cpufreq/ichss.c optional cpufreq -dev/cs/if_cs.c optional cs -dev/cs/if_cs_isa.c optional cs isa -dev/cs/if_cs_pccard.c optional cs pccard +dev/cs/if_cs.c optional cs netstack +dev/cs/if_cs_isa.c optional cs isa netstack +dev/cs/if_cs_pccard.c optional cs pccard netstack dev/cxgb/cxgb_main.c optional cxgb pci \ compile-with "${NORMAL_C} -I$S/dev/cxgb" dev/cxgb/cxgb_sge.c optional cxgb pci \ @@ -1085,13 +1085,13 @@ dev/cxgbe/common/t4_hw.c optional cxgbe pci \ dev/cy/cy.c optional cy dev/cy/cy_isa.c optional cy isa dev/cy/cy_pci.c optional cy pci -dev/dc/if_dc.c optional dc pci -dev/dc/dcphy.c optional dc pci -dev/dc/pnphy.c optional dc pci +dev/dc/if_dc.c optional dc pci netstack +dev/dc/dcphy.c optional dc pci netstack +dev/dc/pnphy.c optional dc pci netstack dev/dcons/dcons.c optional dcons dev/dcons/dcons_crom.c optional dcons_crom dev/dcons/dcons_os.c optional dcons -dev/de/if_de.c optional de pci +dev/de/if_de.c optional de pci netstack dev/digi/CX.c optional digi_CX dev/digi/CX_PCI.c optional digi_CX_PCI dev/digi/EPCX.c optional digi_EPCX @@ -1172,66 +1172,66 @@ dev/drm/via_map.c optional viadrm dev/drm/via_mm.c optional viadrm dev/drm/via_verifier.c optional viadrm dev/drm/via_video.c optional viadrm -dev/ed/if_ed.c optional ed -dev/ed/if_ed_novell.c optional ed -dev/ed/if_ed_rtl80x9.c optional ed -dev/ed/if_ed_pccard.c optional ed pccard -dev/ed/if_ed_pci.c optional ed pci +dev/ed/if_ed.c optional ed netstack +dev/ed/if_ed_novell.c optional ed netstack +dev/ed/if_ed_rtl80x9.c optional ed netstack +dev/ed/if_ed_pccard.c optional ed pccard netstack +dev/ed/if_ed_pci.c optional ed pci netstack dev/eisa/eisa_if.m standard dev/eisa/eisaconf.c optional eisa -dev/e1000/if_em.c optional em \ +dev/e1000/if_em.c optional em netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/if_lem.c optional em \ +dev/e1000/if_lem.c optional em netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/if_igb.c optional igb \ +dev/e1000/if_igb.c optional igb inet netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_80003es2lan.c optional em | igb \ +dev/e1000/e1000_80003es2lan.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_82540.c optional em | igb \ +dev/e1000/e1000_82540.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_82541.c optional em | igb \ +dev/e1000/e1000_82541.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_82542.c optional em | igb \ +dev/e1000/e1000_82542.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_82543.c optional em | igb \ +dev/e1000/e1000_82543.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_82571.c optional em | igb \ +dev/e1000/e1000_82571.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_82575.c optional em | igb \ +dev/e1000/e1000_82575.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_ich8lan.c optional em | igb \ +dev/e1000/e1000_ich8lan.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_i210.c optional em | igb \ +dev/e1000/e1000_i210.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_api.c optional em | igb \ +dev/e1000/e1000_api.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_mac.c optional em | igb \ +dev/e1000/e1000_mac.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_manage.c optional em | igb \ +dev/e1000/e1000_manage.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_nvm.c optional em | igb \ +dev/e1000/e1000_nvm.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_phy.c optional em | igb \ +dev/e1000/e1000_phy.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_vf.c optional em | igb \ +dev/e1000/e1000_vf.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_mbx.c optional em | igb \ +dev/e1000/e1000_mbx.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/e1000/e1000_osdep.c optional em | igb \ +dev/e1000/e1000_osdep.c optional em netstack | igb netstack \ compile-with "${NORMAL_C} -I$S/dev/e1000" -dev/et/if_et.c optional et +dev/et/if_et.c optional et netstack dev/en/if_en_pci.c optional en pci dev/en/midway.c optional en -dev/ep/if_ep.c optional ep -dev/ep/if_ep_eisa.c optional ep eisa -dev/ep/if_ep_isa.c optional ep isa -dev/ep/if_ep_mca.c optional ep mca -dev/ep/if_ep_pccard.c optional ep pccard +dev/ep/if_ep.c optional ep netstack +dev/ep/if_ep_eisa.c optional ep eisa netstack +dev/ep/if_ep_isa.c optional ep isa netstack +dev/ep/if_ep_mca.c optional ep mca netstack +dev/ep/if_ep_pccard.c optional ep pccard netstack dev/esp/esp_pci.c optional esp pci dev/esp/ncr53c9x.c optional esp -dev/ex/if_ex.c optional ex -dev/ex/if_ex_isa.c optional ex isa -dev/ex/if_ex_pccard.c optional ex pccard +dev/ex/if_ex.c optional ex netstack +dev/ex/if_ex_isa.c optional ex isa netstack +dev/ex/if_ex_pccard.c optional ex pccard netstack dev/exca/exca.c optional cbb dev/fatm/if_fatm.c optional fatm pci dev/fb/splash.c optional splash @@ -1241,8 +1241,8 @@ dev/fdt/fdt_slicer.c optional fdt cfi | fdt nand dev/fdt/fdt_static_dtb.S optional fdt fdt_dtb_static dev/fdt/fdtbus.c optional fdt dev/fdt/simplebus.c optional fdt -dev/fe/if_fe.c optional fe -dev/fe/if_fe_pccard.c optional fe pccard +dev/fe/if_fe.c optional fe netstack +dev/fe/if_fe_pccard.c optional fe pccard netstack dev/firewire/firewire.c optional firewire dev/firewire/fwcrom.c optional firewire dev/firewire/fwdev.c optional firewire @@ -1250,17 +1250,17 @@ dev/firewire/fwdma.c optional firewire dev/firewire/fwmem.c optional firewire dev/firewire/fwohci.c optional firewire dev/firewire/fwohci_pci.c optional firewire pci -dev/firewire/if_fwe.c optional fwe -dev/firewire/if_fwip.c optional fwip +dev/firewire/if_fwe.c optional fwe netstack +dev/firewire/if_fwip.c optional fwip netstack dev/firewire/sbp.c optional sbp dev/firewire/sbp_targ.c optional sbp_targ dev/flash/at45d.c optional at45d dev/flash/mx25l.c optional mx25l -dev/fxp/if_fxp.c optional fxp -dev/fxp/inphy.c optional fxp -dev/gem/if_gem.c optional gem -dev/gem/if_gem_pci.c optional gem pci -dev/gem/if_gem_sbus.c optional gem sbus +dev/fxp/if_fxp.c optional fxp netstack +dev/fxp/inphy.c optional fxp netstack +dev/gem/if_gem.c optional gem netstack +dev/gem/if_gem_pci.c optional gem pci netstack +dev/gem/if_gem_sbus.c optional gem sbus netstack dev/gpio/gpiobus.c optional gpio \ dependency "gpiobus_if.h" dev/gpio/gpioc.c optional gpio \ @@ -1275,9 +1275,9 @@ dev/hatm/if_hatm_ioctl.c optional hatm pci dev/hatm/if_hatm_rx.c optional hatm pci dev/hatm/if_hatm_tx.c optional hatm pci dev/hifn/hifn7751.c optional hifn -dev/hme/if_hme.c optional hme -dev/hme/if_hme_pci.c optional hme pci -dev/hme/if_hme_sbus.c optional hme sbus +dev/hme/if_hme.c optional hme netstack +dev/hme/if_hme_pci.c optional hme pci netstack +dev/hme/if_hme_sbus.c optional hme sbus netstack dev/hptiop/hptiop.c optional hptiop scbus dev/hwpmc/hwpmc_logging.c optional hwpmc dev/hwpmc/hwpmc_mod.c optional hwpmc @@ -1288,8 +1288,8 @@ dev/ida/ida.c optional ida dev/ida/ida_disk.c optional ida dev/ida/ida_eisa.c optional ida eisa dev/ida/ida_pci.c optional ida pci -dev/ie/if_ie.c optional ie isa nowerror -dev/ie/if_ie_isa.c optional ie isa +dev/ie/if_ie.c optional ie isa nowerror netstack +dev/ie/if_ie_isa.c optional ie isa netstack dev/ieee488/ibfoo.c optional pcii | tnt4882 dev/ieee488/pcii.c optional pcii dev/ieee488/tnt4882.c optional tnt4882 @@ -1318,7 +1318,7 @@ dev/ips/ips_commands.c optional ips dev/ips/ips_disk.c optional ips dev/ips/ips_ioctl.c optional ips dev/ips/ips_pci.c optional ips pci -dev/ipw/if_ipw.c optional ipw +dev/ipw/if_ipw.c optional ipw netstack ipwbssfw.c optional ipwbssfw | ipwfw \ compile-with "${AWK} -f $S/tools/fw_stub.awk ipw_bss.fw:ipw_bss:130 -lintel_ipw -mipw_bss -c${.TARGET}" \ no-implicit-rule before-depend local \ @@ -1374,7 +1374,7 @@ dev/isp/isp_pci.c optional isp pci dev/isp/isp_sbus.c optional isp sbus dev/isp/isp_target.c optional isp dev/ispfw/ispfw.c optional ispfw -dev/iwi/if_iwi.c optional iwi +dev/iwi/if_iwi.c optional iwi netstack iwibssfw.c optional iwibssfw | iwifw \ compile-with "${AWK} -f $S/tools/fw_stub.awk iwi_bss.fw:iwi_bss:300 -lintel_iwi -miwi_bss -c${.TARGET}" \ no-implicit-rule before-depend local \ @@ -1417,7 +1417,7 @@ iwi_monitor.fw optional iwimonitorfw | iwifw \ compile-with "uudecode -o ${.TARGET} $S/contrib/dev/iwi/ipw2200-sniffer.fw.uu" \ no-obj no-implicit-rule \ clean "iwi_monitor.fw" -dev/iwn/if_iwn.c optional iwn +dev/iwn/if_iwn.c optional iwn netstack iwn1000fw.c optional iwn1000fw | iwnfw \ compile-with "${AWK} -f $S/tools/fw_stub.awk iwn1000.fw:iwn1000fw -miwn1000fw -c${.TARGET}" \ no-implicit-rule before-depend local \ @@ -1530,45 +1530,45 @@ iwn6050.fw optional iwn6050fw | iwnfw \ compile-with "uudecode -o ${.TARGET} $S/contrib/dev/iwn/iwlwifi-6050-41.28.5.1.fw.uu" \ no-obj no-implicit-rule \ clean "iwn6050.fw" -dev/ixgb/if_ixgb.c optional ixgb -dev/ixgb/ixgb_ee.c optional ixgb -dev/ixgb/ixgb_hw.c optional ixgb -dev/ixgbe/ixgbe.c optional ixgbe inet \ +dev/ixgb/if_ixgb.c optional ixgb netstack +dev/ixgb/ixgb_ee.c optional ixgb netstack +dev/ixgb/ixgb_hw.c optional ixgb netstack +dev/ixgbe/ixgbe.c optional ixgbe inet netstack \ compile-with "${NORMAL_C} -I$S/dev/ixgbe -DSMP -DIXGBE_FDIR" -dev/ixgbe/ixv.c optional ixgbe inet \ +dev/ixgbe/ixv.c optional ixgbe inet netstack \ compile-with "${NORMAL_C} -I$S/dev/ixgbe" -dev/ixgbe/ixgbe_phy.c optional ixgbe inet \ +dev/ixgbe/ixgbe_phy.c optional ixgbe inet netstack \ compile-with "${NORMAL_C} -I$S/dev/ixgbe" -dev/ixgbe/ixgbe_api.c optional ixgbe inet \ +dev/ixgbe/ixgbe_api.c optional ixgbe inet netstack \ compile-with "${NORMAL_C} -I$S/dev/ixgbe" -dev/ixgbe/ixgbe_common.c optional ixgbe inet \ +dev/ixgbe/ixgbe_common.c optional ixgbe inet netstack \ compile-with "${NORMAL_C} -I$S/dev/ixgbe" -dev/ixgbe/ixgbe_mbx.c optional ixgbe inet \ +dev/ixgbe/ixgbe_mbx.c optional ixgbe inet netstack \ compile-with "${NORMAL_C} -I$S/dev/ixgbe" -dev/ixgbe/ixgbe_vf.c optional ixgbe inet \ +dev/ixgbe/ixgbe_vf.c optional ixgbe inet netstack \ compile-with "${NORMAL_C} -I$S/dev/ixgbe" -dev/ixgbe/ixgbe_82598.c optional ixgbe inet \ +dev/ixgbe/ixgbe_82598.c optional ixgbe inet netstack \ compile-with "${NORMAL_C} -I$S/dev/ixgbe" -dev/ixgbe/ixgbe_82599.c optional ixgbe inet \ +dev/ixgbe/ixgbe_82599.c optional ixgbe inet netstack \ compile-with "${NORMAL_C} -I$S/dev/ixgbe" -dev/ixgbe/ixgbe_x540.c optional ixgbe inet \ +dev/ixgbe/ixgbe_x540.c optional ixgbe inet netstack \ compile-with "${NORMAL_C} -I$S/dev/ixgbe" -dev/jme/if_jme.c optional jme pci +dev/jme/if_jme.c optional jme pci netstack dev/joy/joy.c optional joy dev/joy/joy_isa.c optional joy isa dev/joy/joy_pccard.c optional joy pccard dev/kbdmux/kbdmux.c optional kbdmux dev/ksyms/ksyms.c optional ksyms -dev/le/am7990.c optional le -dev/le/am79900.c optional le -dev/le/if_le_pci.c optional le pci -dev/le/lance.c optional le +dev/le/am7990.c optional le netstack +dev/le/am79900.c optional le netstack +dev/le/if_le_pci.c optional le pci netstack +dev/le/lance.c optional le netstack dev/led/led.c standard -dev/lge/if_lge.c optional lge +dev/lge/if_lge.c optional lge netstack dev/lmc/if_lmc.c optional lmc -dev/malo/if_malo.c optional malo -dev/malo/if_malohal.c optional malo -dev/malo/if_malo_pci.c optional malo pci +dev/malo/if_malo.c optional malo netstack +dev/malo/if_malohal.c optional malo netstack +dev/malo/if_malo_pci.c optional malo pci netstack dev/mc146818/mc146818.c optional mc146818 dev/mca/mca_bus.c optional mca dev/mcd/mcd.c optional mcd isa nowerror @@ -1584,40 +1584,40 @@ dev/mfi/mfi_syspd.c optional mfi dev/mfi/mfi_tbolt.c optional mfi dev/mfi/mfi_linux.c optional mfi compat_linux dev/mfi/mfi_cam.c optional mfip scbus -dev/mii/acphy.c optional miibus | acphy -dev/mii/amphy.c optional miibus | amphy -dev/mii/atphy.c optional miibus | atphy -dev/mii/axphy.c optional miibus | axphy -dev/mii/bmtphy.c optional miibus | bmtphy -dev/mii/brgphy.c optional miibus | brgphy -dev/mii/ciphy.c optional miibus | ciphy -dev/mii/e1000phy.c optional miibus | e1000phy -dev/mii/gentbi.c optional miibus | gentbi -dev/mii/icsphy.c optional miibus | icsphy -dev/mii/ip1000phy.c optional miibus | ip1000phy -dev/mii/jmphy.c optional miibus | jmphy -dev/mii/lxtphy.c optional miibus | lxtphy -dev/mii/mii.c optional miibus | mii -dev/mii/mii_bitbang.c optional miibus | mii_bitbang -dev/mii/mii_physubr.c optional miibus | mii -dev/mii/miibus_if.m optional miibus | mii -dev/mii/mlphy.c optional miibus | mlphy -dev/mii/nsgphy.c optional miibus | nsgphy -dev/mii/nsphy.c optional miibus | nsphy -dev/mii/nsphyter.c optional miibus | nsphyter -dev/mii/pnaphy.c optional miibus | pnaphy -dev/mii/qsphy.c optional miibus | qsphy -dev/mii/rdcphy.c optional miibus | rdcphy -dev/mii/rgephy.c optional miibus | rgephy -dev/mii/rlphy.c optional miibus | rlphy -dev/mii/rlswitch.c optional rlswitch -dev/mii/smcphy.c optional miibus | smcphy -dev/mii/tdkphy.c optional miibus | tdkphy -dev/mii/tlphy.c optional miibus | tlphy -dev/mii/truephy.c optional miibus | truephy -dev/mii/ukphy.c optional miibus | mii -dev/mii/ukphy_subr.c optional miibus | mii -dev/mii/xmphy.c optional miibus | xmphy +dev/mii/acphy.c optional miibus netstack | acphy netstack +dev/mii/amphy.c optional miibus netstack | amphy netstack +dev/mii/atphy.c optional miibus netstack | atphy netstack +dev/mii/axphy.c optional miibus netstack | axphy netstack +dev/mii/bmtphy.c optional miibus netstack | bmtphy netstack +dev/mii/brgphy.c optional miibus netstack | brgphy netstack +dev/mii/ciphy.c optional miibus netstack | ciphy netstack +dev/mii/e1000phy.c optional miibus netstack | e1000phy netstack +dev/mii/gentbi.c optional miibus netstack | gentbi netstack +dev/mii/icsphy.c optional miibus netstack | icsphy netstack +dev/mii/ip1000phy.c optional miibus netstack | ip1000phy netstack +dev/mii/jmphy.c optional miibus netstack | jmphy netstack +dev/mii/lxtphy.c optional miibus netstack | lxtphy netstack +dev/mii/mii.c optional miibus netstack | mii netstack +dev/mii/mii_bitbang.c optional miibus netstack | mii_bitbang netstack +dev/mii/mii_physubr.c optional miibus netstack | mii netstack +dev/mii/miibus_if.m optional miibus netstack | mii netstack +dev/mii/mlphy.c optional miibus netstack | mlphy netstack +dev/mii/nsgphy.c optional miibus netstack | nsgphy netstack +dev/mii/nsphy.c optional miibus netstack | nsphy netstack +dev/mii/nsphyter.c optional miibus netstack | nsphyter netstack +dev/mii/pnaphy.c optional miibus netstack | pnaphy netstack +dev/mii/qsphy.c optional miibus netstack | qsphy netstack +dev/mii/rdcphy.c optional miibus netstack | rdcphy netstack +dev/mii/rgephy.c optional miibus netstack | rgephy netstack +dev/mii/rlphy.c optional miibus netstack | rlphy netstack +dev/mii/rlswitch.c optional rlswitch netstack +dev/mii/smcphy.c optional miibus netstack | smcphy netstack +dev/mii/tdkphy.c optional miibus netstack | tdkphy netstack +dev/mii/tlphy.c optional miibus netstack | tlphy netstack +dev/mii/truephy.c optional miibus netstack | truephy netstack +dev/mii/ukphy.c optional miibus netstack | mii netstack +dev/mii/ukphy_subr.c optional miibus netstack | mii netstack +dev/mii/xmphy.c optional miibus netstack | xmphy netstack dev/mk48txx/mk48txx.c optional mk48txx dev/mlx/mlx.c optional mlx dev/mlx/mlx_disk.c optional mlx @@ -1643,13 +1643,13 @@ dev/mpt/mpt_debug.c optional mpt dev/mpt/mpt_pci.c optional mpt pci dev/mpt/mpt_raid.c optional mpt dev/mpt/mpt_user.c optional mpt -dev/msk/if_msk.c optional msk +dev/msk/if_msk.c optional msk inet netstack dev/mvs/mvs.c optional mvs dev/mvs/mvs_if.m optional mvs dev/mvs/mvs_pci.c optional mvs pci -dev/mwl/if_mwl.c optional mwl -dev/mwl/if_mwl_pci.c optional mwl pci -dev/mwl/mwlhal.c optional mwl +dev/mwl/if_mwl.c optional mwl netstack +dev/mwl/if_mwl_pci.c optional mwl pci netstack +dev/mwl/mwlhal.c optional mwl netstack mwlfw.c optional mwlfw \ compile-with "${AWK} -f $S/tools/fw_stub.awk mw88W8363.fw:mw88W8363fw mwlboot.fw:mwlboot -mmwl -c${.TARGET}" \ no-implicit-rule before-depend local \ @@ -1699,7 +1699,7 @@ dev/nand/nfc_if.m optional nand dev/ncv/ncr53c500.c optional ncv dev/ncv/ncr53c500_pccard.c optional ncv pccard dev/netmap/netmap.c optional netmap -dev/nge/if_nge.c optional nge +dev/nge/if_nge.c optional nge netstack dev/nxge/if_nxge.c optional nxge \ compile-with "${NORMAL_C} ${NO_WSELF_ASSIGN}" dev/nxge/xgehal/xgehal-device.c optional nxge \ @@ -1759,12 +1759,12 @@ dev/pci/pci_subr.c optional pci dev/pci/pci_user.c optional pci dev/pci/pcib_if.m standard dev/pci/vga_pci.c optional pci -dev/pcn/if_pcn.c optional pcn pci +dev/pcn/if_pcn.c optional pcn pci netstack dev/pdq/if_fea.c optional fea eisa dev/pdq/if_fpa.c optional fpa pci dev/pdq/pdq.c optional nowerror fea eisa | fpa pci dev/pdq/pdq_ifsubr.c optional nowerror fea eisa | fpa pci -dev/ppbus/if_plip.c optional plip +dev/ppbus/if_plip.c optional plip netstack dev/ppbus/immio.c optional vpo dev/ppbus/lpbb.c optional lpbb dev/ppbus/lpt.c optional lpt @@ -1793,10 +1793,10 @@ dev/puc/puc_pccard.c optional puc pccard dev/puc/puc_pci.c optional puc pci dev/puc/pucdata.c optional puc pci dev/quicc/quicc_core.c optional quicc -dev/ral/rt2560.c optional ral -dev/ral/rt2661.c optional ral -dev/ral/rt2860.c optional ral -dev/ral/if_ral_pci.c optional ral pci +dev/ral/rt2560.c optional ral netstack +dev/ral/rt2661.c optional ral netstack +dev/ral/rt2860.c optional ral netstack +dev/ral/if_ral_pci.c optional ral pci netstack rt2561fw.c optional rt2561fw | ralfw \ compile-with "${AWK} -f $S/tools/fw_stub.awk rt2561.fw:rt2561fw -mrt2561 -c${.TARGET}" \ no-implicit-rule before-depend local \ @@ -1860,7 +1860,7 @@ dev/random/randomdev.c optional random dev/random/randomdev_soft.c optional random dev/random/yarrow.c optional random dev/rc/rc.c optional rc -dev/re/if_re.c optional re +dev/re/if_re.c optional re netstack dev/rndtest/rndtest.c optional rndtest dev/rp/rp.c optional rp dev/rp/rp_isa.c optional rp isa @@ -1877,8 +1877,8 @@ dev/scc/scc_dev_z8530.c optional scc dev/scd/scd.c optional scd isa dev/scd/scd_isa.c optional scd isa dev/sdhci/sdhci.c optional sdhci pci -dev/sf/if_sf.c optional sf pci -dev/sge/if_sge.c optional sge pci +dev/sf/if_sf.c optional sf pci netstack +dev/sge/if_sge.c optional sge pci netstack dev/si/si.c optional si dev/si/si2_z280.c optional si dev/si/si3_t225.c optional si @@ -1888,16 +1888,16 @@ dev/si/si_pci.c optional si pci dev/siba/siba_bwn.c optional siba_bwn pci dev/siba/siba_core.c optional siba_bwn pci dev/siis/siis.c optional siis pci -dev/sis/if_sis.c optional sis pci -dev/sk/if_sk.c optional sk pci +dev/sis/if_sis.c optional sis pci netstack +dev/sk/if_sk.c optional sk pci netstack dev/smbus/smb.c optional smb dev/smbus/smbconf.c optional smbus dev/smbus/smbus.c optional smbus dev/smbus/smbus_if.m optional smbus dev/smc/if_smc.c optional smc -dev/sn/if_sn.c optional sn -dev/sn/if_sn_isa.c optional sn isa -dev/sn/if_sn_pccard.c optional sn pccard +dev/sn/if_sn.c optional sn netstack +dev/sn/if_sn_isa.c optional sn isa netstack +dev/sn/if_sn_pccard.c optional sn pccard netstack dev/snp/snp.c optional snp dev/sound/clone.c optional sound dev/sound/unit.c optional sound @@ -1982,13 +1982,13 @@ dev/sound/midi/synth_if.m optional sound dev/spibus/spibus.c optional spibus \ dependency "spibus_if.h" dev/spibus/spibus_if.m optional spibus -dev/ste/if_ste.c optional ste pci +dev/ste/if_ste.c optional ste pci netstack dev/stg/tmc18c30.c optional stg dev/stg/tmc18c30_isa.c optional stg isa dev/stg/tmc18c30_pccard.c optional stg pccard dev/stg/tmc18c30_pci.c optional stg pci dev/stg/tmc18c30_subr.c optional stg -dev/stge/if_stge.c optional stge +dev/stge/if_stge.c optional stge netstack dev/streams/streams.c optional streams dev/sym/sym_hipd.c optional sym \ dependency "$S/dev/sym/sym_{conf,defs}.h" @@ -2012,8 +2012,8 @@ dev/syscons/sysmouse.c optional sc dev/syscons/warp/warp_saver.c optional warp_saver dev/tdfx/tdfx_linux.c optional tdfx_linux tdfx compat_linux dev/tdfx/tdfx_pci.c optional tdfx pci -dev/ti/if_ti.c optional ti pci -dev/tl/if_tl.c optional tl pci +dev/ti/if_ti.c optional ti pci netstack +dev/tl/if_tl.c optional tl pci netstack dev/trm/trm.c optional trm dev/twa/tw_cl_init.c optional twa \ compile-with "${NORMAL_C} -I$S/dev/twa" @@ -2034,8 +2034,8 @@ dev/tws/tws_cam.c optional tws dev/tws/tws_hdm.c optional tws dev/tws/tws_services.c optional tws dev/tws/tws_user.c optional tws -dev/tx/if_tx.c optional tx -dev/txp/if_txp.c optional txp +dev/tx/if_tx.c optional tx netstack +dev/txp/if_txp.c optional txp inet netstack dev/uart/uart_bus_acpi.c optional uart acpi #dev/uart/uart_bus_cbus.c optional uart cbus dev/uart/uart_bus_ebus.c optional uart ebus @@ -2102,7 +2102,7 @@ dev/usb/usb_lookup.c optional usb dev/usb/usb_mbuf.c optional usb dev/usb/usb_msctest.c optional usb dev/usb/usb_parse.c optional usb -dev/usb/usb_pf.c optional usb +dev/usb/usb_pf.c optional usb netstack dev/usb/usb_process.c optional usb dev/usb/usb_request.c optional usb dev/usb/usb_transfer.c optional usb @@ -2110,25 +2110,25 @@ dev/usb/usb_util.c optional usb # # USB network drivers # -dev/usb/net/if_aue.c optional aue -dev/usb/net/if_axe.c optional axe -dev/usb/net/if_cdce.c optional cdce -dev/usb/net/if_cue.c optional cue -dev/usb/net/if_ipheth.c optional ipheth -dev/usb/net/if_kue.c optional kue -dev/usb/net/if_mos.c optional mos -dev/usb/net/if_rue.c optional rue -dev/usb/net/if_udav.c optional udav -dev/usb/net/if_usie.c optional usie -dev/usb/net/ruephy.c optional rue -dev/usb/net/usb_ethernet.c optional aue | axe | cdce | cue | kue | mos | \ - rue | udav -dev/usb/net/uhso.c optional uhso +dev/usb/net/if_aue.c optional aue netstack +dev/usb/net/if_axe.c optional axe netstack +dev/usb/net/if_cdce.c optional cdce netstack +dev/usb/net/if_cue.c optional cue netstack +dev/usb/net/if_ipheth.c optional ipheth netstack +dev/usb/net/if_kue.c optional kue netstack +dev/usb/net/if_mos.c optional mos netstack +dev/usb/net/if_rue.c optional rue netstack +dev/usb/net/if_udav.c optional udav netstack +dev/usb/net/if_usie.c optional usie netstack +dev/usb/net/ruephy.c optional rue netstack +dev/usb/net/usb_ethernet.c optional aue netstack | axe netstack | cdce netstack | cue netstack | kue netstack | mos netstack | \ + rue netstack | udav netstack +dev/usb/net/uhso.c optional uhso netstack # # USB WLAN drivers # -dev/usb/wlan/if_rum.c optional rum -dev/usb/wlan/if_run.c optional run +dev/usb/wlan/if_rum.c optional rum netstack +dev/usb/wlan/if_run.c optional run netstack runfw.c optional runfw \ compile-with "${AWK} -f $S/tools/fw_stub.awk runfw:runfw -mrunfw -c${.TARGET}" \ no-implicit-rule before-depend local \ @@ -2143,15 +2143,15 @@ runfw optional runfw \ compile-with "uudecode -o ${.TARGET} $S/contrib/dev/run/rt2870.fw.uu" \ no-obj no-implicit-rule \ clean "runfw" -dev/usb/wlan/if_uath.c optional uath -dev/usb/wlan/if_upgt.c optional upgt -dev/usb/wlan/if_ural.c optional ural -dev/usb/wlan/if_urtw.c optional urtw -dev/usb/wlan/if_zyd.c optional zyd +dev/usb/wlan/if_uath.c optional uath netstack +dev/usb/wlan/if_upgt.c optional upgt netstack +dev/usb/wlan/if_ural.c optional ural netstack +dev/usb/wlan/if_urtw.c optional urtw netstack +dev/usb/wlan/if_zyd.c optional zyd netstack # # USB serial and parallel port drivers # -dev/usb/serial/u3g.c optional u3g +dev/usb/serial/u3g.c optional u3g netstack dev/usb/serial/uark.c optional uark dev/usb/serial/ubsa.c optional ubsa dev/usb/serial/ubser.c optional ubser @@ -2209,7 +2209,7 @@ dev/usb/template/usb_template_mtp.c optional usb_t dev/utopia/idtphy.c optional utopia dev/utopia/suni.c optional utopia dev/utopia/utopia.c optional utopia -dev/vge/if_vge.c optional vge +dev/vge/if_vge.c optional vge netstack # # virtio support # @@ -2221,11 +2221,11 @@ dev/virtio/virtio_bus_if.m optional vtnet dev/virtio/virtio_if.m optional vtnet dev/vkbd/vkbd.c optional vkbd -dev/vr/if_vr.c optional vr pci -dev/vte/if_vte.c optional vte pci -dev/vx/if_vx.c optional vx -dev/vx/if_vx_eisa.c optional vx eisa -dev/vx/if_vx_pci.c optional vx pci +dev/vr/if_vr.c optional vr pci netstack +dev/vte/if_vte.c optional vte pci netstack +dev/vx/if_vx.c optional vx netstack +dev/vx/if_vx_eisa.c optional vx eisa netstack +dev/vx/if_vx_pci.c optional vx pci netstack dev/vxge/vxge.c optional vxge dev/vxge/vxgehal/vxgehal-ifmsg.c optional vxge dev/vxge/vxgehal/vxgehal-mrpcim.c optional vxge @@ -2245,13 +2245,13 @@ dev/vxge/vxgehal/vxgehal-virtualpath.c optional vx dev/vxge/vxgehal/vxgehal-channel.c optional vxge dev/vxge/vxgehal/vxgehal-fifo.c optional vxge dev/watchdog/watchdog.c standard -dev/wb/if_wb.c optional wb pci +dev/wb/if_wb.c optional wb pci netstack dev/wds/wd7000.c optional wds isa -dev/wi/if_wi.c optional wi -dev/wi/if_wi_pccard.c optional wi pccard -dev/wi/if_wi_pci.c optional wi pci +dev/wi/if_wi.c optional wi netstack +dev/wi/if_wi_pccard.c optional wi pccard netstack +dev/wi/if_wi_pci.c optional wi pci netstack dev/wl/if_wl.c optional wl isa -dev/wpi/if_wpi.c optional wpi pci +dev/wpi/if_wpi.c optional wpi pci netstack wpifw.c optional wpifw \ compile-with "${AWK} -f $S/tools/fw_stub.awk wpi.fw:wpifw:153229 -mwpi -c${.TARGET}" \ no-implicit-rule before-depend local \ @@ -2266,10 +2266,10 @@ wpi.fw optional wpifw \ compile-with "uudecode -o ${.TARGET} $S/contrib/dev/wpi/iwlwifi-3945-15.32.2.9.fw.uu" \ no-obj no-implicit-rule \ clean "wpi.fw" -dev/xe/if_xe.c optional xe -dev/xe/if_xe_pccard.c optional xe pccard -dev/xl/if_xl.c optional xl pci -dev/xl/xlphy.c optional xl pci +dev/xe/if_xe.c optional xe netstack +dev/xe/if_xe_pccard.c optional xe pccard netstack +dev/xl/if_xl.c optional xl pci netstack +dev/xl/xlphy.c optional xl pci netstack fs/coda/coda_fbsd.c optional vcoda fs/coda/coda_psdev.c optional vcoda fs/coda/coda_subr.c optional vcoda @@ -2312,28 +2312,28 @@ fs/nandfs/nandfs_subr.c optional nandfs fs/nandfs/nandfs_sufile.c optional nandfs fs/nandfs/nandfs_vfsops.c optional nandfs fs/nandfs/nandfs_vnops.c optional nandfs -fs/nfs/nfs_commonkrpc.c optional nfscl | nfsd -fs/nfs/nfs_commonsubs.c optional nfscl | nfsd -fs/nfs/nfs_commonport.c optional nfscl | nfsd -fs/nfs/nfs_commonacl.c optional nfscl | nfsd -fs/nfsclient/nfs_clcomsubs.c optional nfscl -fs/nfsclient/nfs_clsubs.c optional nfscl -fs/nfsclient/nfs_clstate.c optional nfscl -fs/nfsclient/nfs_clkrpc.c optional nfscl -fs/nfsclient/nfs_clrpcops.c optional nfscl -fs/nfsclient/nfs_clvnops.c optional nfscl -fs/nfsclient/nfs_clnode.c optional nfscl -fs/nfsclient/nfs_clvfsops.c optional nfscl -fs/nfsclient/nfs_clport.c optional nfscl -fs/nfsclient/nfs_clbio.c optional nfscl -fs/nfsclient/nfs_clnfsiod.c optional nfscl -fs/nfsserver/nfs_nfsdsocket.c optional nfsd inet -fs/nfsserver/nfs_nfsdsubs.c optional nfsd inet -fs/nfsserver/nfs_nfsdstate.c optional nfsd inet -fs/nfsserver/nfs_nfsdkrpc.c optional nfsd inet -fs/nfsserver/nfs_nfsdserv.c optional nfsd inet -fs/nfsserver/nfs_nfsdport.c optional nfsd inet -fs/nfsserver/nfs_nfsdcache.c optional nfsd inet +fs/nfs/nfs_commonkrpc.c optional nfscl netstack | nfsd netstack +fs/nfs/nfs_commonsubs.c optional nfscl netstack | nfsd netstack +fs/nfs/nfs_commonport.c optional nfscl netstack | nfsd netstack +fs/nfs/nfs_commonacl.c optional nfscl netstack | nfsd netstack +fs/nfsclient/nfs_clcomsubs.c optional nfscl netstack +fs/nfsclient/nfs_clsubs.c optional nfscl netstack +fs/nfsclient/nfs_clstate.c optional nfscl netstack +fs/nfsclient/nfs_clkrpc.c optional nfscl netstack +fs/nfsclient/nfs_clrpcops.c optional nfscl netstack +fs/nfsclient/nfs_clvnops.c optional nfscl netstack +fs/nfsclient/nfs_clnode.c optional nfscl netstack +fs/nfsclient/nfs_clvfsops.c optional nfscl netstack +fs/nfsclient/nfs_clport.c optional nfscl netstack +fs/nfsclient/nfs_clbio.c optional nfscl netstack +fs/nfsclient/nfs_clnfsiod.c optional nfscl netstack +fs/nfsserver/nfs_nfsdsocket.c optional nfsd inet netstack +fs/nfsserver/nfs_nfsdsubs.c optional nfsd inet netstack +fs/nfsserver/nfs_nfsdstate.c optional nfsd inet netstack +fs/nfsserver/nfs_nfsdkrpc.c optional nfsd inet netstack +fs/nfsserver/nfs_nfsdserv.c optional nfsd inet netstack +fs/nfsserver/nfs_nfsdport.c optional nfsd inet netstack +fs/nfsserver/nfs_nfsdcache.c optional nfsd inet netstack fs/ntfs/ntfs_compr.c optional ntfs fs/ntfs/ntfs_iconv.c optional ntfs_iconv fs/ntfs/ntfs_ihash.c optional ntfs @@ -2575,6 +2575,7 @@ kern/kern_mib.c standard kern/kern_module.c standard kern/kern_mtxpool.c standard kern/kern_mutex.c standard +kern/kern_netstack.c standard kern/kern_ntptime.c standard kern/kern_osd.c standard kern/kern_physio.c standard @@ -2611,6 +2612,7 @@ kern/link_elf.c standard kern/linker_if.m standard kern/md4c.c optional netsmb kern/md5c.c standard +kern/netstack_if.m standard kern/p1003_1b.c standard kern/posix4_mib.c standard kern/sched_4bsd.c optional sched_4bsd @@ -2678,7 +2680,7 @@ kern/tty_outq.c standard kern/tty_pts.c standard kern/tty_tty.c standard kern/tty_ttydisc.c standard -kern/uipc_accf.c optional inet +kern/uipc_accf.c standard kern/uipc_cow.c optional zero_copy_sockets kern/uipc_debug.c optional ddb kern/uipc_domain.c standard @@ -2807,370 +2809,376 @@ libkern/strtoq.c standard libkern/strtoul.c standard libkern/strtouq.c standard libkern/strvalid.c standard -net/bpf.c standard -net/bpf_buffer.c optional bpf -net/bpf_jitter.c optional bpf_jitter -net/bpf_filter.c optional bpf | netgraph_bpf -net/bpf_zerocopy.c optional bpf -net/bridgestp.c optional bridge | if_bridge -net/flowtable.c optional flowtable inet | flowtable inet6 -net/ieee8023ad_lacp.c optional lagg -net/if.c standard -net/if_arcsubr.c optional arcnet -net/if_atmsubr.c optional atm -net/if_bridge.c optional bridge inet | if_bridge inet -net/if_clone.c standard -net/if_dead.c standard -net/if_debug.c optional ddb -net/if_disc.c optional disc -net/if_edsc.c optional edsc -net/if_ef.c optional ef -net/if_enc.c optional enc ipsec inet | enc ipsec inet6 -net/if_epair.c optional epair -net/if_ethersubr.c optional ether \ +net/bpf.c optional netstack +net/bpf_buffer.c optional bpf netstack +net/bpf_jitter.c optional bpf_jitter netstack +net/bpf_filter.c optional bpf netstack | netgraph_bpf netstack +net/bpf_zerocopy.c optional bpf netstack +net/bridgestp.c optional bridge netstack | if_bridge netstack +net/flowtable.c optional flowtable inet netstack | flowtable inet6 netstack +net/ieee8023ad_lacp.c optional lagg netstack +net/if.c optional netstack +net/if_arcsubr.c optional arcnet netstack +net/if_atmsubr.c optional atm netstack +net/if_bridge.c optional bridge inet netstack | if_bridge inet netstack +net/if_clone.c optional netstack +net/if_dead.c optional netstack +net/if_debug.c optional ddb netstack +net/if_disc.c optional disc netstack +net/if_edsc.c optional edsc netstack +net/if_ef.c optional ef netstack +net/if_enc.c optional enc ipsec inet netstack | enc ipsec inet6 netstack +net/if_epair.c optional epair netstack +net/if_ethersubr.c optional ether netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -net/if_faith.c optional faith -net/if_fddisubr.c optional fddi -net/if_fwsubr.c optional fwip -net/if_gif.c optional gif | netgraph_gif -net/if_gre.c optional gre inet -net/if_iso88025subr.c optional token -net/if_lagg.c optional lagg -net/if_loop.c optional loop -net/if_llatbl.c standard -net/if_media.c standard -net/if_mib.c standard -net/if_spppfr.c optional sppp | netgraph_sppp -net/if_spppsubr.c optional sppp | netgraph_sppp -net/if_stf.c optional stf inet inet6 -net/if_tun.c optional tun -net/if_tap.c optional tap -net/if_vlan.c optional vlan -net/mppcc.c optional netgraph_mppc_compression -net/mppcd.c optional netgraph_mppc_compression -net/netisr.c standard -net/pfil.c optional ether | inet -net/radix.c standard -net/radix_mpath.c standard -net/raw_cb.c standard -net/raw_usrreq.c standard -net/route.c standard -net/rtsock.c standard -net/slcompress.c optional netgraph_vjc | sppp | \ - netgraph_sppp -net/vnet.c optional vimage -net/zlib.c optional crypto | geom_uzip | ipsec | \ - mxge | netgraph_deflate | \ +net/if_faith.c optional faith netstack +net/if_fddisubr.c optional fddi netstack +net/if_fwsubr.c optional fwip netstack +net/if_gif.c optional gif netstack | netgraph_gif netstack +net/if_gre.c optional gre inet netstack +net/if_iso88025subr.c optional token netstack +net/if_lagg.c optional lagg netstack +net/if_loop.c optional loop netstack +net/if_llatbl.c optional netstack +net/if_media.c optional netstack +net/if_mib.c optional netstack +net/if_spppfr.c optional sppp netstack | netgraph_sppp netstack +net/if_spppsubr.c optional sppp netstack | netgraph_sppp netstack +net/if_stf.c optional stf inet inet6 netstack +net/if_tun.c optional tun netstack +net/if_tap.c optional tap netstack +net/if_vlan.c optional vlan netstack +net/mppcc.c optional netgraph_mppc_compression netstack +net/mppcd.c optional netgraph_mppc_compression netstack +net/netisr.c optional netstack +net/netstack.c optional netstack +net/netuuid.c optional netstack +net/pfil.c optional ether netstack | inet netstack +net/radix.c optional netstack +net/radix_mpath.c optional netstack +net/raw_cb.c optional netstack +net/raw_usrreq.c optional netstack +net/route.c optional netstack +net/rtsock.c optional netstack +net/slcompress.c optional netgraph_vjc netstack | sppp netstack | \ + netgraph_sppp netstack +net/vnet.c optional vimage netstack +net/zlib.c optional crypto | geom_uzip | ipsec netstack | \ + mxge netstack | netgraph_deflate netstack | \ ddb_ctf | gzio | geom_uncompress -net80211/ieee80211.c optional wlan -net80211/ieee80211_acl.c optional wlan wlan_acl -net80211/ieee80211_action.c optional wlan -net80211/ieee80211_ageq.c optional wlan -net80211/ieee80211_adhoc.c optional wlan -net80211/ieee80211_ageq.c optional wlan -net80211/ieee80211_amrr.c optional wlan | wlan_amrr -net80211/ieee80211_crypto.c optional wlan -net80211/ieee80211_crypto_ccmp.c optional wlan wlan_ccmp -net80211/ieee80211_crypto_none.c optional wlan -net80211/ieee80211_crypto_tkip.c optional wlan wlan_tkip -net80211/ieee80211_crypto_wep.c optional wlan wlan_wep -net80211/ieee80211_ddb.c optional wlan ddb -net80211/ieee80211_dfs.c optional wlan -net80211/ieee80211_freebsd.c optional wlan -net80211/ieee80211_hostap.c optional wlan -net80211/ieee80211_ht.c optional wlan -net80211/ieee80211_hwmp.c optional wlan ieee80211_support_mesh -net80211/ieee80211_input.c optional wlan -net80211/ieee80211_ioctl.c optional wlan -net80211/ieee80211_mesh.c optional wlan ieee80211_support_mesh -net80211/ieee80211_monitor.c optional wlan -net80211/ieee80211_node.c optional wlan -net80211/ieee80211_output.c optional wlan -net80211/ieee80211_phy.c optional wlan -net80211/ieee80211_power.c optional wlan -net80211/ieee80211_proto.c optional wlan -net80211/ieee80211_radiotap.c optional wlan -net80211/ieee80211_ratectl.c optional wlan -net80211/ieee80211_ratectl_none.c optional wlan -net80211/ieee80211_regdomain.c optional wlan -net80211/ieee80211_rssadapt.c optional wlan wlan_rssadapt -net80211/ieee80211_scan.c optional wlan -net80211/ieee80211_scan_sta.c optional wlan -net80211/ieee80211_sta.c optional wlan -net80211/ieee80211_superg.c optional wlan ieee80211_support_superg -net80211/ieee80211_tdma.c optional wlan ieee80211_support_tdma -net80211/ieee80211_wds.c optional wlan -net80211/ieee80211_xauth.c optional wlan wlan_xauth -net80211/ieee80211_alq.c optional wlan ieee80211_alq -netatalk/aarp.c optional netatalk -netatalk/at_control.c optional netatalk -netatalk/at_proto.c optional netatalk -netatalk/at_rmx.c optional netatalk -netatalk/ddp_input.c optional netatalk -netatalk/ddp_output.c optional netatalk -netatalk/ddp_pcb.c optional netatalk -netatalk/ddp_usrreq.c optional netatalk -netgraph/atm/ccatm/ng_ccatm.c optional ngatm_ccatm \ +net80211/ieee80211.c optional wlan netstack +net80211/ieee80211_acl.c optional wlan wlan_acl netstack +net80211/ieee80211_action.c optional wlan netstack +net80211/ieee80211_ageq.c optional wlan netstack +net80211/ieee80211_adhoc.c optional wlan netstack +net80211/ieee80211_ageq.c optional wlan netstack +net80211/ieee80211_amrr.c optional wlan netstack | wlan_amrr netstack +net80211/ieee80211_crypto.c optional wlan netstack +net80211/ieee80211_crypto_ccmp.c optional wlan wlan_ccmp netstack +net80211/ieee80211_crypto_none.c optional wlan netstack +net80211/ieee80211_crypto_tkip.c optional wlan wlan_tkip netstack +net80211/ieee80211_crypto_wep.c optional wlan wlan_wep netstack +net80211/ieee80211_ddb.c optional wlan ddb netstack +net80211/ieee80211_dfs.c optional wlan netstack +net80211/ieee80211_freebsd.c optional wlan netstack +net80211/ieee80211_hostap.c optional wlan netstack +net80211/ieee80211_ht.c optional wlan netstack +net80211/ieee80211_hwmp.c optional wlan ieee80211_support_mesh netstack +net80211/ieee80211_input.c optional wlan netstack +net80211/ieee80211_ioctl.c optional wlan netstack +net80211/ieee80211_mesh.c optional wlan ieee80211_support_mesh netstack +net80211/ieee80211_monitor.c optional wlan netstack +net80211/ieee80211_node.c optional wlan netstack +net80211/ieee80211_output.c optional wlan netstack +net80211/ieee80211_phy.c optional wlan netstack +net80211/ieee80211_power.c optional wlan netstack +net80211/ieee80211_proto.c optional wlan netstack +net80211/ieee80211_radiotap.c optional wlan netstack +net80211/ieee80211_ratectl.c optional wlan netstack +net80211/ieee80211_ratectl_none.c optional wlan netstack +net80211/ieee80211_regdomain.c optional wlan netstack +net80211/ieee80211_rssadapt.c optional wlan wlan_rssadapt netstack +net80211/ieee80211_scan.c optional wlan netstack +net80211/ieee80211_scan_sta.c optional wlan netstack +net80211/ieee80211_sta.c optional wlan netstack +net80211/ieee80211_superg.c optional wlan ieee80211_support_superg netstack +net80211/ieee80211_tdma.c optional wlan ieee80211_support_tdma netstack +net80211/ieee80211_wds.c optional wlan netstack +net80211/ieee80211_xauth.c optional wlan wlan_xauth netstack +net80211/ieee80211_alq.c optional wlan ieee80211_alq netstack +netatalk/aarp.c optional netatalk netstack +netatalk/at_control.c optional netatalk netstack +netatalk/at_proto.c optional netatalk netstack +netatalk/at_rmx.c optional netatalk netstack +netatalk/ddp_input.c optional netatalk netstack +netatalk/ddp_output.c optional netatalk netstack +netatalk/ddp_pcb.c optional netatalk netstack +netatalk/ddp_usrreq.c optional netatalk netstack +netgraph/atm/ccatm/ng_ccatm.c optional ngatm_ccatm netstack \ compile-with "${NORMAL_C} -I$S/contrib/ngatm" -netgraph/atm/ng_atm.c optional ngatm_atm -netgraph/atm/ngatmbase.c optional ngatm_atmbase \ +netgraph/atm/ng_atm.c optional ngatm_atm netstack +netgraph/atm/ngatmbase.c optional ngatm_atmbase netstack \ compile-with "${NORMAL_C} -I$S/contrib/ngatm" -netgraph/atm/sscfu/ng_sscfu.c optional ngatm_sscfu \ +netgraph/atm/sscfu/ng_sscfu.c optional ngatm_sscfu netstack \ compile-with "${NORMAL_C} -I$S/contrib/ngatm" -netgraph/atm/sscop/ng_sscop.c optional ngatm_sscop \ +netgraph/atm/sscop/ng_sscop.c optional ngatm_sscop netstack \ compile-with "${NORMAL_C} -I$S/contrib/ngatm" -netgraph/atm/uni/ng_uni.c optional ngatm_uni \ +netgraph/atm/uni/ng_uni.c optional ngatm_uni netstack \ compile-with "${NORMAL_C} -I$S/contrib/ngatm" -netgraph/bluetooth/common/ng_bluetooth.c optional netgraph_bluetooth -netgraph/bluetooth/drivers/bt3c/ng_bt3c_pccard.c optional netgraph_bluetooth_bt3c -netgraph/bluetooth/drivers/h4/ng_h4.c optional netgraph_bluetooth_h4 -netgraph/bluetooth/drivers/ubt/ng_ubt.c optional netgraph_bluetooth_ubt usb -netgraph/bluetooth/drivers/ubtbcmfw/ubtbcmfw.c optional netgraph_bluetooth_ubtbcmfw usb -netgraph/bluetooth/hci/ng_hci_cmds.c optional netgraph_bluetooth_hci -netgraph/bluetooth/hci/ng_hci_evnt.c optional netgraph_bluetooth_hci -netgraph/bluetooth/hci/ng_hci_main.c optional netgraph_bluetooth_hci -netgraph/bluetooth/hci/ng_hci_misc.c optional netgraph_bluetooth_hci -netgraph/bluetooth/hci/ng_hci_ulpi.c optional netgraph_bluetooth_hci -netgraph/bluetooth/l2cap/ng_l2cap_cmds.c optional netgraph_bluetooth_l2cap -netgraph/bluetooth/l2cap/ng_l2cap_evnt.c optional netgraph_bluetooth_l2cap -netgraph/bluetooth/l2cap/ng_l2cap_llpi.c optional netgraph_bluetooth_l2cap -netgraph/bluetooth/l2cap/ng_l2cap_main.c optional netgraph_bluetooth_l2cap -netgraph/bluetooth/l2cap/ng_l2cap_misc.c optional netgraph_bluetooth_l2cap -netgraph/bluetooth/l2cap/ng_l2cap_ulpi.c optional netgraph_bluetooth_l2cap -netgraph/bluetooth/socket/ng_btsocket.c optional netgraph_bluetooth_socket -netgraph/bluetooth/socket/ng_btsocket_hci_raw.c optional netgraph_bluetooth_socket -netgraph/bluetooth/socket/ng_btsocket_l2cap.c optional netgraph_bluetooth_socket -netgraph/bluetooth/socket/ng_btsocket_l2cap_raw.c optional netgraph_bluetooth_socket -netgraph/bluetooth/socket/ng_btsocket_rfcomm.c optional netgraph_bluetooth_socket -netgraph/bluetooth/socket/ng_btsocket_sco.c optional netgraph_bluetooth_socket -netgraph/netflow/netflow.c optional netgraph_netflow -netgraph/netflow/netflow_v9.c optional netgraph_netflow -netgraph/netflow/ng_netflow.c optional netgraph_netflow -netgraph/ng_UI.c optional netgraph_UI -netgraph/ng_async.c optional netgraph_async -netgraph/ng_atmllc.c optional netgraph_atmllc -netgraph/ng_base.c optional netgraph -netgraph/ng_bpf.c optional netgraph_bpf -netgraph/ng_bridge.c optional netgraph_bridge -netgraph/ng_car.c optional netgraph_car -netgraph/ng_cisco.c optional netgraph_cisco -netgraph/ng_deflate.c optional netgraph_deflate -netgraph/ng_device.c optional netgraph_device -netgraph/ng_echo.c optional netgraph_echo -netgraph/ng_eiface.c optional netgraph_eiface -netgraph/ng_ether.c optional netgraph_ether -netgraph/ng_ether_echo.c optional netgraph_ether_echo -netgraph/ng_fec.c optional netgraph_fec -netgraph/ng_frame_relay.c optional netgraph_frame_relay -netgraph/ng_gif.c optional netgraph_gif -netgraph/ng_gif_demux.c optional netgraph_gif_demux -netgraph/ng_hole.c optional netgraph_hole -netgraph/ng_iface.c optional netgraph_iface -netgraph/ng_ip_input.c optional netgraph_ip_input -netgraph/ng_ipfw.c optional netgraph_ipfw inet ipfirewall -netgraph/ng_ksocket.c optional netgraph_ksocket -netgraph/ng_l2tp.c optional netgraph_l2tp -netgraph/ng_lmi.c optional netgraph_lmi -netgraph/ng_mppc.c optional netgraph_mppc_compression | \ - netgraph_mppc_encryption -netgraph/ng_nat.c optional netgraph_nat inet libalias -netgraph/ng_one2many.c optional netgraph_one2many -netgraph/ng_parse.c optional netgraph -netgraph/ng_patch.c optional netgraph_patch -netgraph/ng_pipe.c optional netgraph_pipe -netgraph/ng_ppp.c optional netgraph_ppp -netgraph/ng_pppoe.c optional netgraph_pppoe -netgraph/ng_pptpgre.c optional netgraph_pptpgre -netgraph/ng_pred1.c optional netgraph_pred1 -netgraph/ng_rfc1490.c optional netgraph_rfc1490 -netgraph/ng_socket.c optional netgraph_socket -netgraph/ng_split.c optional netgraph_split -netgraph/ng_sppp.c optional netgraph_sppp -netgraph/ng_tag.c optional netgraph_tag -netgraph/ng_tcpmss.c optional netgraph_tcpmss -netgraph/ng_tee.c optional netgraph_tee -netgraph/ng_tty.c optional netgraph_tty -netgraph/ng_vjc.c optional netgraph_vjc -netgraph/ng_vlan.c optional netgraph_vlan -netinet/accf_data.c optional accept_filter_data inet -netinet/accf_dns.c optional accept_filter_dns inet -netinet/accf_http.c optional accept_filter_http inet -netinet/if_atm.c optional atm -netinet/if_ether.c optional inet ether -netinet/igmp.c optional inet -netinet/in.c optional inet -netinet/in_debug.c optional inet ddb -netinet/ip_carp.c optional inet carp | inet6 carp -netinet/in_gif.c optional gif inet | netgraph_gif inet -netinet/ip_gre.c optional gre inet -netinet/ip_id.c optional inet -netinet/in_mcast.c optional inet -netinet/in_pcb.c optional inet | inet6 -netinet/in_pcbgroup.c optional inet pcbgroup | inet6 pcbgroup -netinet/in_proto.c optional inet | inet6 \ +netgraph/bluetooth/common/ng_bluetooth.c optional netgraph_bluetooth netstack +netgraph/bluetooth/drivers/bt3c/ng_bt3c_pccard.c optional netgraph_bluetooth_bt3c netstack +netgraph/bluetooth/drivers/h4/ng_h4.c optional netgraph_bluetooth_h4 netstack +netgraph/bluetooth/drivers/ubt/ng_ubt.c optional netgraph_bluetooth_ubt usb netstack +netgraph/bluetooth/drivers/ubtbcmfw/ubtbcmfw.c optional netgraph_bluetooth_ubtbcmfw usb netstack +netgraph/bluetooth/hci/ng_hci_cmds.c optional netgraph_bluetooth_hci netstack +netgraph/bluetooth/hci/ng_hci_evnt.c optional netgraph_bluetooth_hci netstack +netgraph/bluetooth/hci/ng_hci_main.c optional netgraph_bluetooth_hci netstack +netgraph/bluetooth/hci/ng_hci_misc.c optional netgraph_bluetooth_hci netstack +netgraph/bluetooth/hci/ng_hci_ulpi.c optional netgraph_bluetooth_hci netstack +netgraph/bluetooth/l2cap/ng_l2cap_cmds.c optional netgraph_bluetooth_l2cap netstack +netgraph/bluetooth/l2cap/ng_l2cap_evnt.c optional netgraph_bluetooth_l2cap netstack +netgraph/bluetooth/l2cap/ng_l2cap_llpi.c optional netgraph_bluetooth_l2cap netstack +netgraph/bluetooth/l2cap/ng_l2cap_main.c optional netgraph_bluetooth_l2cap netstack +netgraph/bluetooth/l2cap/ng_l2cap_misc.c optional netgraph_bluetooth_l2cap netstack +netgraph/bluetooth/l2cap/ng_l2cap_ulpi.c optional netgraph_bluetooth_l2cap netstack +netgraph/bluetooth/socket/ng_btsocket.c optional netgraph_bluetooth_socket netstack +netgraph/bluetooth/socket/ng_btsocket_hci_raw.c optional netgraph_bluetooth_socket netstack +netgraph/bluetooth/socket/ng_btsocket_l2cap.c optional netgraph_bluetooth_socket netstack +netgraph/bluetooth/socket/ng_btsocket_l2cap_raw.c optional netgraph_bluetooth_socket netstack +netgraph/bluetooth/socket/ng_btsocket_rfcomm.c optional netgraph_bluetooth_socket netstack +netgraph/bluetooth/socket/ng_btsocket_sco.c optional netgraph_bluetooth_socket netstack +netgraph/netflow/netflow.c optional netgraph_netflow netstack +netgraph/netflow/netflow_v9.c optional netgraph_netflow netstack +netgraph/netflow/ng_netflow.c optional netgraph_netflow netstack +netgraph/ng_UI.c optional netgraph_UI netstack +netgraph/ng_async.c optional netgraph_async netstack +netgraph/ng_atmllc.c optional netgraph_atmllc netstack +netgraph/ng_base.c optional netgraph netstack +netgraph/ng_bpf.c optional netgraph_bpf netstack +netgraph/ng_bridge.c optional netgraph_bridge netstack +netgraph/ng_car.c optional netgraph_car netstack +netgraph/ng_cisco.c optional netgraph_cisco netstack +netgraph/ng_deflate.c optional netgraph_deflate netstack +netgraph/ng_device.c optional netgraph_device netstack +netgraph/ng_echo.c optional netgraph_echo netstack +netgraph/ng_eiface.c optional netgraph_eiface netstack +netgraph/ng_ether.c optional netgraph_ether netstack +netgraph/ng_ether_echo.c optional netgraph_ether_echo netstack +netgraph/ng_fec.c optional netgraph_fec netstack +netgraph/ng_frame_relay.c optional netgraph_frame_relay netstack +netgraph/ng_gif.c optional netgraph_gif netstack +netgraph/ng_gif_demux.c optional netgraph_gif_demux netstack +netgraph/ng_hole.c optional netgraph_hole netstack +netgraph/ng_iface.c optional netgraph_iface netstack +netgraph/ng_ip_input.c optional netgraph_ip_input netstack +netgraph/ng_ipfw.c optional netgraph_ipfw inet ipfirewall netstack +netgraph/ng_ksocket.c optional netgraph_ksocket netstack +netgraph/ng_l2tp.c optional netgraph_l2tp netstack +netgraph/ng_lmi.c optional netgraph_lmi netstack +netgraph/ng_mppc.c optional netgraph_mppc_compression netstack | \ + netgraph_mppc_encryption netstack +netgraph/ng_nat.c optional netgraph_nat inet libalias netstack +netgraph/ng_one2many.c optional netgraph_one2many netstack +netgraph/ng_parse.c optional netgraph netstack +netgraph/ng_patch.c optional netgraph_patch netstack +netgraph/ng_pipe.c optional netgraph_pipe netstack +netgraph/ng_ppp.c optional netgraph_ppp netstack +netgraph/ng_pppoe.c optional netgraph_pppoe netstack +netgraph/ng_pptpgre.c optional netgraph_pptpgre netstack +netgraph/ng_pred1.c optional netgraph_pred1 netstack +netgraph/ng_rfc1490.c optional netgraph_rfc1490 netstack +netgraph/ng_socket.c optional netgraph_socket netstack +netgraph/ng_split.c optional netgraph_split netstack +netgraph/ng_sppp.c optional netgraph_sppp netstack +netgraph/ng_tag.c optional netgraph_tag netstack +netgraph/ng_tcpmss.c optional netgraph_tcpmss netstack +netgraph/ng_tee.c optional netgraph_tee netstack +netgraph/ng_tty.c optional netgraph_tty netstack +netgraph/ng_vjc.c optional netgraph_vjc netstack +netgraph/ng_vlan.c optional netgraph_vlan netstack +netinet/accf_data.c optional accept_filter_data inet netstack +netinet/accf_dns.c optional accept_filter_dns inet netstack +netinet/accf_http.c optional accept_filter_http inet netstack +netinet/if_atm.c optional atm netstack +netinet/if_ether.c optional inet ether netstack +netinet/igmp.c optional inet netstack +netinet/in.c optional inet netstack +netinet/in_debug.c optional inet ddb netstack +netinet/ip_carp.c optional inet carp netstack | inet6 carp netstack +netinet/in_gif.c optional gif inet netstack | netgraph_gif inet netstack +netinet/ip_gre.c optional gre inet netstack +netinet/ip_id.c optional inet netstack +netinet/in_jail.c optional inet netstack +netinet/in_mcast.c optional inet netstack +netinet/in_pcb.c optional inet netstack | inet6 netstack +netinet/in_pcbgroup.c optional inet pcbgroup netstack | inet6 pcbgroup netstack +netinet/in_prot.c optional inet netstack | inet6 netstack +netinet/in_proto.c optional inet netstack | inet6 netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -netinet/in_rmx.c optional inet -netinet/ip_divert.c optional inet ipdivert ipfirewall -netinet/ipfw/dn_heap.c optional inet dummynet -netinet/ipfw/dn_sched_fifo.c optional inet dummynet -netinet/ipfw/dn_sched_prio.c optional inet dummynet -netinet/ipfw/dn_sched_qfq.c optional inet dummynet -netinet/ipfw/dn_sched_rr.c optional inet dummynet -netinet/ipfw/dn_sched_wf2q.c optional inet dummynet -netinet/ipfw/ip_dummynet.c optional inet dummynet -netinet/ipfw/ip_dn_io.c optional inet dummynet -netinet/ipfw/ip_dn_glue.c optional inet dummynet -netinet/ip_ecn.c optional inet | inet6 -netinet/ip_encap.c optional inet | inet6 -netinet/ip_fastfwd.c optional inet -netinet/ipfw/ip_fw2.c optional inet ipfirewall \ +netinet/in_rmx.c optional inet netstack +netinet/ip_divert.c optional inet ipdivert ipfirewall netstack +netinet/ipfw/dn_heap.c optional inet dummynet netstack +netinet/ipfw/dn_sched_fifo.c optional inet dummynet netstack +netinet/ipfw/dn_sched_prio.c optional inet dummynet netstack +netinet/ipfw/dn_sched_qfq.c optional inet dummynet netstack +netinet/ipfw/dn_sched_rr.c optional inet dummynet netstack +netinet/ipfw/dn_sched_wf2q.c optional inet dummynet netstack +netinet/ipfw/ip_dummynet.c optional inet dummynet netstack +netinet/ipfw/ip_dn_io.c optional inet dummynet netstack +netinet/ipfw/ip_dn_glue.c optional inet dummynet netstack +netinet/ip_ecn.c optional inet netstack | inet6 netstack +netinet/ip_encap.c optional inet netstack | inet6 netstack +netinet/ip_fastfwd.c optional inet netstack +netinet/ipfw/ip_fw2.c optional inet ipfirewall netstack \ compile-with "${NORMAL_C} -I$S/contrib/pf" -netinet/ipfw/ip_fw_dynamic.c optional inet ipfirewall -netinet/ipfw/ip_fw_log.c optional inet ipfirewall -netinet/ipfw/ip_fw_pfil.c optional inet ipfirewall -netinet/ipfw/ip_fw_sockopt.c optional inet ipfirewall -netinet/ipfw/ip_fw_table.c optional inet ipfirewall -netinet/ipfw/ip_fw_nat.c optional inet ipfirewall_nat -netinet/ip_icmp.c optional inet | inet6 -netinet/ip_input.c optional inet -netinet/ip_ipsec.c optional inet ipsec -netinet/ip_mroute.c optional mrouting inet -netinet/ip_options.c optional inet -netinet/ip_output.c optional inet -netinet/raw_ip.c optional inet | inet6 -netinet/cc/cc.c optional inet | inet6 -netinet/cc/cc_newreno.c optional inet | inet6 -netinet/sctp_asconf.c optional inet sctp | inet6 sctp -netinet/sctp_auth.c optional inet sctp | inet6 sctp -netinet/sctp_bsd_addr.c optional inet sctp | inet6 sctp -netinet/sctp_cc_functions.c optional inet sctp | inet6 sctp -netinet/sctp_crc32.c optional inet sctp | inet6 sctp -netinet/sctp_indata.c optional inet sctp | inet6 sctp -netinet/sctp_input.c optional inet sctp | inet6 sctp -netinet/sctp_output.c optional inet sctp | inet6 sctp -netinet/sctp_pcb.c optional inet sctp | inet6 sctp -netinet/sctp_peeloff.c optional inet sctp | inet6 sctp -netinet/sctp_ss_functions.c optional inet sctp | inet6 sctp -netinet/sctp_sysctl.c optional inet sctp | inet6 sctp -netinet/sctp_timer.c optional inet sctp | inet6 sctp -netinet/sctp_usrreq.c optional inet sctp | inet6 sctp -netinet/sctputil.c optional inet sctp | inet6 sctp -netinet/tcp_debug.c optional tcpdebug -netinet/tcp_hostcache.c optional inet | inet6 -netinet/tcp_input.c optional inet | inet6 -netinet/tcp_lro.c optional inet | inet6 -netinet/tcp_output.c optional inet | inet6 -netinet/tcp_offload.c optional tcp_offload inet | tcp_offload inet6 -netinet/tcp_reass.c optional inet | inet6 -netinet/tcp_sack.c optional inet | inet6 -netinet/tcp_subr.c optional inet | inet6 -netinet/tcp_syncache.c optional inet | inet6 -netinet/tcp_timer.c optional inet | inet6 -netinet/tcp_timewait.c optional inet | inet6 -netinet/tcp_usrreq.c optional inet | inet6 -netinet/udp_usrreq.c optional inet | inet6 -netinet/libalias/alias.c optional libalias inet | netgraph_nat inet -netinet/libalias/alias_db.c optional libalias inet | netgraph_nat inet -netinet/libalias/alias_mod.c optional libalias | netgraph_nat -netinet/libalias/alias_proxy.c optional libalias inet | netgraph_nat inet -netinet/libalias/alias_util.c optional libalias inet | netgraph_nat inet -netinet/libalias/alias_sctp.c optional libalias inet | netgraph_nat inet -netinet6/dest6.c optional inet6 -netinet6/frag6.c optional inet6 -netinet6/icmp6.c optional inet6 -netinet6/in6.c optional inet6 -netinet6/in6_cksum.c optional inet6 -netinet6/in6_gif.c optional gif inet6 | netgraph_gif inet6 -netinet6/in6_ifattach.c optional inet6 -netinet6/in6_mcast.c optional inet6 -netinet6/in6_pcb.c optional inet6 -netinet6/in6_pcbgroup.c optional inet6 pcbgroup -netinet6/in6_proto.c optional inet6 -netinet6/in6_rmx.c optional inet6 -netinet6/in6_src.c optional inet6 -netinet6/ip6_forward.c optional inet6 -netinet6/ip6_id.c optional inet6 -netinet6/ip6_input.c optional inet6 -netinet6/ip6_mroute.c optional mrouting inet6 -netinet6/ip6_output.c optional inet6 -netinet6/ip6_ipsec.c optional inet6 ipsec -netinet6/mld6.c optional inet6 -netinet6/nd6.c optional inet6 -netinet6/nd6_nbr.c optional inet6 -netinet6/nd6_rtr.c optional inet6 -netinet6/raw_ip6.c optional inet6 -netinet6/route6.c optional inet6 -netinet6/scope6.c optional inet6 -netinet6/sctp6_usrreq.c optional inet6 sctp -netinet6/udp6_usrreq.c optional inet6 -netipsec/ipsec.c optional ipsec inet | ipsec inet6 -netipsec/ipsec_input.c optional ipsec inet | ipsec inet6 -netipsec/ipsec_mbuf.c optional ipsec inet | ipsec inet6 -netipsec/ipsec_output.c optional ipsec inet | ipsec inet6 -netipsec/key.c optional ipsec inet | ipsec inet6 -netipsec/key_debug.c optional ipsec inet | ipsec inet6 -netipsec/keysock.c optional ipsec inet | ipsec inet6 -netipsec/xform_ah.c optional ipsec inet | ipsec inet6 -netipsec/xform_esp.c optional ipsec inet | ipsec inet6 -netipsec/xform_ipcomp.c optional ipsec inet | ipsec inet6 -netipsec/xform_ipip.c optional ipsec inet | ipsec inet6 -netipsec/xform_tcp.c optional ipsec inet tcp_signature | \ - ipsec inet6 tcp_signature -netipx/ipx.c optional ipx -netipx/ipx_cksum.c optional ipx -netipx/ipx_input.c optional ipx -netipx/ipx_outputfl.c optional ipx -netipx/ipx_pcb.c optional ipx -netipx/ipx_proto.c optional ipx -netipx/ipx_usrreq.c optional ipx -netipx/spx_debug.c optional ipx -netipx/spx_reass.c optional ipx -netipx/spx_usrreq.c optional ipx -netnatm/natm.c optional natm -netnatm/natm_pcb.c optional natm -netnatm/natm_proto.c optional natm -netncp/ncp_conn.c optional ncp -netncp/ncp_crypt.c optional ncp -netncp/ncp_login.c optional ncp -netncp/ncp_mod.c optional ncp -netncp/ncp_ncp.c optional ncp -netncp/ncp_nls.c optional ncp -netncp/ncp_rq.c optional ncp -netncp/ncp_sock.c optional ncp -netncp/ncp_subr.c optional ncp -netsmb/smb_conn.c optional netsmb -netsmb/smb_crypt.c optional netsmb -netsmb/smb_dev.c optional netsmb -netsmb/smb_iod.c optional netsmb -netsmb/smb_rq.c optional netsmb -netsmb/smb_smb.c optional netsmb -netsmb/smb_subr.c optional netsmb -netsmb/smb_trantcp.c optional netsmb -netsmb/smb_usr.c optional netsmb -nfs/bootp_subr.c optional bootp nfsclient | bootp nfscl -nfs/krpc_subr.c optional bootp nfsclient | bootp nfscl -nfs/nfs_common.c optional nfsclient | nfsserver -nfs/nfs_diskless.c optional nfsclient nfs_root | nfscl nfs_root -nfs/nfs_lock.c optional nfsclient | nfscl | nfslockd | nfsd -nfsclient/nfs_bio.c optional nfsclient -nfsclient/nfs_node.c optional nfsclient -nfsclient/nfs_krpc.c optional nfsclient -nfsclient/nfs_subs.c optional nfsclient -nfsclient/nfs_nfsiod.c optional nfsclient -nfsclient/nfs_vfsops.c optional nfsclient -nfsclient/nfs_vnops.c optional nfsclient -nfsserver/nfs_fha.c optional nfsserver -nfsserver/nfs_serv.c optional nfsserver -nfsserver/nfs_srvkrpc.c optional nfsserver -nfsserver/nfs_srvsubs.c optional nfsserver -nfs/nfs_nfssvc.c optional nfsserver | nfscl | nfsd -nlm/nlm_advlock.c optional nfslockd | nfsd -nlm/nlm_prot_clnt.c optional nfslockd | nfsd -nlm/nlm_prot_impl.c optional nfslockd | nfsd -nlm/nlm_prot_server.c optional nfslockd | nfsd -nlm/nlm_prot_svc.c optional nfslockd | nfsd -nlm/nlm_prot_xdr.c optional nfslockd | nfsd -nlm/sm_inter_xdr.c optional nfslockd | nfsd +netinet/ipfw/ip_fw_dynamic.c optional inet ipfirewall netstack +netinet/ipfw/ip_fw_log.c optional inet ipfirewall netstack +netinet/ipfw/ip_fw_pfil.c optional inet ipfirewall netstack +netinet/ipfw/ip_fw_sockopt.c optional inet ipfirewall netstack +netinet/ipfw/ip_fw_table.c optional inet ipfirewall netstack +netinet/ipfw/ip_fw_nat.c optional inet ipfirewall_nat netstack +netinet/ip_icmp.c optional inet netstack | inet6 netstack +netinet/ip_input.c optional inet netstack +netinet/ip_ipsec.c optional inet ipsec netstack +netinet/ip_mroute.c optional mrouting inet netstack +netinet/ip_options.c optional inet netstack +netinet/ip_output.c optional inet netstack +netinet/raw_ip.c optional inet netstack | inet6 netstack +netinet/cc/cc.c optional inet netstack | inet6 netstack +netinet/cc/cc_newreno.c optional inet netstack | inet6 netstack +netinet/sctp_asconf.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_auth.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_bsd_addr.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_cc_functions.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_crc32.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_indata.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_input.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_output.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_pcb.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_peeloff.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_ss_functions.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_syscalls.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_sysctl.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_timer.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctp_usrreq.c optional inet sctp netstack | inet6 sctp netstack +netinet/sctputil.c optional inet sctp netstack | inet6 sctp netstack +netinet/tcp_debug.c optional tcpdebug netstack +netinet/tcp_hostcache.c optional inet netstack | inet6 netstack +netinet/tcp_input.c optional inet netstack | inet6 netstack +netinet/tcp_lro.c optional inet netstack | inet6 netstack +netinet/tcp_output.c optional inet netstack | inet6 netstack +netinet/tcp_offload.c optional tcp_offload inet netstack | tcp_offload inet6 netstack +netinet/tcp_reass.c optional inet netstack | inet6 netstack +netinet/tcp_sack.c optional inet netstack | inet6 netstack +netinet/tcp_subr.c optional inet netstack | inet6 netstack +netinet/tcp_syncache.c optional inet netstack | inet6 netstack +netinet/tcp_timer.c optional inet netstack | inet6 netstack +netinet/tcp_timewait.c optional inet netstack | inet6 netstack +netinet/tcp_usrreq.c optional inet netstack | inet6 netstack +netinet/udp_usrreq.c optional inet netstack | inet6 netstack +netinet/libalias/alias.c optional libalias inet netstack | netgraph_nat inet netstack +netinet/libalias/alias_db.c optional libalias inet netstack | netgraph_nat inet netstack +netinet/libalias/alias_mod.c optional libalias netstack | netgraph_nat netstack +netinet/libalias/alias_proxy.c optional libalias inet netstack | netgraph_nat inet netstack +netinet/libalias/alias_util.c optional libalias inet netstack | netgraph_nat inet netstack +netinet/libalias/alias_sctp.c optional libalias inet netstack | netgraph_nat inet netstack +netinet6/dest6.c optional inet6 netstack +netinet6/frag6.c optional inet6 netstack +netinet6/icmp6.c optional inet6 netstack +netinet6/in6.c optional inet6 netstack +netinet6/in6_cksum.c optional inet6 netstack +netinet6/in6_gif.c optional gif inet6 netstack | netgraph_gif inet6 netstack +netinet6/in6_ifattach.c optional inet6 netstack +netinet6/in6_jail.c optional inet6 netstack +netinet6/in6_mcast.c optional inet6 netstack +netinet6/in6_pcb.c optional inet6 netstack +netinet6/in6_pcbgroup.c optional inet6 pcbgroup netstack +netinet6/in6_proto.c optional inet6 netstack +netinet6/in6_rmx.c optional inet6 netstack +netinet6/in6_src.c optional inet6 netstack +netinet6/ip6_forward.c optional inet6 netstack +netinet6/ip6_id.c optional inet6 netstack netstack +netinet6/ip6_input.c optional inet6 netstack +netinet6/ip6_mroute.c optional mrouting inet6 netstack +netinet6/ip6_output.c optional inet6 netstack +netinet6/ip6_ipsec.c optional inet6 ipsec netstack +netinet6/mld6.c optional inet6 netstack +netinet6/nd6.c optional inet6 netstack +netinet6/nd6_nbr.c optional inet6 netstack +netinet6/nd6_rtr.c optional inet6 netstack +netinet6/raw_ip6.c optional inet6 netstack +netinet6/route6.c optional inet6 netstack +netinet6/scope6.c optional inet6 netstack +netinet6/sctp6_usrreq.c optional inet6 sctp netstack +netinet6/udp6_usrreq.c optional inet6 netstack +netipsec/ipsec.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/ipsec_input.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/ipsec_mbuf.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/ipsec_output.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/key.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/key_debug.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/keysock.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/xform_ah.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/xform_esp.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/xform_ipcomp.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/xform_ipip.c optional ipsec inet netstack | ipsec inet6 netstack +netipsec/xform_tcp.c optional ipsec inet tcp_signature netstack | \ + ipsec inet6 tcp_signature netstack +netipx/ipx.c optional ipx netstack +netipx/ipx_cksum.c optional ipx netstack +netipx/ipx_input.c optional ipx netstack +netipx/ipx_outputfl.c optional ipx netstack +netipx/ipx_pcb.c optional ipx netstack +netipx/ipx_proto.c optional ipx netstack +netipx/ipx_usrreq.c optional ipx netstack +netipx/spx_debug.c optional ipx netstack +netipx/spx_reass.c optional ipx netstack +netipx/spx_usrreq.c optional ipx netstack +netnatm/natm.c optional natm netstack +netnatm/natm_pcb.c optional natm netstack +netnatm/natm_proto.c optional natm netstack +netncp/ncp_conn.c optional ncp netstack +netncp/ncp_crypt.c optional ncp netstack +netncp/ncp_login.c optional ncp netstack +netncp/ncp_mod.c optional ncp netstack +netncp/ncp_ncp.c optional ncp netstack +netncp/ncp_nls.c optional ncp netstack +netncp/ncp_rq.c optional ncp netstack +netncp/ncp_sock.c optional ncp netstack +netncp/ncp_subr.c optional ncp netstack +netsmb/smb_conn.c optional netsmb netstack +netsmb/smb_crypt.c optional netsmb netstack +netsmb/smb_dev.c optional netsmb netstack +netsmb/smb_iod.c optional netsmb netstack +netsmb/smb_rq.c optional netsmb netstack +netsmb/smb_smb.c optional netsmb netstack +netsmb/smb_subr.c optional netsmb netstack +netsmb/smb_trantcp.c optional netsmb netstack +netsmb/smb_usr.c optional netsmb netstack +nfs/bootp_subr.c optional bootp nfsclient netstack | bootp nfscl netstack +nfs/krpc_subr.c optional bootp nfsclient netstack | bootp nfscl netstack +nfs/nfs_common.c optional nfsclient netstack | nfsserver netstack +nfs/nfs_diskless.c optional nfsclient nfs_root netstack | nfscl nfs_root netstack +nfs/nfs_lock.c optional nfsclient netstack | nfscl netstack | nfslockd netstack | nfsd netstack +nfsclient/nfs_bio.c optional nfsclient netstack +nfsclient/nfs_node.c optional nfsclient netstack +nfsclient/nfs_krpc.c optional nfsclient netstack +nfsclient/nfs_subs.c optional nfsclient netstack +nfsclient/nfs_nfsiod.c optional nfsclient netstack +nfsclient/nfs_vfsops.c optional nfsclient netstack +nfsclient/nfs_vnops.c optional nfsclient netstack +nfsserver/nfs_fha.c optional nfsserver netstack +nfsserver/nfs_serv.c optional nfsserver netstack +nfsserver/nfs_srvkrpc.c optional nfsserver netstack +nfsserver/nfs_srvsubs.c optional nfsserver netstack +nfs/nfs_nfssvc.c optional nfsserver netstack | nfscl netstack | nfsd netstack +nlm/nlm_advlock.c optional nfslockd netstack | nfsd netstack +nlm/nlm_prot_clnt.c optional nfslockd netstack | nfsd netstack +nlm/nlm_prot_impl.c optional nfslockd netstack | nfsd netstack +nlm/nlm_prot_server.c optional nfslockd netstack | nfsd netstack +nlm/nlm_prot_svc.c optional nfslockd netstack | nfsd netstack +nlm/nlm_prot_xdr.c optional nfslockd netstack | nfsd netstack +nlm/sm_inter_xdr.c optional nfslockd netstack | nfsd netstack # OpenFabrics Enterprise Distribution (Infiniband) ofed/include/linux/linux_compat.c optional ofed \ @@ -3460,35 +3468,35 @@ opencrypto/xform.c optional crypto pci/alpm.c optional alpm pci pci/amdpm.c optional amdpm pci | nfpm pci pci/amdsmb.c optional amdsmb pci -pci/if_rl.c optional rl pci +pci/if_rl.c optional rl pci netstack pci/intpm.c optional intpm pci pci/ncr.c optional ncr pci pci/nfsmb.c optional nfsmb pci pci/viapm.c optional viapm pci -rpc/auth_none.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -rpc/auth_unix.c optional krpc | nfslockd | nfsclient | nfscl | nfsd -rpc/authunix_prot.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -rpc/clnt_dg.c optional krpc | nfslockd | nfsclient | nfscl | nfsd -rpc/clnt_rc.c optional krpc | nfslockd | nfsclient | nfscl | nfsd -rpc/clnt_vc.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -rpc/getnetconfig.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -rpc/replay.c optional krpc | nfslockd | nfsserver | nfscl | nfsd -rpc/rpc_callmsg.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -rpc/rpc_generic.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -rpc/rpc_prot.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -rpc/rpcb_clnt.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -rpc/rpcb_prot.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -rpc/svc.c optional krpc | nfslockd | nfsserver | nfscl | nfsd -rpc/svc_auth.c optional krpc | nfslockd | nfsserver | nfscl | nfsd -rpc/svc_auth_unix.c optional krpc | nfslockd | nfsserver | nfscl | nfsd -rpc/svc_dg.c optional krpc | nfslockd | nfsserver | nfscl | nfsd -rpc/svc_generic.c optional krpc | nfslockd | nfsserver | nfscl | nfsd -rpc/svc_vc.c optional krpc | nfslockd | nfsserver | nfscl | nfsd -rpc/rpcsec_gss/rpcsec_gss.c optional krpc kgssapi | nfslockd kgssapi | nfscl kgssapi | nfsd kgssapi -rpc/rpcsec_gss/rpcsec_gss_conf.c optional krpc kgssapi | nfslockd kgssapi | nfscl kgssapi | nfsd kgssapi -rpc/rpcsec_gss/rpcsec_gss_misc.c optional krpc kgssapi | nfslockd kgssapi | nfscl kgssapi | nfsd kgssapi -rpc/rpcsec_gss/rpcsec_gss_prot.c optional krpc kgssapi | nfslockd kgssapi | nfscl kgssapi | nfsd kgssapi -rpc/rpcsec_gss/svc_rpcsec_gss.c optional krpc kgssapi | nfslockd kgssapi | nfscl kgssapi | nfsd kgssapi +rpc/auth_none.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/auth_unix.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfscl netstack | nfsd netstack +rpc/authunix_prot.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/clnt_dg.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfscl netstack | nfsd netstack +rpc/clnt_rc.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfscl netstack | nfsd netstack +rpc/clnt_vc.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/getnetconfig.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/replay.c optional krpc netstack | nfslockd netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/rpc_callmsg.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/rpc_generic.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/rpc_prot.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/rpcb_clnt.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/rpcb_prot.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/svc.c optional krpc netstack | nfslockd netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/svc_auth.c optional krpc netstack | nfslockd netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/svc_auth_unix.c optional krpc netstack | nfslockd netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/svc_dg.c optional krpc netstack | nfslockd netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/svc_generic.c optional krpc netstack | nfslockd netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/svc_vc.c optional krpc netstack | nfslockd netstack | nfsserver netstack | nfscl netstack | nfsd netstack +rpc/rpcsec_gss/rpcsec_gss.c optional krpc kgssapi | nfslockd kgssapi | nfscl kgssapi | nfsd kgssapi netstack +rpc/rpcsec_gss/rpcsec_gss_conf.c optional krpc kgssapi netstack | nfslockd kgssapi netstack | nfscl kgssapi netstack | nfsd kgssapi netstack +rpc/rpcsec_gss/rpcsec_gss_misc.c optional krpc kgssapi netstack | nfslockd kgssapi netstack | nfscl kgssapi netstack | nfsd kgssapi netstack +rpc/rpcsec_gss/rpcsec_gss_prot.c optional krpc kgssapi netstack | nfslockd kgssapi netstack | nfscl kgssapi netstack | nfsd kgssapi netstack +rpc/rpcsec_gss/svc_rpcsec_gss.c optional krpc kgssapi netstack | nfslockd kgssapi netstack | nfscl kgssapi netstack | nfsd kgssapi netstack security/audit/audit.c optional audit security/audit/audit_arg.c optional audit security/audit/audit_bsm.c optional audit @@ -3502,12 +3510,12 @@ security/audit/audit_pipe.c optional audit security/audit/audit_syscalls.c standard security/audit/audit_trigger.c optional audit security/audit/audit_worker.c optional audit -security/mac/mac_atalk.c optional mac netatalk +security/mac/mac_atalk.c optional mac netatalk netstack security/mac/mac_audit.c optional mac audit security/mac/mac_cred.c optional mac security/mac/mac_framework.c optional mac -security/mac/mac_inet.c optional mac inet | mac inet6 -security/mac/mac_inet6.c optional mac inet6 +security/mac/mac_inet.c optional mac inet netstack | mac inet6 netstack +security/mac/mac_inet6.c optional mac inet6 netstack security/mac/mac_label.c optional mac security/mac/mac_net.c optional mac security/mac/mac_pipe.c optional mac @@ -3581,12 +3589,12 @@ vm/vm_reserv.c standard vm/vm_unix.c standard vm/vm_zeroidle.c standard vm/vnode_pager.c standard -xdr/xdr.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -xdr/xdr_array.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -xdr/xdr_mbuf.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -xdr/xdr_mem.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -xdr/xdr_reference.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd -xdr/xdr_sizeof.c optional krpc | nfslockd | nfsclient | nfsserver | nfscl | nfsd +xdr/xdr.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +xdr/xdr_array.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +xdr/xdr_mbuf.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +xdr/xdr_mem.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +xdr/xdr_reference.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack +xdr/xdr_sizeof.c optional krpc netstack | nfslockd netstack | nfsclient netstack | nfsserver netstack | nfscl netstack | nfsd netstack # gnu/fs/xfs/xfs_alloc.c optional xfs \ compile-with "${NORMAL_C} -I$S/gnu/fs/xfs/FreeBSD -I$S/gnu/fs/xfs/FreeBSD/support -I$S/gnu/fs/xfs" \ Index: sys/conf/files.amd64 =================================================================== --- sys/conf/files.amd64 (revision 239685) +++ sys/conf/files.amd64 (working copy) @@ -160,20 +160,20 @@ dev/coretemp/coretemp.c optional coretemp dev/cpuctl/cpuctl.c optional cpuctl dev/dpms/dpms.c optional dpms # There are no systems with isa slots, so all ed isa entries should go.. -dev/ed/if_ed_3c503.c optional ed isa ed_3c503 -dev/ed/if_ed_isa.c optional ed isa -dev/ed/if_ed_wd80x3.c optional ed isa -dev/ed/if_ed_hpp.c optional ed isa ed_hpp -dev/ed/if_ed_sic.c optional ed isa ed_sic +dev/ed/if_ed_3c503.c optional ed isa ed_3c503 netstack +dev/ed/if_ed_isa.c optional ed isa netstack +dev/ed/if_ed_wd80x3.c optional ed isa netstack +dev/ed/if_ed_hpp.c optional ed isa ed_hpp netstack +dev/ed/if_ed_sic.c optional ed isa ed_sic netstack dev/fb/fb.c optional fb | vga dev/fb/s3_pci.c optional s3pci dev/fb/vesa.c optional vga vesa dev/fb/vga.c optional vga dev/ichwd/ichwd.c optional ichwd -dev/if_ndis/if_ndis.c optional ndis -dev/if_ndis/if_ndis_pccard.c optional ndis pccard -dev/if_ndis/if_ndis_pci.c optional ndis cardbus | ndis pci -dev/if_ndis/if_ndis_usb.c optional ndis usb +dev/if_ndis/if_ndis.c optional ndis netstack +dev/if_ndis/if_ndis_pccard.c optional ndis pccard netstack +dev/if_ndis/if_ndis_pci.c optional ndis cardbus netstack | ndis pci netstack +dev/if_ndis/if_ndis_usb.c optional ndis usb netstack dev/io/iodev.c optional io dev/ipmi/ipmi.c optional ipmi dev/ipmi/ipmi_acpi.c optional ipmi acpi @@ -210,8 +210,8 @@ dev/hwpmc/hwpmc_x86.c optional hwpmc dev/kbd/kbd.c optional atkbd | sc | ukbd dev/lindev/full.c optional lindev dev/lindev/lindev.c optional lindev -dev/nfe/if_nfe.c optional nfe pci -dev/nve/if_nve.c optional nve pci +dev/nfe/if_nfe.c optional nfe pci netstack +dev/nve/if_nve.c optional nve pci netstack dev/nvram/nvram.c optional nvram isa dev/random/nehemiah.c optional random dev/qlxgb/qla_dbg.c optional qlxgb pci @@ -268,7 +268,7 @@ dev/tpm/tpm_isa.c optional tpm isa dev/uart/uart_cpu_x86.c optional uart dev/viawd/viawd.c optional viawd dev/wbwd/wbwd.c optional wbwd -dev/wpi/if_wpi.c optional wpi +dev/wpi/if_wpi.c optional wpi netstack dev/isci/isci.c optional isci dev/isci/isci_controller.c optional isci dev/isci/isci_domain.c optional isci Index: sys/conf/files.i386 =================================================================== --- sys/conf/files.i386 (revision 239685) +++ sys/conf/files.i386 (working copy) @@ -147,27 +147,27 @@ dev/atkbdc/atkbdc.c optional atkbdc dev/atkbdc/atkbdc_isa.c optional atkbdc isa dev/atkbdc/atkbdc_subr.c optional atkbdc dev/atkbdc/psm.c optional psm atkbdc -dev/ce/ceddk.c optional ce -dev/ce/if_ce.c optional ce -dev/ce/tau32-ddk.c optional ce \ +dev/ce/ceddk.c optional ce netstack +dev/ce/if_ce.c optional ce netstack +dev/ce/tau32-ddk.c optional ce netstack \ compile-with "${NORMAL_C} ${NO_WCONSTANT_CONVERSION}" -dev/cm/if_cm_isa.c optional cm isa +dev/cm/if_cm_isa.c optional cm isa netstack dev/coretemp/coretemp.c optional coretemp -dev/cp/cpddk.c optional cp -dev/cp/if_cp.c optional cp +dev/cp/cpddk.c optional cp netstack +dev/cp/if_cp.c optional cp netstack dev/cpuctl/cpuctl.c optional cpuctl -dev/ctau/ctau.c optional ctau -dev/ctau/ctddk.c optional ctau -dev/ctau/if_ct.c optional ctau -dev/cx/csigma.c optional cx -dev/cx/cxddk.c optional cx -dev/cx/if_cx.c optional cx +dev/ctau/ctau.c optional ctau netstack +dev/ctau/ctddk.c optional ctau netstack +dev/ctau/if_ct.c optional ctau netstack +dev/cx/csigma.c optional cx netstack +dev/cx/cxddk.c optional cx netstack +dev/cx/if_cx.c optional cx netstack dev/dpms/dpms.c optional dpms -dev/ed/if_ed_3c503.c optional ed isa ed_3c503 -dev/ed/if_ed_isa.c optional ed isa -dev/ed/if_ed_wd80x3.c optional ed isa -dev/ed/if_ed_hpp.c optional ed isa ed_hpp -dev/ed/if_ed_sic.c optional ed isa ed_sic +dev/ed/if_ed_3c503.c optional ed isa ed_3c503 netstack +dev/ed/if_ed_isa.c optional ed isa netstack +dev/ed/if_ed_wd80x3.c optional ed isa netstack +dev/ed/if_ed_hpp.c optional ed isa ed_hpp netstack +dev/ed/if_ed_sic.c optional ed isa ed_sic netstack dev/fb/fb.c optional fb | vga dev/fb/s3_pci.c optional s3pci dev/fb/vesa.c optional vga vesa @@ -176,7 +176,7 @@ dev/fdc/fdc.c optional fdc dev/fdc/fdc_acpi.c optional fdc dev/fdc/fdc_isa.c optional fdc isa dev/fdc/fdc_pccard.c optional fdc pccard -dev/fe/if_fe_isa.c optional fe isa +dev/fe/if_fe_isa.c optional fe isa netstack dev/glxiic/glxiic.c optional glxiic dev/glxsb/glxsb.c optional glxsb dev/glxsb/glxsb_hash.c optional glxsb @@ -201,10 +201,10 @@ dev/hwpmc/hwpmc_ppro.c optional hwpmc dev/hwpmc/hwpmc_tsc.c optional hwpmc dev/hwpmc/hwpmc_x86.c optional hwpmc dev/ichwd/ichwd.c optional ichwd -dev/if_ndis/if_ndis.c optional ndis -dev/if_ndis/if_ndis_pccard.c optional ndis pccard -dev/if_ndis/if_ndis_pci.c optional ndis cardbus | ndis pci -dev/if_ndis/if_ndis_usb.c optional ndis usb +dev/if_ndis/if_ndis.c optional ndis netstack +dev/if_ndis/if_ndis_pccard.c optional ndis pccard netstack +dev/if_ndis/if_ndis_pci.c optional ndis cardbus netstack | ndis pci netstack +dev/if_ndis/if_ndis_usb.c optional ndis usb netstack dev/io/iodev.c optional io dev/ipmi/ipmi.c optional ipmi dev/ipmi/ipmi_acpi.c optional ipmi acpi @@ -217,19 +217,19 @@ dev/ipmi/ipmi_ssif.c optional ipmi smbus dev/ipmi/ipmi_pci.c optional ipmi pci dev/ipmi/ipmi_linux.c optional ipmi compat_linux dev/kbd/kbd.c optional atkbd | sc | ukbd -dev/le/if_le_isa.c optional le isa +dev/le/if_le_isa.c optional le isa netstack dev/lindev/full.c optional lindev dev/lindev/lindev.c optional lindev dev/mse/mse.c optional mse dev/mse/mse_isa.c optional mse isa -dev/nfe/if_nfe.c optional nfe pci -dev/nve/if_nve.c optional nve pci +dev/nfe/if_nfe.c optional nfe pci netstack +dev/nve/if_nve.c optional nve pci netstack dev/nvram/nvram.c optional nvram isa dev/pcf/pcf_isa.c optional pcf dev/random/nehemiah.c optional random -dev/sbni/if_sbni.c optional sbni -dev/sbni/if_sbni_isa.c optional sbni isa -dev/sbni/if_sbni_pci.c optional sbni pci +dev/sbni/if_sbni.c optional sbni netstack +dev/sbni/if_sbni_isa.c optional sbni isa netstack +dev/sbni/if_sbni_pci.c optional sbni pci netstack dev/sio/sio.c optional sio dev/sio/sio_isa.c optional sio isa dev/sio/sio_pccard.c optional sio pccard @@ -249,7 +249,7 @@ dev/viawd/viawd.c optional viawd dev/acpica/acpi_if.m standard dev/acpi_support/acpi_wmi_if.m standard dev/wbwd/wbwd.c optional wbwd -dev/wpi/if_wpi.c optional wpi +dev/wpi/if_wpi.c optional wpi netstack dev/isci/isci.c optional isci dev/isci/isci_controller.c optional isci dev/isci/isci_domain.c optional isci Index: sys/conf/kmod.mk =================================================================== --- sys/conf/kmod.mk (revision 239685) +++ sys/conf/kmod.mk (working copy) @@ -354,7 +354,8 @@ MFILES?= dev/acpica/acpi_if.m dev/acpi_support/acp dev/sound/midi/mpu_if.m dev/sound/midi/mpufoi_if.m \ dev/sound/midi/synth_if.m dev/usb/usb_if.m isa/isa_if.m \ kern/bus_if.m kern/clock_if.m \ - kern/cpufreq_if.m kern/device_if.m kern/serdev_if.m \ + kern/cpufreq_if.m kern/device_if.m kern/netstack_if.m \ + kern/serdev_if.m \ libkern/iconv_converter_if.m opencrypto/cryptodev_if.m \ pc98/pc98/canbus_if.m dev/etherswitch/mdio_if.m Index: sys/conf/options =================================================================== --- sys/conf/options (revision 239685) +++ sys/conf/options (working copy) @@ -429,6 +429,7 @@ MBUF_STRESS_TEST MROUTING opt_mrouting.h NCP NETATALK opt_atalk.h +NETSTACK opt_global.h NFSLOCKD PCBGROUP opt_pcbgroup.h RADIX_MPATH opt_mpath.h Index: sys/contrib/pf/net/pf_ioctl.c =================================================================== --- sys/contrib/pf/net/pf_ioctl.c (revision 239685) +++ sys/contrib/pf/net/pf_ioctl.c (working copy) @@ -4416,5 +4416,6 @@ static moduledata_t pf_mod = { }; DECLARE_MODULE(pf, pf_mod, SI_SUB_PSEUDO, SI_ORDER_FIRST); +MODULE_DEPEND(pf, netstack, 1, 1, 1); MODULE_VERSION(pf, PF_MODVER); #endif /* __FreeBSD__ */ Index: sys/contrib/pf/net/pf_osfp.c =================================================================== --- sys/contrib/pf/net/pf_osfp.c (revision 239685) +++ sys/contrib/pf/net/pf_osfp.c (working copy) @@ -186,6 +186,9 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const } #ifdef INET6 else if (ip6) { +#if defined(__FreeBSD__) && defined(_KERNEL) + char ip6buf[INET6_ADDRSTRLEN]; +#endif #ifndef _KERNEL struct sockaddr_in6 sin6; #endif @@ -196,8 +199,13 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const fp.fp_flags |= PF_OSFP_DF; fp.fp_flags |= PF_OSFP_INET6; #ifdef _KERNEL +#ifdef __FreeBSD__ + strlcpy(srcname, ip6_sprintf(ip6buf, + (const struct in6_addr *)&ip6->ip6_src), sizeof(srcname)); +#else strlcpy(srcname, ip6_sprintf((struct in6_addr *)&ip6->ip6_src), sizeof(srcname)); +#endif #else memset(&sin6, 0, sizeof(sin6)); sin6.sin6_family = AF_INET6; Index: sys/dev/usb/usb_freebsd.h =================================================================== --- sys/dev/usb/usb_freebsd.h (revision 239685) +++ sys/dev/usb/usb_freebsd.h (working copy) @@ -41,7 +41,11 @@ #define USB_HAVE_TT_SUPPORT 1 #define USB_HAVE_POWERD 1 #define USB_HAVE_MSCTEST 1 +#ifdef NETSTACK #define USB_HAVE_PF 1 +#else +#define USB_HAVE_PF 0 +#endif #define USB_TD_GET_PROC(td) (td)->td_proc #define USB_PROC_GET_GID(td) (td)->p_pgid Index: sys/i386/conf/GENERIC =================================================================== --- sys/i386/conf/GENERIC (revision 239685) +++ sys/i386/conf/GENERIC (working copy) @@ -70,6 +70,7 @@ options MAC # TrustedBSD MAC Framework options KDTRACE_HOOKS # Kernel DTrace hooks options DDB_CTF # Kernel ELF linker loads CTF data options INCLUDE_CONFIG_FILE # Include this file in kernel +options NETSTACK # Debugging support. Always need this: options KDB # Enable kernel debugger support. Index: sys/kern/init_sysent.c =================================================================== --- sys/kern/init_sysent.c (revision 239685) +++ sys/kern/init_sysent.c (working copy) @@ -209,7 +209,7 @@ struct sysent sysent[] = { { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 172 = nosys */ { AS(freebsd6_pread_args), (sy_call_t *)freebsd6_pread, AUE_PREAD, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 173 = freebsd6_pread */ { AS(freebsd6_pwrite_args), (sy_call_t *)freebsd6_pwrite, AUE_PWRITE, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 174 = freebsd6_pwrite */ - { AS(setfib_args), (sy_call_t *)sys_setfib, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 175 = setfib */ + { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 175 = setfib */ { AS(ntp_adjtime_args), (sy_call_t *)sys_ntp_adjtime, AUE_NTP_ADJTIME, NULL, 0, 0, 0, SY_THR_STATIC }, /* 176 = ntp_adjtime */ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 177 = sfork */ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 178 = getdescriptor */ @@ -505,10 +505,10 @@ struct sysent sysent[] = { { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 468 = nosys */ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 469 = __getpath_fromfd */ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 470 = __getpath_fromaddr */ - { AS(sctp_peeloff_args), (sy_call_t *)sys_sctp_peeloff, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 471 = sctp_peeloff */ - { AS(sctp_generic_sendmsg_args), (sy_call_t *)sys_sctp_generic_sendmsg, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 472 = sctp_generic_sendmsg */ - { AS(sctp_generic_sendmsg_iov_args), (sy_call_t *)sys_sctp_generic_sendmsg_iov, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 473 = sctp_generic_sendmsg_iov */ - { AS(sctp_generic_recvmsg_args), (sy_call_t *)sys_sctp_generic_recvmsg, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 474 = sctp_generic_recvmsg */ + { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 471 = sctp_peeloff */ + { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 472 = sctp_generic_sendmsg */ + { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 473 = sctp_generic_sendmsg_iov */ + { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 474 = sctp_generic_recvmsg */ { AS(pread_args), (sy_call_t *)sys_pread, AUE_PREAD, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 475 = pread */ { AS(pwrite_args), (sy_call_t *)sys_pwrite, AUE_PWRITE, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 476 = pwrite */ { AS(mmap_args), (sy_call_t *)sys_mmap, AUE_MMAP, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 477 = mmap */ Index: sys/kern/kern_jail.c =================================================================== --- sys/kern/kern_jail.c (revision 239685) +++ sys/kern/kern_jail.c (working copy) @@ -133,14 +133,6 @@ static void prison_racct_attach(struct prison *pr) static void prison_racct_modify(struct prison *pr); static void prison_racct_detach(struct prison *pr); #endif -#ifdef INET -static int _prison_check_ip4(struct prison *pr, struct in_addr *ia); -static int prison_restrict_ip4(struct prison *pr, struct in_addr *newip4); -#endif -#ifdef INET6 -static int _prison_check_ip6(struct prison *pr, struct in6_addr *ia6); -static int prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6); -#endif /* Flags for prison_deref */ #define PD_DEREF 0x01 @@ -234,54 +226,6 @@ static int jail_default_devfs_rsnum = JAIL_DEFAULT static unsigned jail_max_af_ips = 255; #endif -#ifdef INET -static int -qcmp_v4(const void *ip1, const void *ip2) -{ - in_addr_t iaa, iab; - - /* - * We need to compare in HBO here to get the list sorted as expected - * by the result of the code. Sorting NBO addresses gives you - * interesting results. If you do not understand, do not try. - */ - iaa = ntohl(((const struct in_addr *)ip1)->s_addr); - iab = ntohl(((const struct in_addr *)ip2)->s_addr); - - /* - * Do not simply return the difference of the two numbers, the int is - * not wide enough. - */ - if (iaa > iab) - return (1); - else if (iaa < iab) - return (-1); - else - return (0); -} -#endif - -#ifdef INET6 -static int -qcmp_v6(const void *ip1, const void *ip2) -{ - const struct in6_addr *ia6a, *ia6b; - int i, rc; - - ia6a = (const struct in6_addr *)ip1; - ia6b = (const struct in6_addr *)ip2; - - rc = 0; - for (i = 0; rc == 0 && i < sizeof(struct in6_addr); i++) { - if (ia6a->s6_addr[i] > ia6b->s6_addr[i]) - rc = 1; - else if (ia6a->s6_addr[i] < ia6b->s6_addr[i]) - rc = -1; - } - return (rc); -} -#endif - /* * struct jail_args { * struct jail *jail; @@ -826,7 +770,8 @@ kern_jail_set(struct thread *td, struct uio *optui * address to connect from. */ if (ip4s > 1) - qsort(ip4 + 1, ip4s - 1, sizeof(*ip4), qcmp_v4); + qsort(ip4 + 1, ip4s - 1, sizeof(*ip4), + prison_qcmp_v4); /* * Check for duplicate addresses and do some simple * zero and broadcast checks. If users give other bogus @@ -876,7 +821,8 @@ kern_jail_set(struct thread *td, struct uio *optui ip6 = malloc(ip6s * sizeof(*ip6), M_PRISON, M_WAITOK); bcopy(op, ip6, ip6s * sizeof(*ip6)); if (ip6s > 1) - qsort(ip6 + 1, ip6s - 1, sizeof(*ip6), qcmp_v6); + qsort(ip6 + 1, ip6s - 1, sizeof(*ip6), + prison_qcmp_v6); for (ii = 0; ii < ip6s; ii++) { if (IN6_IS_ADDR_UNSPECIFIED(&ip6[ii])) { error = EINVAL; @@ -1448,7 +1394,8 @@ kern_jail_set(struct thread *td, struct uio *optui (ip4s == 1 && tpr->pr_ip4s == 1)) continue; for (ii = 0; ii < ip4s; ii++) { - if (_prison_check_ip4(tpr, &ip4[ii]) == 0) { + if (prison_check_ip4_locked(tpr, &ip4[ii]) == + 0) { error = EADDRINUSE; vfs_opterror(opts, "IPv4 addresses clash"); @@ -1514,7 +1461,8 @@ kern_jail_set(struct thread *td, struct uio *optui (ip6s == 1 && tpr->pr_ip6s == 1)) continue; for (ii = 0; ii < ip6s; ii++) { - if (_prison_check_ip6(tpr, &ip6[ii]) == 0) { + if (prison_check_ip6_locked(tpr, &ip6[ii]) == + 0) { error = EADDRINUSE; vfs_opterror(opts, "IPv6 addresses clash"); @@ -2655,687 +2603,7 @@ prison_proc_free(struct prison *pr) prison_deref(pr, PD_DEUREF | PD_LOCKED); } - -#ifdef INET /* - * Restrict a prison's IP address list with its parent's, possibly replacing - * it. Return true if the replacement buffer was used (or would have been). - */ -static int -prison_restrict_ip4(struct prison *pr, struct in_addr *newip4) -{ - int ii, ij, used; - struct prison *ppr; - - ppr = pr->pr_parent; - if (!(pr->pr_flags & PR_IP4_USER)) { - /* This has no user settings, so just copy the parent's list. */ - if (pr->pr_ip4s < ppr->pr_ip4s) { - /* - * There's no room for the parent's list. Use the - * new list buffer, which is assumed to be big enough - * (if it was passed). If there's no buffer, try to - * allocate one. - */ - used = 1; - if (newip4 == NULL) { - newip4 = malloc(ppr->pr_ip4s * sizeof(*newip4), - M_PRISON, M_NOWAIT); - if (newip4 != NULL) - used = 0; - } - if (newip4 != NULL) { - bcopy(ppr->pr_ip4, newip4, - ppr->pr_ip4s * sizeof(*newip4)); - free(pr->pr_ip4, M_PRISON); - pr->pr_ip4 = newip4; - pr->pr_ip4s = ppr->pr_ip4s; - } - return (used); - } - pr->pr_ip4s = ppr->pr_ip4s; - if (pr->pr_ip4s > 0) - bcopy(ppr->pr_ip4, pr->pr_ip4, - pr->pr_ip4s * sizeof(*newip4)); - else if (pr->pr_ip4 != NULL) { - free(pr->pr_ip4, M_PRISON); - pr->pr_ip4 = NULL; - } - } else if (pr->pr_ip4s > 0) { - /* Remove addresses that aren't in the parent. */ - for (ij = 0; ij < ppr->pr_ip4s; ij++) - if (pr->pr_ip4[0].s_addr == ppr->pr_ip4[ij].s_addr) - break; - if (ij < ppr->pr_ip4s) - ii = 1; - else { - bcopy(pr->pr_ip4 + 1, pr->pr_ip4, - --pr->pr_ip4s * sizeof(*pr->pr_ip4)); - ii = 0; - } - for (ij = 1; ii < pr->pr_ip4s; ) { - if (pr->pr_ip4[ii].s_addr == ppr->pr_ip4[0].s_addr) { - ii++; - continue; - } - switch (ij >= ppr->pr_ip4s ? -1 : - qcmp_v4(&pr->pr_ip4[ii], &ppr->pr_ip4[ij])) { - case -1: - bcopy(pr->pr_ip4 + ii + 1, pr->pr_ip4 + ii, - (--pr->pr_ip4s - ii) * sizeof(*pr->pr_ip4)); - break; - case 0: - ii++; - ij++; - break; - case 1: - ij++; - break; - } - } - if (pr->pr_ip4s == 0) { - pr->pr_flags |= PR_IP4_DISABLE; - free(pr->pr_ip4, M_PRISON); - pr->pr_ip4 = NULL; - } - } - return (0); -} - -/* - * Pass back primary IPv4 address of this jail. - * - * If not restricted return success but do not alter the address. Caller has - * to make sure to initialize it correctly (e.g. INADDR_ANY). - * - * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4. - * Address returned in NBO. - */ -int -prison_get_ip4(struct ucred *cred, struct in_addr *ia) -{ - struct prison *pr; - - KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); - KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); - - pr = cred->cr_prison; - if (!(pr->pr_flags & PR_IP4)) - return (0); - mtx_lock(&pr->pr_mtx); - if (!(pr->pr_flags & PR_IP4)) { - mtx_unlock(&pr->pr_mtx); - return (0); - } - if (pr->pr_ip4 == NULL) { - mtx_unlock(&pr->pr_mtx); - return (EAFNOSUPPORT); - } - - ia->s_addr = pr->pr_ip4[0].s_addr; - mtx_unlock(&pr->pr_mtx); - return (0); -} - -/* - * Return 1 if we should do proper source address selection or are not jailed. - * We will return 0 if we should bypass source address selection in favour - * of the primary jail IPv4 address. Only in this case *ia will be updated and - * returned in NBO. - * Return EAFNOSUPPORT, in case this jail does not allow IPv4. - */ -int -prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia) -{ - struct prison *pr; - struct in_addr lia; - int error; - - KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); - KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); - - if (!jailed(cred)) - return (1); - - pr = cred->cr_prison; - if (pr->pr_flags & PR_IP4_SADDRSEL) - return (1); - - lia.s_addr = INADDR_ANY; - error = prison_get_ip4(cred, &lia); - if (error) - return (error); - if (lia.s_addr == INADDR_ANY) - return (1); - - ia->s_addr = lia.s_addr; - return (0); -} - -/* - * Return true if pr1 and pr2 have the same IPv4 address restrictions. - */ -int -prison_equal_ip4(struct prison *pr1, struct prison *pr2) -{ - - if (pr1 == pr2) - return (1); - - /* - * No need to lock since the PR_IP4_USER flag can't be altered for - * existing prisons. - */ - while (pr1 != &prison0 && -#ifdef VIMAGE - !(pr1->pr_flags & PR_VNET) && -#endif - !(pr1->pr_flags & PR_IP4_USER)) - pr1 = pr1->pr_parent; - while (pr2 != &prison0 && -#ifdef VIMAGE - !(pr2->pr_flags & PR_VNET) && -#endif - !(pr2->pr_flags & PR_IP4_USER)) - pr2 = pr2->pr_parent; - return (pr1 == pr2); -} - -/* - * Make sure our (source) address is set to something meaningful to this - * jail. - * - * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail, - * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail - * doesn't allow IPv4. Address passed in in NBO and returned in NBO. - */ -int -prison_local_ip4(struct ucred *cred, struct in_addr *ia) -{ - struct prison *pr; - struct in_addr ia0; - int error; - - KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); - KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); - - pr = cred->cr_prison; - if (!(pr->pr_flags & PR_IP4)) - return (0); - mtx_lock(&pr->pr_mtx); - if (!(pr->pr_flags & PR_IP4)) { - mtx_unlock(&pr->pr_mtx); - return (0); - } - if (pr->pr_ip4 == NULL) { - mtx_unlock(&pr->pr_mtx); - return (EAFNOSUPPORT); - } - - ia0.s_addr = ntohl(ia->s_addr); - if (ia0.s_addr == INADDR_LOOPBACK) { - ia->s_addr = pr->pr_ip4[0].s_addr; - mtx_unlock(&pr->pr_mtx); - return (0); - } - - if (ia0.s_addr == INADDR_ANY) { - /* - * In case there is only 1 IPv4 address, bind directly. - */ - if (pr->pr_ip4s == 1) - ia->s_addr = pr->pr_ip4[0].s_addr; - mtx_unlock(&pr->pr_mtx); - return (0); - } - - error = _prison_check_ip4(pr, ia); - mtx_unlock(&pr->pr_mtx); - return (error); -} - -/* - * Rewrite destination address in case we will connect to loopback address. - * - * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4. - * Address passed in in NBO and returned in NBO. - */ -int -prison_remote_ip4(struct ucred *cred, struct in_addr *ia) -{ - struct prison *pr; - - KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); - KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); - - pr = cred->cr_prison; - if (!(pr->pr_flags & PR_IP4)) - return (0); - mtx_lock(&pr->pr_mtx); - if (!(pr->pr_flags & PR_IP4)) { - mtx_unlock(&pr->pr_mtx); - return (0); - } - if (pr->pr_ip4 == NULL) { - mtx_unlock(&pr->pr_mtx); - return (EAFNOSUPPORT); - } - - if (ntohl(ia->s_addr) == INADDR_LOOPBACK) { - ia->s_addr = pr->pr_ip4[0].s_addr; - mtx_unlock(&pr->pr_mtx); - return (0); - } - - /* - * Return success because nothing had to be changed. - */ - mtx_unlock(&pr->pr_mtx); - return (0); -} - -/* - * Check if given address belongs to the jail referenced by cred/prison. - * - * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail, - * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail - * doesn't allow IPv4. Address passed in in NBO. - */ -static int -_prison_check_ip4(struct prison *pr, struct in_addr *ia) -{ - int i, a, z, d; - - /* - * Check the primary IP. - */ - if (pr->pr_ip4[0].s_addr == ia->s_addr) - return (0); - - /* - * All the other IPs are sorted so we can do a binary search. - */ - a = 0; - z = pr->pr_ip4s - 2; - while (a <= z) { - i = (a + z) / 2; - d = qcmp_v4(&pr->pr_ip4[i+1], ia); - if (d > 0) - z = i - 1; - else if (d < 0) - a = i + 1; - else - return (0); - } - - return (EADDRNOTAVAIL); -} - -int -prison_check_ip4(struct ucred *cred, struct in_addr *ia) -{ - struct prison *pr; - int error; - - KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); - KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); - - pr = cred->cr_prison; - if (!(pr->pr_flags & PR_IP4)) - return (0); - mtx_lock(&pr->pr_mtx); - if (!(pr->pr_flags & PR_IP4)) { - mtx_unlock(&pr->pr_mtx); - return (0); - } - if (pr->pr_ip4 == NULL) { - mtx_unlock(&pr->pr_mtx); - return (EAFNOSUPPORT); - } - - error = _prison_check_ip4(pr, ia); - mtx_unlock(&pr->pr_mtx); - return (error); -} -#endif - -#ifdef INET6 -static int -prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6) -{ - int ii, ij, used; - struct prison *ppr; - - ppr = pr->pr_parent; - if (!(pr->pr_flags & PR_IP6_USER)) { - /* This has no user settings, so just copy the parent's list. */ - if (pr->pr_ip6s < ppr->pr_ip6s) { - /* - * There's no room for the parent's list. Use the - * new list buffer, which is assumed to be big enough - * (if it was passed). If there's no buffer, try to - * allocate one. - */ - used = 1; - if (newip6 == NULL) { - newip6 = malloc(ppr->pr_ip6s * sizeof(*newip6), - M_PRISON, M_NOWAIT); - if (newip6 != NULL) - used = 0; - } - if (newip6 != NULL) { - bcopy(ppr->pr_ip6, newip6, - ppr->pr_ip6s * sizeof(*newip6)); - free(pr->pr_ip6, M_PRISON); - pr->pr_ip6 = newip6; - pr->pr_ip6s = ppr->pr_ip6s; - } - return (used); - } - pr->pr_ip6s = ppr->pr_ip6s; - if (pr->pr_ip6s > 0) - bcopy(ppr->pr_ip6, pr->pr_ip6, - pr->pr_ip6s * sizeof(*newip6)); - else if (pr->pr_ip6 != NULL) { - free(pr->pr_ip6, M_PRISON); - pr->pr_ip6 = NULL; - } - } else if (pr->pr_ip6s > 0) { - /* Remove addresses that aren't in the parent. */ - for (ij = 0; ij < ppr->pr_ip6s; ij++) - if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0], - &ppr->pr_ip6[ij])) - break; - if (ij < ppr->pr_ip6s) - ii = 1; - else { - bcopy(pr->pr_ip6 + 1, pr->pr_ip6, - --pr->pr_ip6s * sizeof(*pr->pr_ip6)); - ii = 0; - } - for (ij = 1; ii < pr->pr_ip6s; ) { - if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[ii], - &ppr->pr_ip6[0])) { - ii++; - continue; - } - switch (ij >= ppr->pr_ip4s ? -1 : - qcmp_v6(&pr->pr_ip6[ii], &ppr->pr_ip6[ij])) { - case -1: - bcopy(pr->pr_ip6 + ii + 1, pr->pr_ip6 + ii, - (--pr->pr_ip6s - ii) * sizeof(*pr->pr_ip6)); - break; - case 0: - ii++; - ij++; - break; - case 1: - ij++; - break; - } - } - if (pr->pr_ip6s == 0) { - pr->pr_flags |= PR_IP6_DISABLE; - free(pr->pr_ip6, M_PRISON); - pr->pr_ip6 = NULL; - } - } - return 0; -} - -/* - * Pass back primary IPv6 address for this jail. - * - * If not restricted return success but do not alter the address. Caller has - * to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT). - * - * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6. - */ -int -prison_get_ip6(struct ucred *cred, struct in6_addr *ia6) -{ - struct prison *pr; - - KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); - KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); - - pr = cred->cr_prison; - if (!(pr->pr_flags & PR_IP6)) - return (0); - mtx_lock(&pr->pr_mtx); - if (!(pr->pr_flags & PR_IP6)) { - mtx_unlock(&pr->pr_mtx); - return (0); - } - if (pr->pr_ip6 == NULL) { - mtx_unlock(&pr->pr_mtx); - return (EAFNOSUPPORT); - } - - bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); - mtx_unlock(&pr->pr_mtx); - return (0); -} - -/* - * Return 1 if we should do proper source address selection or are not jailed. - * We will return 0 if we should bypass source address selection in favour - * of the primary jail IPv6 address. Only in this case *ia will be updated and - * returned in NBO. - * Return EAFNOSUPPORT, in case this jail does not allow IPv6. - */ -int -prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6) -{ - struct prison *pr; - struct in6_addr lia6; - int error; - - KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); - KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); - - if (!jailed(cred)) - return (1); - - pr = cred->cr_prison; - if (pr->pr_flags & PR_IP6_SADDRSEL) - return (1); - - lia6 = in6addr_any; - error = prison_get_ip6(cred, &lia6); - if (error) - return (error); - if (IN6_IS_ADDR_UNSPECIFIED(&lia6)) - return (1); - - bcopy(&lia6, ia6, sizeof(struct in6_addr)); - return (0); -} - -/* - * Return true if pr1 and pr2 have the same IPv6 address restrictions. - */ -int -prison_equal_ip6(struct prison *pr1, struct prison *pr2) -{ - - if (pr1 == pr2) - return (1); - - while (pr1 != &prison0 && -#ifdef VIMAGE - !(pr1->pr_flags & PR_VNET) && -#endif - !(pr1->pr_flags & PR_IP6_USER)) - pr1 = pr1->pr_parent; - while (pr2 != &prison0 && -#ifdef VIMAGE - !(pr2->pr_flags & PR_VNET) && -#endif - !(pr2->pr_flags & PR_IP6_USER)) - pr2 = pr2->pr_parent; - return (pr1 == pr2); -} - -/* - * Make sure our (source) address is set to something meaningful to this jail. - * - * v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0) - * when needed while binding. - * - * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail, - * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail - * doesn't allow IPv6. - */ -int -prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only) -{ - struct prison *pr; - int error; - - KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); - KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); - - pr = cred->cr_prison; - if (!(pr->pr_flags & PR_IP6)) - return (0); - mtx_lock(&pr->pr_mtx); - if (!(pr->pr_flags & PR_IP6)) { - mtx_unlock(&pr->pr_mtx); - return (0); - } - if (pr->pr_ip6 == NULL) { - mtx_unlock(&pr->pr_mtx); - return (EAFNOSUPPORT); - } - - if (IN6_IS_ADDR_LOOPBACK(ia6)) { - bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); - mtx_unlock(&pr->pr_mtx); - return (0); - } - - if (IN6_IS_ADDR_UNSPECIFIED(ia6)) { - /* - * In case there is only 1 IPv6 address, and v6only is true, - * then bind directly. - */ - if (v6only != 0 && pr->pr_ip6s == 1) - bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); - mtx_unlock(&pr->pr_mtx); - return (0); - } - - error = _prison_check_ip6(pr, ia6); - mtx_unlock(&pr->pr_mtx); - return (error); -} - -/* - * Rewrite destination address in case we will connect to loopback address. - * - * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6. - */ -int -prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6) -{ - struct prison *pr; - - KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); - KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); - - pr = cred->cr_prison; - if (!(pr->pr_flags & PR_IP6)) - return (0); - mtx_lock(&pr->pr_mtx); - if (!(pr->pr_flags & PR_IP6)) { - mtx_unlock(&pr->pr_mtx); - return (0); - } - if (pr->pr_ip6 == NULL) { - mtx_unlock(&pr->pr_mtx); - return (EAFNOSUPPORT); - } - - if (IN6_IS_ADDR_LOOPBACK(ia6)) { - bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); - mtx_unlock(&pr->pr_mtx); - return (0); - } - - /* - * Return success because nothing had to be changed. - */ - mtx_unlock(&pr->pr_mtx); - return (0); -} - -/* - * Check if given address belongs to the jail referenced by cred/prison. - * - * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail, - * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail - * doesn't allow IPv6. - */ -static int -_prison_check_ip6(struct prison *pr, struct in6_addr *ia6) -{ - int i, a, z, d; - - /* - * Check the primary IP. - */ - if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0], ia6)) - return (0); - - /* - * All the other IPs are sorted so we can do a binary search. - */ - a = 0; - z = pr->pr_ip6s - 2; - while (a <= z) { - i = (a + z) / 2; - d = qcmp_v6(&pr->pr_ip6[i+1], ia6); - if (d > 0) - z = i - 1; - else if (d < 0) - a = i + 1; - else - return (0); - } - - return (EADDRNOTAVAIL); -} - -int -prison_check_ip6(struct ucred *cred, struct in6_addr *ia6) -{ - struct prison *pr; - int error; - - KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); - KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); - - pr = cred->cr_prison; - if (!(pr->pr_flags & PR_IP6)) - return (0); - mtx_lock(&pr->pr_mtx); - if (!(pr->pr_flags & PR_IP6)) { - mtx_unlock(&pr->pr_mtx); - return (0); - } - if (pr->pr_ip6 == NULL) { - mtx_unlock(&pr->pr_mtx); - return (EAFNOSUPPORT); - } - - error = _prison_check_ip6(pr, ia6); - mtx_unlock(&pr->pr_mtx); - return (error); -} -#endif - -/* * Check if a jail supports the given address family. * * Returns 0 if not jailed or the address family is supported, EAFNOSUPPORT Index: sys/kern/kern_netstack.c =================================================================== --- sys/kern/kern_netstack.c (revision 0) +++ sys/kern/kern_netstack.c (revision 0) @@ -0,0 +1,131 @@ +/*- + * Copyright (c) 2012, Juniper Networks, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the author nor the names of any co-contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "netstack_if.h" + +static kobj_method_t netstack_null_methods[] = { + KOBJMETHOD_END +}; +DEFINE_CLASS_0(netstack_null, netstack_null_class, netstack_null_methods, 0); +struct netstack netstack_null; + +MALLOC_DEFINE(M_NETSTACK, "netstack", "network stack"); + +netstack_t curnetstack = &netstack_null; + +static void netstack_init(void *); + +int +netstack_register(netstack_t stack) +{ + + if (stack == NULL) + return (EINVAL); + + if (curnetstack != &netstack_null) { +#ifdef INVARIANTS + printf("%s: stack %s already registered, cannot " + "register another\n", __func__, + curnetstack->ns_class->name); +#endif + return (EEXIST); + } + + curnetstack = stack; + return (0); +} + +netstack_t +netstack_create(netstack_class_t nc) +{ + netstack_t nstack; + + nstack = (netstack_t) kobj_create((kobj_class_t)nc, M_NETSTACK, + M_WAITOK); + if (nstack == NULL) + return (NULL); + nstack->ns_class = nc; + return (nstack); +} + +int +netstack_module_handler(module_t mod, int what, void *arg) +{ + struct netstack_module_data *nmd; + netstack_class_t netstack_class; + struct netstack *nstack; + int error; + + nmd = (struct netstack_module_data *)arg; + + switch (what) { + case MOD_LOAD: + /* Compile the netstack's methods */ + netstack_class = nmd->nmd_class; + kobj_class_compile((kobj_class_t) netstack_class); + + /* Create an instance of the netstack and register it */ + nstack = netstack_create(netstack_class); + if (nstack == NULL) { + error = ENOMEM; + break; + } + error = netstack_register(nstack); + break; + + default: + error = EOPNOTSUPP; + break; + } + + return (error); +} + +static void +netstack_init(void *arg __unused) +{ + + kobj_init((kobj_t) &netstack_null, &netstack_null_class); +} +SYSINIT(netstack, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, netstack_init, NULL); + Index: sys/kern/kern_prot.c =================================================================== --- sys/kern/kern_prot.c (revision 239685) +++ sys/kern/kern_prot.c (working copy) @@ -76,11 +76,6 @@ FEATURE(regression, "Kernel support for interfaces necessary for regression testing (SECURITY RISK!)"); #endif -#if defined(INET) || defined(INET6) -#include -#include -#endif - #include #include @@ -1340,8 +1335,8 @@ SYSCTL_INT(_security_bsd, OID_AUTO, see_other_uids * References: *u1 and *u2 must not change during the call * u1 may equal u2, in which case only one reference is required */ -static int -cr_seeotheruids(struct ucred *u1, struct ucred *u2) +int +cr_canseeotheruids(struct ucred *u1, struct ucred *u2) { if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { @@ -1370,8 +1365,8 @@ SYSCTL_INT(_security_bsd, OID_AUTO, see_other_gids * References: *u1 and *u2 must not change during the call * u1 may equal u2, in which case only one reference is required */ -static int -cr_seeothergids(struct ucred *u1, struct ucred *u2) +int +cr_canseeothergids(struct ucred *u1, struct ucred *u2) { int i, match; @@ -1409,9 +1404,9 @@ cr_cansee(struct ucred *u1, struct ucred *u2) if ((error = mac_cred_check_visible(u1, u2))) return (error); #endif - if ((error = cr_seeotheruids(u1, u2))) + if ((error = cr_canseeotheruids(u1, u2))) return (error); - if ((error = cr_seeothergids(u1, u2))) + if ((error = cr_canseeothergids(u1, u2))) return (error); return (0); } @@ -1470,9 +1465,9 @@ cr_cansignal(struct ucred *cred, struct proc *proc if ((error = mac_proc_check_signal(cred, proc, signum))) return (error); #endif - if ((error = cr_seeotheruids(cred, proc->p_ucred))) + if ((error = cr_canseeotheruids(cred, proc->p_ucred))) return (error); - if ((error = cr_seeothergids(cred, proc->p_ucred))) + if ((error = cr_canseeothergids(cred, proc->p_ucred))) return (error); /* @@ -1587,9 +1582,9 @@ p_cansched(struct thread *td, struct proc *p) if ((error = mac_proc_check_sched(td->td_ucred, p))) return (error); #endif - if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) + if ((error = cr_canseeotheruids(td->td_ucred, p->p_ucred))) return (error); - if ((error = cr_seeothergids(td->td_ucred, p->p_ucred))) + if ((error = cr_canseeothergids(td->td_ucred, p->p_ucred))) return (error); if (td->td_ucred->cr_ruid != p->p_ucred->cr_ruid && td->td_ucred->cr_uid != p->p_ucred->cr_ruid) { @@ -1644,9 +1639,9 @@ p_candebug(struct thread *td, struct proc *p) if ((error = mac_proc_check_debug(td->td_ucred, p))) return (error); #endif - if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) + if ((error = cr_canseeotheruids(td->td_ucred, p->p_ucred))) return (error); - if ((error = cr_seeothergids(td->td_ucred, p->p_ucred))) + if ((error = cr_canseeothergids(td->td_ucred, p->p_ucred))) return (error); /* @@ -1731,43 +1726,15 @@ cr_canseesocket(struct ucred *cred, struct socket if (error) return (error); #endif - if (cr_seeotheruids(cred, so->so_cred)) + if (cr_canseeotheruids(cred, so->so_cred)) return (ENOENT); - if (cr_seeothergids(cred, so->so_cred)) + if (cr_canseeothergids(cred, so->so_cred)) return (ENOENT); return (0); } -#if defined(INET) || defined(INET6) /*- - * Determine whether the subject represented by cred can "see" a socket. - * Returns: 0 for permitted, ENOENT otherwise. - */ -int -cr_canseeinpcb(struct ucred *cred, struct inpcb *inp) -{ - int error; - - error = prison_check(cred, inp->inp_cred); - if (error) - return (ENOENT); -#ifdef MAC - INP_LOCK_ASSERT(inp); - error = mac_inpcb_check_visible(cred, inp); - if (error) - return (error); -#endif - if (cr_seeotheruids(cred, inp->inp_cred)) - return (ENOENT); - if (cr_seeothergids(cred, inp->inp_cred)) - return (ENOENT); - - return (0); -} -#endif - -/*- * Determine whether td can wait for the exit of p. * Returns: 0 for permitted, an errno value otherwise * Locks: Sufficient locks to protect various components of td and p @@ -1791,7 +1758,7 @@ p_canwait(struct thread *td, struct proc *p) #endif #if 0 /* XXXMAC: This could have odd effects on some shells. */ - if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) + if ((error = cr_canseeotheruids(td->td_ucred, p->p_ucred))) return (error); #endif Index: sys/kern/kern_uuid.c =================================================================== --- sys/kern/kern_uuid.c (revision 239685) +++ sys/kern/kern_uuid.c (working copy) @@ -1,5 +1,6 @@ /*- * Copyright (c) 2002 Marcel Moolenaar + * Copyright (c) 2012, Juniper Networks, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -72,49 +73,36 @@ struct uuid_private { CTASSERT(sizeof(struct uuid_private) == 16); static struct uuid_private uuid_last; +static STAILQ_HEAD(, uuid_source) uuid_sources = + STAILQ_HEAD_INITIALIZER(uuid_sources); static struct mtx uuid_mutex; MTX_SYSINIT(uuid_lock, &uuid_mutex, "UUID generator mutex lock", MTX_DEF); /* - * Return the first MAC address we encounter or, if none was found, - * construct a sufficiently random multicast address. We don't try - * to return the same MAC address as previously returned. We always - * generate a new multicast address if no MAC address exists in the - * system. - * It would be nice to know if 'ifnet' or any of its sub-structures - * has been changed in any way. If not, we could simply skip the - * scan and safely return the MAC address we returned before. + * Return the first node succesfully generated by a UUID source, or, + * if none was found, construct a sufficiently random multicast + * address. We don't try * to return the same MAC address as + * previously returned. We always generate a new multicast address + * if no UUID source exists in the system. + * It would be nice to know if any UUID source data has been changed + * in any way. If not, we could simply skip the scan and safely return + * the MAC address we returned before. */ static void uuid_node(uint16_t *node) { - struct ifnet *ifp; - struct ifaddr *ifa; - struct sockaddr_dl *sdl; - int i; + struct uuid_source *src; + int error, i; CURVNET_SET(TD_TO_VNET(curthread)); - IFNET_RLOCK_NOSLEEP(); - TAILQ_FOREACH(ifp, &V_ifnet, if_link) { - /* Walk the address list */ - IF_ADDR_RLOCK(ifp); - TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { - sdl = (struct sockaddr_dl*)ifa->ifa_addr; - if (sdl != NULL && sdl->sdl_family == AF_LINK && - sdl->sdl_type == IFT_ETHER) { - /* Got a MAC address. */ - bcopy(LLADDR(sdl), node, UUID_NODE_LEN); - IF_ADDR_RUNLOCK(ifp); - IFNET_RUNLOCK_NOSLEEP(); - CURVNET_RESTORE(); - return; - } + STAILQ_FOREACH(src, &uuid_sources, link) { + error = (*(src->get_uuid))(node, UUID_NODE_LEN); + if (error == 0) { + CURVNET_RESTORE(); + return; } - IF_ADDR_RUNLOCK(ifp); } - IFNET_RUNLOCK_NOSLEEP(); - for (i = 0; i < (UUID_NODE_LEN>>1); i++) node[i] = (uint16_t)arc4random(); *((uint8_t*)node) |= 0x01; @@ -139,6 +127,26 @@ uuid_time(void) return (time & ((1LL << 60) - 1LL)); } +void +uuid_source_register(void *arg) +{ + struct uuid_source *src = arg; + + mtx_lock(&uuid_mutex); + STAILQ_INSERT_TAIL(&uuid_sources, src, link); + mtx_unlock(&uuid_mutex); +} + +void +uuid_source_unregister(void *arg) +{ + struct uuid_source *src = arg; + + mtx_lock(&uuid_mutex); + STAILQ_REMOVE(&uuid_sources, src, uuid_source, link); + mtx_unlock(&uuid_mutex); +} + struct uuid * kern_uuidgen(struct uuid *store, size_t count) { Index: sys/kern/netstack_if.m =================================================================== --- sys/kern/netstack_if.m (revision 0) +++ sys/kern/netstack_if.m (revision 0) @@ -0,0 +1,67 @@ +#- +# Copyright (c) 2012, Juniper Networks, Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# $FreeBSD$ +# + +#include +#include +#include +#include +#include + +INTERFACE netstack; + +METHOD void socreate { + netstack_t nstack; + struct socket* so; + struct protosw* prp; + struct ucred* cred; + struct thread* td; +}; + +METHOD int vfs_export { + netstack_t nstack; + struct mount* mp; + struct export_args* argp; +}; + +METHOD int vfs_setpublicfs { + netstack_t nstack; + struct mount* mp; + struct netexport* nep; + struct export_args* argp; +}; + +METHOD int vfs_stdcheckexp { + netstack_t nstack; + struct mount* mp; + struct sockaddr* nam; + int* extflagsp; + struct ucred** credanonp; + int* numsecflavors; + int** secflavors; +}; + Index: sys/kern/sys_socket.c =================================================================== --- sys/kern/sys_socket.c (revision 239685) +++ sys/kern/sys_socket.c (working copy) @@ -1,6 +1,8 @@ /*- * Copyright (c) 1982, 1986, 1990, 1993 - * The Regents of the University of California. All rights reserved. + * The Regents of the University of California. + * Copyright (c) 2012, Juniper Networks, Inc. + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -36,6 +38,9 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include +#include +#include #include #include #include @@ -69,6 +74,73 @@ struct fileops socketops = { .fo_flags = DFLAG_PASSABLE }; +struct socket_iocgroup *so_iocgroups; +int so_iocgroup_init_status; +static struct mtx soiocg_mtx; +MTX_SYSINIT(soiocg, &soiocg_mtx, "socket ioctl groups", MTX_DEF); + +static void so_iocgroupinit(void *); +SYSINIT(so_iocgroup, SI_SUB_PROTO_DOMAININIT, SI_ORDER_ANY, so_iocgroupinit, + NULL); + +static void so_iocgroupfinalize(void *); +SYSINIT(so_iocgroupfin, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_FIRST, + so_iocgroupfinalize, NULL); + +void +so_iocgroup_add(void *data) +{ + struct socket_iocgroup *gp; + + gp = (struct socket_iocgroup *)data; + mtx_lock(&soiocg_mtx); + gp->soiocg_next = so_iocgroups; + so_iocgroups = gp; + + KASSERT(so_iocgroup_init_status >= 1, + ("attempt to so_iocgroup_add(%c) before so_iocgroupinit()", + gp->soiocg_group)); +#ifndef INVARIANTS + if (so_iocgroup_init_status < 1) + printf("WARNING: attempt to so_iocgroup_add(%c) before " + "so_iocgroupinit()\n", gp->soiocg_group); +#endif +#ifdef notyet + KASSERT(so_iocgroup_init_status < 2, + ("attempt to so_iocgroup_add(%c) after so_iocgroupfinalize()", + gp->soiocg_group)); +#else + if (so_iocgroup_init_status >= 2) + printf("WARNING: attempt to so_iocgroup_add(%c) after " + "so_iocgroupfinalize()\n", gp->soiocg_group); +#endif + mtx_unlock(&soiocg_mtx); +} + +/* ARGSUSED*/ +static void +so_iocgroupinit(void *dummy) +{ + + mtx_lock(&soiocg_mtx); + KASSERT(so_iocgroup_init_status == 0, + ("so_iocgroupinit called too late!")); + so_iocgroup_init_status = 1; + mtx_unlock(&soiocg_mtx); +} + +/* ARGSUSED*/ +static void +so_iocgroupfinalize(void *dummy) +{ + + mtx_lock(&soiocg_mtx); + KASSERT(so_iocgroup_init_status == 1, + ("so_iocgroupfinalize called too late!")); + so_iocgroup_init_status = 2; + mtx_unlock(&soiocg_mtx); +} + /* ARGSUSED */ int soo_read(struct file *fp, struct uio *uio, struct ucred *active_cred, @@ -121,6 +193,7 @@ soo_ioctl(struct file *fp, u_long cmd, void *data, struct thread *td) { struct socket *so = fp->f_data; + struct socket_iocgroup *soiocg; int error = 0; switch (cmd) { @@ -207,14 +280,14 @@ soo_ioctl(struct file *fp, u_long cmd, void *data, * routing ioctls should have a different entry since a * socket is unnecessary. */ - if (IOCGROUP(cmd) == 'i') - error = ifioctl(so, cmd, data, td); - else if (IOCGROUP(cmd) == 'r') { + for (soiocg = so_iocgroups; soiocg; + soiocg = soiocg->soiocg_next) + if (soiocg->soiocg_group == IOCGROUP(cmd)) + break; + if (soiocg && soiocg->soiocg_ioctl) + error = ((*soiocg->soiocg_ioctl)(so, cmd, data, td)); + else { CURVNET_SET(so->so_vnet); - error = rtioctl_fib(cmd, data, so->so_fibnum); - CURVNET_RESTORE(); - } else { - CURVNET_SET(so->so_vnet); error = ((*so->so_proto->pr_usrreqs->pru_control) (so, cmd, data, 0, td)); CURVNET_RESTORE(); Index: sys/kern/uipc_accf.c =================================================================== --- sys/kern/uipc_accf.c (revision 239685) +++ sys/kern/uipc_accf.c (working copy) @@ -60,9 +60,8 @@ MALLOC_DEFINE(M_ACCF, "accf", "accept filter data" static int unloadable = 0; -SYSCTL_DECL(_net_inet); /* XXX: some header should do this for me */ -SYSCTL_NODE(_net_inet, OID_AUTO, accf, CTLFLAG_RW, 0, "Accept filters"); -SYSCTL_INT(_net_inet_accf, OID_AUTO, unloadable, CTLFLAG_RW, &unloadable, 0, +SYSCTL_NODE(_net, OID_AUTO, accf, CTLFLAG_RW, 0, "Accept filters"); +SYSCTL_INT(_net_accf, OID_AUTO, unloadable, CTLFLAG_RW, &unloadable, 0, "Allow unload of accept filters (not recommended)"); /* Index: sys/kern/uipc_socket.c =================================================================== --- sys/kern/uipc_socket.c (revision 239685) +++ sys/kern/uipc_socket.c (working copy) @@ -135,6 +135,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include @@ -148,6 +149,8 @@ __FBSDID("$FreeBSD$"); #include #endif +#include "netstack_if.h" + static int soreceive_rcvoob(struct socket *so, struct uio *uio, int flags); @@ -341,11 +344,9 @@ sodealloc(struct socket *so) if (so->so_snd.sb_hiwat) (void)chgsbsize(so->so_cred->cr_uidinfo, &so->so_snd.sb_hiwat, 0, RLIM_INFINITY); -#ifdef INET /* remove acccept filter if one is present. */ if (so->so_accf != NULL) do_setopt_accept_filter(so, NULL); -#endif #ifdef MAC mac_socket_destroy(so); #endif @@ -391,13 +392,8 @@ socreate(int dom, struct socket **aso, int type, i TAILQ_INIT(&so->so_comp); so->so_type = type; so->so_cred = crhold(cred); - if ((prp->pr_domain->dom_family == PF_INET) || - (prp->pr_domain->dom_family == PF_INET6) || - (prp->pr_domain->dom_family == PF_ROUTE)) - so->so_fibnum = td->td_proc->p_fibnum; - else - so->so_fibnum = 0; so->so_proto = prp; + NETSTACK_SOCREATE(curnetstack, so, prp, cred, td); #ifdef MAC mac_socket_create(cred, so); #endif @@ -2455,13 +2451,12 @@ sosetopt(struct socket *so, struct sockopt *sopt) error = ENOPROTOOPT; } else { switch (sopt->sopt_name) { -#ifdef INET case SO_ACCEPTFILTER: error = do_setopt_accept_filter(so, sopt); if (error) goto bad; break; -#endif + case SO_LINGER: error = sooptcopyin(sopt, &l, sizeof l, sizeof l); if (error) @@ -2501,24 +2496,6 @@ sosetopt(struct socket *so, struct sockopt *sopt) SOCK_UNLOCK(so); break; - case SO_SETFIB: - error = sooptcopyin(sopt, &optval, sizeof optval, - sizeof optval); - if (error) - goto bad; - - if (optval < 0 || optval >= rt_numfibs) { - error = EINVAL; - goto bad; - } - if (((so->so_proto->pr_domain->dom_family == PF_INET) || - (so->so_proto->pr_domain->dom_family == PF_INET6) || - (so->so_proto->pr_domain->dom_family == PF_ROUTE))) - so->so_fibnum = optval; - else - so->so_fibnum = 0; - break; - case SO_USER_COOKIE: error = sooptcopyin(sopt, &val32, sizeof val32, sizeof val32); @@ -2635,6 +2612,16 @@ sosetopt(struct socket *so, struct sockopt *sopt) #endif break; + case SO_SETFIB: + /* Let the protocol-specific ctloutput handle it */ + if (so->so_proto->pr_ctloutput != NULL) { + error = (*so->so_proto->pr_ctloutput)(so, + sopt); + CURVNET_RESTORE(); + return (error); + } + + /* Fall through */ default: error = ENOPROTOOPT; break; @@ -2698,11 +2685,10 @@ sogetopt(struct socket *so, struct sockopt *sopt) return (error); } else { switch (sopt->sopt_name) { -#ifdef INET case SO_ACCEPTFILTER: error = do_getopt_accept_filter(so, sopt); break; -#endif + case SO_LINGER: SOCK_LOCK(so); l.l_onoff = so->so_options & SO_LINGER; Index: sys/kern/uipc_syscalls.c =================================================================== --- sys/kern/uipc_syscalls.c (revision 239685) +++ sys/kern/uipc_syscalls.c (working copy) @@ -38,7 +38,6 @@ __FBSDID("$FreeBSD$"); #include "opt_capsicum.h" #include "opt_inet.h" #include "opt_inet6.h" -#include "opt_sctp.h" #include "opt_compat.h" #include "opt_ktrace.h" @@ -89,13 +88,6 @@ __FBSDID("$FreeBSD$"); #include #include -#if defined(INET) || defined(INET6) -#ifdef SCTP -#include -#include -#endif /* SCTP */ -#endif /* INET || INET6 */ - static int sendit(struct thread *td, int s, struct msghdr *mp, int flags); static int recvit(struct thread *td, int s, struct msghdr *mp, void *namelenp); @@ -125,7 +117,7 @@ SYSCTL_INT(_kern_ipc, OID_AUTO, nsfbufsused, CTLFL * it is a capability, the right rights are present. A reference on the file * entry is held upon returning. */ -static int +int getsock_cap(struct filedesc *fdp, int fd, cap_rights_t rights, struct file **fpp, u_int *fflagp) { @@ -2296,490 +2288,3 @@ out: return (error); } -/* - * SCTP syscalls. - * Functionality only compiled in if SCTP is defined in the kernel Makefile, - * otherwise all return EOPNOTSUPP. - * XXX: We should make this loadable one day. - */ -int -sys_sctp_peeloff(td, uap) - struct thread *td; - struct sctp_peeloff_args /* { - int sd; - caddr_t name; - } */ *uap; -{ -#if (defined(INET) || defined(INET6)) && defined(SCTP) - struct file *nfp = NULL; - int error; - struct socket *head, *so; - int fd; - u_int fflag; - - AUDIT_ARG_FD(uap->sd); - error = fgetsock(td, uap->sd, CAP_PEELOFF, &head, &fflag); - if (error) - goto done2; - if (head->so_proto->pr_protocol != IPPROTO_SCTP) { - error = EOPNOTSUPP; - goto done; - } - error = sctp_can_peel_off(head, (sctp_assoc_t)uap->name); - if (error) - goto done; - /* - * At this point we know we do have a assoc to pull - * we proceed to get the fd setup. This may block - * but that is ok. - */ - - error = falloc(td, &nfp, &fd, 0); - if (error) - goto done; - td->td_retval[0] = fd; - - CURVNET_SET(head->so_vnet); - so = sonewconn(head, SS_ISCONNECTED); - if (so == NULL) - goto noconnection; - /* - * Before changing the flags on the socket, we have to bump the - * reference count. Otherwise, if the protocol calls sofree(), - * the socket will be released due to a zero refcount. - */ - SOCK_LOCK(so); - soref(so); /* file descriptor reference */ - SOCK_UNLOCK(so); - - ACCEPT_LOCK(); - - TAILQ_REMOVE(&head->so_comp, so, so_list); - head->so_qlen--; - so->so_state |= (head->so_state & SS_NBIO); - so->so_state &= ~SS_NOFDREF; - so->so_qstate &= ~SQ_COMP; - so->so_head = NULL; - ACCEPT_UNLOCK(); - finit(nfp, fflag, DTYPE_SOCKET, so, &socketops); - error = sctp_do_peeloff(head, so, (sctp_assoc_t)uap->name); - if (error) - goto noconnection; - if (head->so_sigio != NULL) - fsetown(fgetown(&head->so_sigio), &so->so_sigio); - -noconnection: - /* - * close the new descriptor, assuming someone hasn't ripped it - * out from under us. - */ - if (error) - fdclose(td->td_proc->p_fd, nfp, fd, td); - - /* - * Release explicitly held references before returning. - */ - CURVNET_RESTORE(); -done: - if (nfp != NULL) - fdrop(nfp, td); - fputsock(head); -done2: - return (error); -#else /* SCTP */ - return (EOPNOTSUPP); -#endif /* SCTP */ -} - -int -sys_sctp_generic_sendmsg (td, uap) - struct thread *td; - struct sctp_generic_sendmsg_args /* { - int sd, - caddr_t msg, - int mlen, - caddr_t to, - __socklen_t tolen, - struct sctp_sndrcvinfo *sinfo, - int flags - } */ *uap; -{ -#if (defined(INET) || defined(INET6)) && defined(SCTP) - struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL; - struct socket *so; - struct file *fp = NULL; - int error = 0, len; - struct sockaddr *to = NULL; -#ifdef KTRACE - struct uio *ktruio = NULL; -#endif - struct uio auio; - struct iovec iov[1]; - cap_rights_t rights; - - if (uap->sinfo) { - error = copyin(uap->sinfo, &sinfo, sizeof (sinfo)); - if (error) - return (error); - u_sinfo = &sinfo; - } - - rights = CAP_WRITE; - if (uap->tolen) { - error = getsockaddr(&to, uap->to, uap->tolen); - if (error) { - to = NULL; - goto sctp_bad2; - } - rights |= CAP_CONNECT; - } - - AUDIT_ARG_FD(uap->sd); - error = getsock_cap(td->td_proc->p_fd, uap->sd, rights, &fp, NULL); - if (error) - goto sctp_bad; -#ifdef KTRACE - if (to && (KTRPOINT(td, KTR_STRUCT))) - ktrsockaddr(to); -#endif - - iov[0].iov_base = uap->msg; - iov[0].iov_len = uap->mlen; - - so = (struct socket *)fp->f_data; - if (so->so_proto->pr_protocol != IPPROTO_SCTP) { - error = EOPNOTSUPP; - goto sctp_bad; - } -#ifdef MAC - error = mac_socket_check_send(td->td_ucred, so); - if (error) - goto sctp_bad; -#endif /* MAC */ - - auio.uio_iov = iov; - auio.uio_iovcnt = 1; - auio.uio_segflg = UIO_USERSPACE; - auio.uio_rw = UIO_WRITE; - auio.uio_td = td; - auio.uio_offset = 0; /* XXX */ - auio.uio_resid = 0; - len = auio.uio_resid = uap->mlen; - CURVNET_SET(so->so_vnet); - error = sctp_lower_sosend(so, to, &auio, - (struct mbuf *)NULL, (struct mbuf *)NULL, - uap->flags, u_sinfo, td); - CURVNET_RESTORE(); - if (error) { - if (auio.uio_resid != len && (error == ERESTART || - error == EINTR || error == EWOULDBLOCK)) - error = 0; - /* Generation of SIGPIPE can be controlled per socket. */ - if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) && - !(uap->flags & MSG_NOSIGNAL)) { - PROC_LOCK(td->td_proc); - tdsignal(td, SIGPIPE); - PROC_UNLOCK(td->td_proc); - } - } - if (error == 0) - td->td_retval[0] = len - auio.uio_resid; -#ifdef KTRACE - if (ktruio != NULL) { - ktruio->uio_resid = td->td_retval[0]; - ktrgenio(uap->sd, UIO_WRITE, ktruio, error); - } -#endif /* KTRACE */ -sctp_bad: - if (fp) - fdrop(fp, td); -sctp_bad2: - if (to) - free(to, M_SONAME); - return (error); -#else /* SCTP */ - return (EOPNOTSUPP); -#endif /* SCTP */ -} - -int -sys_sctp_generic_sendmsg_iov(td, uap) - struct thread *td; - struct sctp_generic_sendmsg_iov_args /* { - int sd, - struct iovec *iov, - int iovlen, - caddr_t to, - __socklen_t tolen, - struct sctp_sndrcvinfo *sinfo, - int flags - } */ *uap; -{ -#if (defined(INET) || defined(INET6)) && defined(SCTP) - struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL; - struct socket *so; - struct file *fp = NULL; - int error=0, i; - ssize_t len; - struct sockaddr *to = NULL; -#ifdef KTRACE - struct uio *ktruio = NULL; -#endif - struct uio auio; - struct iovec *iov, *tiov; - cap_rights_t rights; - - if (uap->sinfo) { - error = copyin(uap->sinfo, &sinfo, sizeof (sinfo)); - if (error) - return (error); - u_sinfo = &sinfo; - } - rights = CAP_WRITE; - if (uap->tolen) { - error = getsockaddr(&to, uap->to, uap->tolen); - if (error) { - to = NULL; - goto sctp_bad2; - } - rights |= CAP_CONNECT; - } - - AUDIT_ARG_FD(uap->sd); - error = getsock_cap(td->td_proc->p_fd, uap->sd, rights, &fp, NULL); - if (error) - goto sctp_bad1; - -#ifdef COMPAT_FREEBSD32 - if (SV_CURPROC_FLAG(SV_ILP32)) - error = freebsd32_copyiniov((struct iovec32 *)uap->iov, - uap->iovlen, &iov, EMSGSIZE); - else -#endif - error = copyiniov(uap->iov, uap->iovlen, &iov, EMSGSIZE); - if (error) - goto sctp_bad1; -#ifdef KTRACE - if (to && (KTRPOINT(td, KTR_STRUCT))) - ktrsockaddr(to); -#endif - - so = (struct socket *)fp->f_data; - if (so->so_proto->pr_protocol != IPPROTO_SCTP) { - error = EOPNOTSUPP; - goto sctp_bad; - } -#ifdef MAC - error = mac_socket_check_send(td->td_ucred, so); - if (error) - goto sctp_bad; -#endif /* MAC */ - - auio.uio_iov = iov; - auio.uio_iovcnt = uap->iovlen; - auio.uio_segflg = UIO_USERSPACE; - auio.uio_rw = UIO_WRITE; - auio.uio_td = td; - auio.uio_offset = 0; /* XXX */ - auio.uio_resid = 0; - tiov = iov; - for (i = 0; i iovlen; i++, tiov++) { - if ((auio.uio_resid += tiov->iov_len) < 0) { - error = EINVAL; - goto sctp_bad; - } - } - len = auio.uio_resid; - CURVNET_SET(so->so_vnet); - error = sctp_lower_sosend(so, to, &auio, - (struct mbuf *)NULL, (struct mbuf *)NULL, - uap->flags, u_sinfo, td); - CURVNET_RESTORE(); - if (error) { - if (auio.uio_resid != len && (error == ERESTART || - error == EINTR || error == EWOULDBLOCK)) - error = 0; - /* Generation of SIGPIPE can be controlled per socket */ - if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) && - !(uap->flags & MSG_NOSIGNAL)) { - PROC_LOCK(td->td_proc); - tdsignal(td, SIGPIPE); - PROC_UNLOCK(td->td_proc); - } - } - if (error == 0) - td->td_retval[0] = len - auio.uio_resid; -#ifdef KTRACE - if (ktruio != NULL) { - ktruio->uio_resid = td->td_retval[0]; - ktrgenio(uap->sd, UIO_WRITE, ktruio, error); - } -#endif /* KTRACE */ -sctp_bad: - free(iov, M_IOV); -sctp_bad1: - if (fp) - fdrop(fp, td); -sctp_bad2: - if (to) - free(to, M_SONAME); - return (error); -#else /* SCTP */ - return (EOPNOTSUPP); -#endif /* SCTP */ -} - -int -sys_sctp_generic_recvmsg(td, uap) - struct thread *td; - struct sctp_generic_recvmsg_args /* { - int sd, - struct iovec *iov, - int iovlen, - struct sockaddr *from, - __socklen_t *fromlenaddr, - struct sctp_sndrcvinfo *sinfo, - int *msg_flags - } */ *uap; -{ -#if (defined(INET) || defined(INET6)) && defined(SCTP) - uint8_t sockbufstore[256]; - struct uio auio; - struct iovec *iov, *tiov; - struct sctp_sndrcvinfo sinfo; - struct socket *so; - struct file *fp = NULL; - struct sockaddr *fromsa; - int fromlen; - ssize_t len; - int i, msg_flags; - int error = 0; -#ifdef KTRACE - struct uio *ktruio = NULL; -#endif - - AUDIT_ARG_FD(uap->sd); - error = getsock_cap(td->td_proc->p_fd, uap->sd, CAP_READ, &fp, NULL); - if (error) { - return (error); - } -#ifdef COMPAT_FREEBSD32 - if (SV_CURPROC_FLAG(SV_ILP32)) - error = freebsd32_copyiniov((struct iovec32 *)uap->iov, - uap->iovlen, &iov, EMSGSIZE); - else -#endif - error = copyiniov(uap->iov, uap->iovlen, &iov, EMSGSIZE); - if (error) - goto out1; - - so = fp->f_data; - if (so->so_proto->pr_protocol != IPPROTO_SCTP) { - error = EOPNOTSUPP; - goto out; - } -#ifdef MAC - error = mac_socket_check_receive(td->td_ucred, so); - if (error) { - goto out; - } -#endif /* MAC */ - - if (uap->fromlenaddr) { - error = copyin(uap->fromlenaddr, - &fromlen, sizeof (fromlen)); - if (error) { - goto out; - } - } else { - fromlen = 0; - } - if (uap->msg_flags) { - error = copyin(uap->msg_flags, &msg_flags, sizeof (int)); - if (error) { - goto out; - } - } else { - msg_flags = 0; - } - auio.uio_iov = iov; - auio.uio_iovcnt = uap->iovlen; - auio.uio_segflg = UIO_USERSPACE; - auio.uio_rw = UIO_READ; - auio.uio_td = td; - auio.uio_offset = 0; /* XXX */ - auio.uio_resid = 0; - tiov = iov; - for (i = 0; i iovlen; i++, tiov++) { - if ((auio.uio_resid += tiov->iov_len) < 0) { - error = EINVAL; - goto out; - } - } - len = auio.uio_resid; - fromsa = (struct sockaddr *)sockbufstore; - -#ifdef KTRACE - if (KTRPOINT(td, KTR_GENIO)) - ktruio = cloneuio(&auio); -#endif /* KTRACE */ - memset(&sinfo, 0, sizeof(struct sctp_sndrcvinfo)); - CURVNET_SET(so->so_vnet); - error = sctp_sorecvmsg(so, &auio, (struct mbuf **)NULL, - fromsa, fromlen, &msg_flags, - (struct sctp_sndrcvinfo *)&sinfo, 1); - CURVNET_RESTORE(); - if (error) { - if (auio.uio_resid != len && (error == ERESTART || - error == EINTR || error == EWOULDBLOCK)) - error = 0; - } else { - if (uap->sinfo) - error = copyout(&sinfo, uap->sinfo, sizeof (sinfo)); - } -#ifdef KTRACE - if (ktruio != NULL) { - ktruio->uio_resid = len - auio.uio_resid; - ktrgenio(uap->sd, UIO_READ, ktruio, error); - } -#endif /* KTRACE */ - if (error) - goto out; - td->td_retval[0] = len - auio.uio_resid; - - if (fromlen && uap->from) { - len = fromlen; - if (len <= 0 || fromsa == 0) - len = 0; - else { - len = MIN(len, fromsa->sa_len); - error = copyout(fromsa, uap->from, (size_t)len); - if (error) - goto out; - } - error = copyout(&len, uap->fromlenaddr, sizeof (socklen_t)); - if (error) { - goto out; - } - } -#ifdef KTRACE - if (KTRPOINT(td, KTR_STRUCT)) - ktrsockaddr(fromsa); -#endif - if (uap->msg_flags) { - error = copyout(&msg_flags, uap->msg_flags, sizeof (int)); - if (error) { - goto out; - } - } -out: - free(iov, M_IOV); -out1: - if (fp) - fdrop(fp, td); - - return (error); -#else /* SCTP */ - return (EOPNOTSUPP); -#endif /* SCTP */ -} Index: sys/kern/vfs_default.c =================================================================== --- sys/kern/vfs_default.c (revision 239685) +++ sys/kern/vfs_default.c (working copy) @@ -49,6 +49,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -66,6 +67,8 @@ __FBSDID("$FreeBSD$"); #include #include +#include "netstack_if.h" + static int vop_nolookup(struct vop_lookup_args *); static int vop_norename(struct vop_rename_args *); static int vop_nostrategy(struct vop_strategy_args *); @@ -1215,4 +1218,13 @@ vfs_stdsysctl(mp, op, req) return (EOPNOTSUPP); } +int +vfs_stdcheckexp(struct mount *mp, struct sockaddr *nam, int *extflagsp, + struct ucred **credanonp, int *numsecflavors, int **secflavors) +{ + + return (NETSTACK_VFS_STDCHECKEXP(curnetstack, mp, nam, extflagsp, + credanonp, numsecflavors, secflavors)); +} + /* end of vfs default ops */ Index: sys/kern/vfs_export.c =================================================================== --- sys/kern/vfs_export.c (revision 239685) +++ sys/kern/vfs_export.c (working copy) @@ -1,7 +1,9 @@ /*- * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. + * The Regents of the University of California. * (c) UNIX System Laboratories, Inc. + * Copyright (c) 2012, Juniper Networks, Inc. + * All rights reserved. * All or some portions of this file are derived from material licensed * to the University of California by American Telephone and Telegraph * Co. or Unix System Laboratories, Inc. and are reproduced herein with @@ -38,231 +40,14 @@ __FBSDID("$FreeBSD$"); #include -#include -#include -#include #include -#include -#include -#include #include -#include -#include -#include -#include +#include #include -#include -#include +#include "netstack_if.h" -static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure"); - -static void vfs_free_addrlist(struct netexport *nep); -static int vfs_free_netcred(struct radix_node *rn, void *w); -static int vfs_hang_addrlist(struct mount *mp, struct netexport *nep, - struct export_args *argp); -static struct netcred *vfs_export_lookup(struct mount *, struct sockaddr *); - /* - * Network address lookup element - */ -struct netcred { - struct radix_node netc_rnodes[2]; - int netc_exflags; - struct ucred *netc_anon; - int netc_numsecflavors; - int netc_secflavors[MAXSECFLAVORS]; -}; - -/* - * Network export information - */ -struct netexport { - struct netcred ne_defexported; /* Default export */ - struct radix_node_head *ne_rtable[AF_MAX+1]; /* Individual exports */ -}; - -/* - * Build hash lists of net addresses and hang them off the mount point. - * Called by vfs_export() to set up the lists of export addresses. - */ -static int -vfs_hang_addrlist(struct mount *mp, struct netexport *nep, - struct export_args *argp) -{ - register struct netcred *np; - register struct radix_node_head *rnh; - register int i; - struct radix_node *rn; - struct sockaddr *saddr, *smask = 0; - struct domain *dom; - int error; - - /* - * XXX: This routine converts from a `struct xucred' - * (argp->ex_anon) to a `struct ucred' (np->netc_anon). This - * operation is questionable; for example, what should be done - * with fields like cr_uidinfo and cr_prison? Currently, this - * routine does not touch them (leaves them as NULL). - */ - if (argp->ex_anon.cr_version != XUCRED_VERSION) { - vfs_mount_error(mp, "ex_anon.cr_version: %d != %d", - argp->ex_anon.cr_version, XUCRED_VERSION); - return (EINVAL); - } - - if (argp->ex_addrlen == 0) { - if (mp->mnt_flag & MNT_DEFEXPORTED) { - vfs_mount_error(mp, - "MNT_DEFEXPORTED already set for mount %p", mp); - return (EPERM); - } - np = &nep->ne_defexported; - np->netc_exflags = argp->ex_flags; - np->netc_anon = crget(); - np->netc_anon->cr_uid = argp->ex_anon.cr_uid; - crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, - argp->ex_anon.cr_groups); - np->netc_anon->cr_prison = &prison0; - prison_hold(np->netc_anon->cr_prison); - np->netc_numsecflavors = argp->ex_numsecflavors; - bcopy(argp->ex_secflavors, np->netc_secflavors, - sizeof(np->netc_secflavors)); - MNT_ILOCK(mp); - mp->mnt_flag |= MNT_DEFEXPORTED; - MNT_IUNLOCK(mp); - return (0); - } - -#if MSIZE <= 256 - if (argp->ex_addrlen > MLEN) { - vfs_mount_error(mp, "ex_addrlen %d is greater than %d", - argp->ex_addrlen, MLEN); - return (EINVAL); - } -#endif - - i = sizeof(struct netcred) + argp->ex_addrlen + argp->ex_masklen; - np = (struct netcred *) malloc(i, M_NETADDR, M_WAITOK | M_ZERO); - saddr = (struct sockaddr *) (np + 1); - if ((error = copyin(argp->ex_addr, saddr, argp->ex_addrlen))) - goto out; - if (saddr->sa_family == AF_UNSPEC || saddr->sa_family > AF_MAX) { - error = EINVAL; - vfs_mount_error(mp, "Invalid saddr->sa_family: %d"); - goto out; - } - if (saddr->sa_len > argp->ex_addrlen) - saddr->sa_len = argp->ex_addrlen; - if (argp->ex_masklen) { - smask = (struct sockaddr *)((caddr_t)saddr + argp->ex_addrlen); - error = copyin(argp->ex_mask, smask, argp->ex_masklen); - if (error) - goto out; - if (smask->sa_len > argp->ex_masklen) - smask->sa_len = argp->ex_masklen; - } - i = saddr->sa_family; - if ((rnh = nep->ne_rtable[i]) == NULL) { - /* - * Seems silly to initialize every AF when most are not used, - * do so on demand here - */ - for (dom = domains; dom; dom = dom->dom_next) { - KASSERT(((i == AF_INET) || (i == AF_INET6)), - ("unexpected protocol in vfs_hang_addrlist")); - if (dom->dom_family == i && dom->dom_rtattach) { - /* - * XXX MRT - * The INET and INET6 domains know the - * offset already. We don't need to send it - * So we just use it as a flag to say that - * we are or are not setting up a real routing - * table. Only IP and IPV6 need have this - * be 0 so all other protocols can stay the - * same (ABI compatible). - */ - dom->dom_rtattach( - (void **) &nep->ne_rtable[i], 0); - break; - } - } - if ((rnh = nep->ne_rtable[i]) == NULL) { - error = ENOBUFS; - vfs_mount_error(mp, "%s %s %d", - "Unable to initialize radix node head ", - "for address family", i); - goto out; - } - } - RADIX_NODE_HEAD_LOCK(rnh); - rn = (*rnh->rnh_addaddr)(saddr, smask, rnh, np->netc_rnodes); - RADIX_NODE_HEAD_UNLOCK(rnh); - if (rn == NULL || np != (struct netcred *)rn) { /* already exists */ - error = EPERM; - vfs_mount_error(mp, "Invalid radix node head, rn: %p %p", - rn, np); - goto out; - } - np->netc_exflags = argp->ex_flags; - np->netc_anon = crget(); - np->netc_anon->cr_uid = argp->ex_anon.cr_uid; - crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, - np->netc_anon->cr_groups); - np->netc_anon->cr_prison = &prison0; - prison_hold(np->netc_anon->cr_prison); - np->netc_numsecflavors = argp->ex_numsecflavors; - bcopy(argp->ex_secflavors, np->netc_secflavors, - sizeof(np->netc_secflavors)); - return (0); -out: - free(np, M_NETADDR); - return (error); -} - -/* Helper for vfs_free_addrlist. */ -/* ARGSUSED */ -static int -vfs_free_netcred(struct radix_node *rn, void *w) -{ - struct radix_node_head *rnh = (struct radix_node_head *) w; - struct ucred *cred; - - (*rnh->rnh_deladdr) (rn->rn_key, rn->rn_mask, rnh); - cred = ((struct netcred *)rn)->netc_anon; - if (cred != NULL) - crfree(cred); - free(rn, M_NETADDR); - return (0); -} - -/* - * Free the net address hash lists that are hanging off the mount points. - */ -static void -vfs_free_addrlist(struct netexport *nep) -{ - int i; - struct radix_node_head *rnh; - struct ucred *cred; - - for (i = 0; i <= AF_MAX; i++) { - if ((rnh = nep->ne_rtable[i])) { - RADIX_NODE_HEAD_LOCK(rnh); - (*rnh->rnh_walktree) (rnh, vfs_free_netcred, rnh); - RADIX_NODE_HEAD_UNLOCK(rnh); - RADIX_NODE_HEAD_DESTROY(rnh); - free(rnh, M_RTABLE); - nep->ne_rtable[i] = NULL; /* not SMP safe XXX */ - } - } - cred = nep->ne_defexported.netc_anon; - if (cred != NULL) - crfree(cred); - -} - -/* * High level function to manipulate export options on a mount point * and the passed in netexport. * Struct export_args *argp is the variable used to twiddle options, @@ -271,67 +56,8 @@ __FBSDID("$FreeBSD$"); int vfs_export(struct mount *mp, struct export_args *argp) { - struct netexport *nep; - int error; - if (argp->ex_numsecflavors < 0 - || argp->ex_numsecflavors >= MAXSECFLAVORS) - return (EINVAL); - - error = 0; - lockmgr(&mp->mnt_explock, LK_EXCLUSIVE, NULL); - nep = mp->mnt_export; - if (argp->ex_flags & MNT_DELEXPORT) { - if (nep == NULL) { - error = ENOENT; - goto out; - } - if (mp->mnt_flag & MNT_EXPUBLIC) { - vfs_setpublicfs(NULL, NULL, NULL); - MNT_ILOCK(mp); - mp->mnt_flag &= ~MNT_EXPUBLIC; - MNT_IUNLOCK(mp); - } - vfs_free_addrlist(nep); - mp->mnt_export = NULL; - free(nep, M_MOUNT); - nep = NULL; - MNT_ILOCK(mp); - mp->mnt_flag &= ~(MNT_EXPORTED | MNT_DEFEXPORTED); - MNT_IUNLOCK(mp); - } - if (argp->ex_flags & MNT_EXPORTED) { - if (nep == NULL) { - nep = malloc(sizeof(struct netexport), M_MOUNT, M_WAITOK | M_ZERO); - mp->mnt_export = nep; - } - if (argp->ex_flags & MNT_EXPUBLIC) { - if ((error = vfs_setpublicfs(mp, nep, argp)) != 0) - goto out; - MNT_ILOCK(mp); - mp->mnt_flag |= MNT_EXPUBLIC; - MNT_IUNLOCK(mp); - } - if ((error = vfs_hang_addrlist(mp, nep, argp))) - goto out; - MNT_ILOCK(mp); - mp->mnt_flag |= MNT_EXPORTED; - MNT_IUNLOCK(mp); - } - -out: - lockmgr(&mp->mnt_explock, LK_RELEASE, NULL); - /* - * Once we have executed the vfs_export() command, we do - * not want to keep the "export" option around in the - * options list, since that will cause subsequent MNT_UPDATE - * calls to fail. The export information is saved in - * mp->mnt_export, so we can safely delete the "export" mount option - * here. - */ - vfs_deleteopt(mp->mnt_optnew, "export"); - vfs_deleteopt(mp->mnt_opt, "export"); - return (error); + return (NETSTACK_VFS_EXPORT(curnetstack, mp, argp)); } /* @@ -342,151 +68,7 @@ int vfs_setpublicfs(struct mount *mp, struct netexport *nep, struct export_args *argp) { - int error; - struct vnode *rvp; - char *cp; - /* - * mp == NULL -> invalidate the current info, the FS is - * no longer exported. May be called from either vfs_export - * or unmount, so check if it hasn't already been done. - */ - if (mp == NULL) { - if (nfs_pub.np_valid) { - nfs_pub.np_valid = 0; - if (nfs_pub.np_index != NULL) { - free(nfs_pub.np_index, M_TEMP); - nfs_pub.np_index = NULL; - } - } - return (0); - } - - /* - * Only one allowed at a time. - */ - if (nfs_pub.np_valid != 0 && mp != nfs_pub.np_mount) - return (EBUSY); - - /* - * Get real filehandle for root of exported FS. - */ - bzero(&nfs_pub.np_handle, sizeof(nfs_pub.np_handle)); - nfs_pub.np_handle.fh_fsid = mp->mnt_stat.f_fsid; - - if ((error = VFS_ROOT(mp, LK_EXCLUSIVE, &rvp))) - return (error); - - if ((error = VOP_VPTOFH(rvp, &nfs_pub.np_handle.fh_fid))) - return (error); - - vput(rvp); - - /* - * If an indexfile was specified, pull it in. - */ - if (argp->ex_indexfile != NULL) { - if (nfs_pub.np_index != NULL) - nfs_pub.np_index = malloc(MAXNAMLEN + 1, M_TEMP, - M_WAITOK); - error = copyinstr(argp->ex_indexfile, nfs_pub.np_index, - MAXNAMLEN, (size_t *)0); - if (!error) { - /* - * Check for illegal filenames. - */ - for (cp = nfs_pub.np_index; *cp; cp++) { - if (*cp == '/') { - error = EINVAL; - break; - } - } - } - if (error) { - free(nfs_pub.np_index, M_TEMP); - nfs_pub.np_index = NULL; - return (error); - } - } - - nfs_pub.np_mount = mp; - nfs_pub.np_valid = 1; - return (0); + return (NETSTACK_VFS_SETPUBLICFS(curnetstack, mp, nep, argp)); } -/* - * Used by the filesystems to determine if a given network address - * (passed in 'nam') is present in their exports list, returns a pointer - * to struct netcred so that the filesystem can examine it for - * access rights (read/write/etc). - */ -static struct netcred * -vfs_export_lookup(struct mount *mp, struct sockaddr *nam) -{ - struct netexport *nep; - register struct netcred *np; - register struct radix_node_head *rnh; - struct sockaddr *saddr; - - nep = mp->mnt_export; - if (nep == NULL) - return (NULL); - np = NULL; - if (mp->mnt_flag & MNT_EXPORTED) { - /* - * Lookup in the export list first. - */ - if (nam != NULL) { - saddr = nam; - rnh = nep->ne_rtable[saddr->sa_family]; - if (rnh != NULL) { - RADIX_NODE_HEAD_RLOCK(rnh); - np = (struct netcred *) - (*rnh->rnh_matchaddr)(saddr, rnh); - RADIX_NODE_HEAD_RUNLOCK(rnh); - if (np && np->netc_rnodes->rn_flags & RNF_ROOT) - np = NULL; - } - } - /* - * If no address match, use the default if it exists. - */ - if (np == NULL && mp->mnt_flag & MNT_DEFEXPORTED) - np = &nep->ne_defexported; - } - return (np); -} - -/* - * XXX: This comment comes from the deprecated ufs_check_export() - * XXX: and may not entirely apply, but lacking something better: - * This is the generic part of fhtovp called after the underlying - * filesystem has validated the file handle. - * - * Verify that a host should have access to a filesystem. - */ - -int -vfs_stdcheckexp(struct mount *mp, struct sockaddr *nam, int *extflagsp, - struct ucred **credanonp, int *numsecflavors, int **secflavors) -{ - struct netcred *np; - - lockmgr(&mp->mnt_explock, LK_SHARED, NULL); - np = vfs_export_lookup(mp, nam); - if (np == NULL) { - lockmgr(&mp->mnt_explock, LK_RELEASE, NULL); - *credanonp = NULL; - return (EACCES); - } - *extflagsp = np->netc_exflags; - if ((*credanonp = np->netc_anon) != NULL) - crhold(*credanonp); - if (numsecflavors) - *numsecflavors = np->netc_numsecflavors; - if (secflavors) - *secflavors = np->netc_secflavors; - lockmgr(&mp->mnt_explock, LK_RELEASE, NULL); - return (0); -} - Index: sys/modules/Makefile =================================================================== --- sys/modules/Makefile (revision 239685) +++ sys/modules/Makefile (working copy) @@ -226,6 +226,7 @@ SUBDIR= \ ${_ncv} \ ${_ndis} \ ${_netgraph} \ + ${_netstack} \ ${_nfe} \ nfs_common \ nfscl \ @@ -410,6 +411,11 @@ _nandfs= nandfs _nandsim= nandsim .endif +.if ${MK_INET_SUPPORT} != "no" || \ + ${MK_INET6_SUPPORT} != "no" || defined(ALL_MODULES) +_netstack= netstack +.endif + .if ${MK_NETGRAPH} != "no" || defined(ALL_MODULES) _netgraph= netgraph .endif .include Index: sys/modules/netstack/Makefile =================================================================== --- sys/modules/netstack/Makefile (revision 0) +++ sys/modules/netstack/Makefile (revision 0) @@ -0,0 +1,164 @@ +# $FreeBSD$ + +.include + +.PATH: ${.CURDIR:H:H}/${MACHINE}/${MACHINE_ARCH} +.PATH: ${.CURDIR:H:H}/kern +.PATH: ${.CURDIR:H:H}/net +.PATH: ${.CURDIR:H:H}/netinet +.PATH: ${.CURDIR:H:H}/netinet/cc +.PATH: ${.CURDIR:H:H}/netinet6 +.PATH: ${.CURDIR:H:H}/security/mac + +KMOD= netstack +SRCS= device_if.h bus_if.h netstack_if.h vnode_if.h +SRCS+= \ + opt_atalk.h \ + opt_bootp.h opt_bpf.h \ + opt_capsicum.h opt_compat.h \ + opt_ddb.h opt_device_polling.h \ + opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h opt_ipstealth.h opt_ipx.h \ + opt_kdtrace.h opt_ktrace.h \ + opt_mac.h opt_mbuf_profiling.h opt_mbuf_stress_test.h opt_mpath.h opt_mrouting.h \ + opt_netgraph.h \ + opt_ofed.h \ + opt_param.h opt_pcbgroup.h \ + opt_route.h \ + opt_sctp.h \ + opt_tcpdebug.h +# Networking (sys/net) +SRCS+= \ + bpf.c \ + bpf_buffer.c \ + bpf_filter.c \ + bpf_zerocopy.c \ + if.c \ + if_clone.c \ + if_dead.c \ + if_ethersubr.c \ + if_llatbl.c \ + if_loop.c \ + if_media.c \ + if_mib.c \ + netisr.c \ + netstack.c \ + pfil.c \ + radix.c \ + radix_mpath.c \ + raw_cb.c \ + raw_usrreq.c \ + route.c \ + rtsock.c +# IPv4 (sys/netinet) +SRCS+= \ + cc.c \ + cc_newreno.c \ + if_ether.c \ + igmp.c \ + in.c \ + in_cksum.c \ + in_jail.c \ + in_mcast.c \ + in_pcb.c \ + in_prot.c \ + in_proto.c \ + in_rmx.c \ + ip_ecn.c \ + ip_encap.c \ + ip_fastfwd.c \ + ip_icmp.c \ + ip_id.c \ + ip_input.c \ + ip_options.c \ + ip_output.c \ + raw_ip.c \ + sctp_asconf.c \ + sctp_auth.c \ + sctp_bsd_addr.c \ + sctp_cc_functions.c \ + sctp_crc32.c \ + sctp_indata.c \ + sctp_input.c \ + sctp_output.c \ + sctp_pcb.c \ + sctp_peeloff.c \ + sctp_ss_functions.c \ + sctp_syscalls.c \ + sctp_sysctl.c \ + sctp_timer.c \ + sctp_usrreq.c \ + sctputil.c \ + tcp_hostcache.c \ + tcp_input.c \ + tcp_lro.c \ + tcp_output.c \ + tcp_offload.c \ + tcp_reass.c \ + tcp_sack.c \ + tcp_subr.c \ + tcp_syncache.c \ + tcp_timer.c \ + tcp_timewait.c \ + tcp_usrreq.c \ + udp_usrreq.c +# IPv6 (sys/netinet6) +SRCS+= \ + dest6.c \ + frag6.c \ + icmp6.c \ + in6.c \ + in6_cksum.c \ + in6_ifattach.c \ + in6_jail.c \ + in6_mcast.c \ + in6_pcb.c \ + in6_proto.c \ + in6_rmx.c \ + in6_src.c \ + ip6_forward.c \ + ip6_id.c \ + ip6_input.c \ + ip6_output.c \ + mld6.c \ + nd6.c \ + nd6_nbr.c \ + nd6_rtr.c \ + raw_ip6.c \ + route6.c \ + scope6.c \ + sctp6_usrreq.c \ + udp6_usrreq.c +# MAC (sys/security/mac) +SRCS+= \ + mac_inet.c \ + mac_inet6.c + +CFLAGS+= -I@/contrib/pf + +# We need to build some pieces that may not be configured in +# the kernel config, so we need to explicitly define INET, +# INET6, DEV_BPF, and SCTP, as appropriate. +.if ${MK_INET_SUPPORT} != "no" +CFLAGS+= -DINET +.endif +.if ${MK_INET6_SUPPORT} != "no" +CFLAGS+= -DINET6 +.endif +.if (${MK_INET_SUPPORT} != "no" && ${MK_INET6_SUPPORT} != "no") +CFLAGS+= -DDEV_BPF +.if (${MK_SCTP_SUPPORT} != "no") +CFLAGS+= -DSCTP +.endif +.endif + +.if !defined(KERNBUILDDIR) +opt_compat.h: + echo "#define COMPAT_FREEBSD32 1" > ${.TARGET} + +opt_ddb.h: + echo "#define DDB 1" > ${.TARGET} + echo "#define DDB_CTF 1" >> ${.TARGET} +.endif + +.include + Index: sys/net/if.c =================================================================== --- sys/net/if.c (revision 239685) +++ sys/net/if.c (working copy) @@ -120,6 +120,12 @@ SYSCTL_UINT(_net, OID_AUTO, ifdescr_maxlen, CTLFLA static MALLOC_DEFINE(M_IFDESCR, "ifdescr", "ifnet descriptions"); +struct socket_iocgroup ifiocgroup = { + .soiocg_group = 'i', + .soiocg_ioctl = ifioctl +}; +SO_IOCGROUP_SET(if); + /* global sx for non-critical path ifdescr */ static struct sx ifdescr_sx; SX_SYSINIT(ifdescr_sx, &ifdescr_sx, "ifnet descr"); Index: sys/net/if_gre.c =================================================================== --- sys/net/if_gre.c (revision 239685) +++ sys/net/if_gre.c (working copy) @@ -67,7 +67,6 @@ #include #include -#ifdef INET #include #include #include @@ -75,9 +74,6 @@ #include #include #include -#else -#error "Huh? if_gre without inet?" -#endif #include @@ -121,7 +117,6 @@ static int gre_compute_route(struct gre_softc *sc) static void greattach(void); -#ifdef INET extern struct domain inetdomain; static const struct protosw in_gre_protosw = { .pr_type = SOCK_RAW, @@ -145,7 +140,6 @@ static const struct protosw in_mobile_protosw = { .pr_ctloutput = rip_ctloutput, .pr_usrreqs = &rip_usrreqs }; -#endif SYSCTL_DECL(_net_link); static SYSCTL_NODE(_net_link, IFT_TUNNEL, gre, CTLFLAG_RW, 0, @@ -226,10 +220,8 @@ gre_clone_destroy(ifp) LIST_REMOVE(sc, sc_list); mtx_unlock(&gre_mtx); -#ifdef INET if (sc->encap != NULL) encap_detach(sc->encap); -#endif bpfdetach(ifp); if_detach(ifp); if_free(ifp); @@ -579,10 +571,8 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t d break; } switch (ifr->ifr_addr.sa_family) { -#ifdef INET case AF_INET: break; -#endif #ifdef INET6 case AF_INET6: break; @@ -604,10 +594,8 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t d break; } switch (ifr->ifr_addr.sa_family) { -#ifdef INET case AF_INET: break; -#endif #ifdef INET6 case AF_INET6: break; @@ -655,12 +643,10 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t d if (cmd == GRESADDRD) sc->g_dst = (satosin(sa))->sin_addr; recompute: -#ifdef INET if (sc->encap != NULL) { encap_detach(sc->encap); sc->encap = NULL; } -#endif if ((sc->g_src.s_addr != INADDR_ANY) && (sc->g_dst.s_addr != INADDR_ANY)) { bzero(&sp, sizeof(sp)); @@ -675,7 +661,6 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t d dp.sin_addr = sc->g_dst; sm.sin_addr.s_addr = dm.sin_addr.s_addr = INADDR_BROADCAST; -#ifdef INET sc->encap = encap_attach(AF_INET, sc->g_proto, sintosa(&sp), sintosa(&sm), sintosa(&dp), sintosa(&dm), (sc->g_proto == IPPROTO_GRE) ? @@ -683,7 +668,6 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t d if (sc->encap == NULL) printf("%s: unable to attach encap\n", if_name(GRE2IFP(sc))); -#endif if (sc->route.ro_rt != 0) /* free old route */ RTFREE(sc->route.ro_rt); if (gre_compute_route(sc) == 0) @@ -977,4 +961,5 @@ static moduledata_t gre_mod = { }; DECLARE_MODULE(if_gre, gre_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); +MODULE_DEPEND(if_gre, netstack, 1, 1, 1); MODULE_VERSION(if_gre, 1); Index: sys/net/netstack.c =================================================================== --- sys/net/netstack.c (revision 0) +++ sys/net/netstack.c (revision 0) @@ -0,0 +1,535 @@ +/*- + * Copyright (c) 1989, 1993 + * The Regents of the University of California. + * (c) UNIX System Laboratories, Inc. + * Copyright (c) 2012, Juniper Networks, Inc. + * All rights reserved. + * All or some portions of this file are derived from material licensed + * to the University of California by American Telephone and Telegraph + * Co. or Unix System Laboratories, Inc. and are reproduced herein with + * the permission of UNIX System Laboratories, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)vfs_subr.c 8.31 (Berkeley) 5/26/95 + */ + +#include +__FBSDID("$FreeBSD: projects/tp2/sys/net/netstack.c 239070 2012-07-19 22:10:00Z stevek $"); + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "netstack_if.h" + +static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure"); + +static void netstack_vfs_free_addrlist(struct netexport *nep); +static int netstack_vfs_free_netcred(struct radix_node *rn, void *w); +static int netstack_vfs_hang_addrlist(struct mount *mp, + struct netexport *nep, struct export_args *argp); +static struct netcred *netstack_vfs_export_lookup(struct mount *, + struct sockaddr *); + +static netstack_socreate_t netstack_socreate; +static netstack_vfs_stdcheckexp_t netstack_vfs_stdcheckexp; +static netstack_vfs_export_t netstack_vfs_export; +static netstack_vfs_setpublicfs_t netstack_vfs_setpublicfs; + +/* + * Network address lookup element + */ +struct netcred { + struct radix_node netc_rnodes[2]; + int netc_exflags; + struct ucred *netc_anon; + int netc_numsecflavors; + int netc_secflavors[MAXSECFLAVORS]; +}; + +/* + * Network export information + */ +struct netexport { + struct netcred ne_defexported; /* Default export */ + struct radix_node_head *ne_rtable[AF_MAX+1]; /* Individual exports */ +}; + +/* + * Build hash lists of net addresses and hang them off the mount point. + * Called by netstack_vfs_export() to set up the lists of export addresses. + */ +static int +netstack_vfs_hang_addrlist(struct mount *mp, struct netexport *nep, + struct export_args *argp) +{ + register struct netcred *np; + register struct radix_node_head *rnh; + register int i; + struct radix_node *rn; + struct sockaddr *saddr, *smask = 0; + struct domain *dom; + int error; + + /* + * XXX: This routine converts from a `struct xucred' + * (argp->ex_anon) to a `struct ucred' (np->netc_anon). This + * operation is questionable; for example, what should be done + * with fields like cr_uidinfo and cr_prison? Currently, this + * routine does not touch them (leaves them as NULL). + */ + if (argp->ex_anon.cr_version != XUCRED_VERSION) { + vfs_mount_error(mp, "ex_anon.cr_version: %d != %d", + argp->ex_anon.cr_version, XUCRED_VERSION); + return (EINVAL); + } + + if (argp->ex_addrlen == 0) { + if (mp->mnt_flag & MNT_DEFEXPORTED) { + vfs_mount_error(mp, + "MNT_DEFEXPORTED already set for mount %p", mp); + return (EPERM); + } + np = &nep->ne_defexported; + np->netc_exflags = argp->ex_flags; + np->netc_anon = crget(); + np->netc_anon->cr_uid = argp->ex_anon.cr_uid; + crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, + argp->ex_anon.cr_groups); + np->netc_anon->cr_prison = &prison0; + prison_hold(np->netc_anon->cr_prison); + np->netc_numsecflavors = argp->ex_numsecflavors; + bcopy(argp->ex_secflavors, np->netc_secflavors, + sizeof(np->netc_secflavors)); + MNT_ILOCK(mp); + mp->mnt_flag |= MNT_DEFEXPORTED; + MNT_IUNLOCK(mp); + return (0); + } + +#if MSIZE <= 256 + if (argp->ex_addrlen > MLEN) { + vfs_mount_error(mp, "ex_addrlen %d is greater than %d", + argp->ex_addrlen, MLEN); + return (EINVAL); + } +#endif + + i = sizeof(struct netcred) + argp->ex_addrlen + argp->ex_masklen; + np = (struct netcred *) malloc(i, M_NETADDR, M_WAITOK | M_ZERO); + saddr = (struct sockaddr *) (np + 1); + if ((error = copyin(argp->ex_addr, saddr, argp->ex_addrlen))) + goto out; + if (saddr->sa_family == AF_UNSPEC || saddr->sa_family > AF_MAX) { + error = EINVAL; + vfs_mount_error(mp, "Invalid saddr->sa_family: %d"); + goto out; + } + if (saddr->sa_len > argp->ex_addrlen) + saddr->sa_len = argp->ex_addrlen; + if (argp->ex_masklen) { + smask = (struct sockaddr *)((caddr_t)saddr + argp->ex_addrlen); + error = copyin(argp->ex_mask, smask, argp->ex_masklen); + if (error) + goto out; + if (smask->sa_len > argp->ex_masklen) + smask->sa_len = argp->ex_masklen; + } + i = saddr->sa_family; + if ((rnh = nep->ne_rtable[i]) == NULL) { + /* + * Seems silly to initialize every AF when most are not used, + * do so on demand here + */ + for (dom = domains; dom; dom = dom->dom_next) { + KASSERT(((i == AF_INET) || (i == AF_INET6)), + ("unexpected protocol in netstack_vfs_hang_addrlist")); + if (dom->dom_family == i && dom->dom_rtattach) { + /* + * XXX MRT + * The INET and INET6 domains know the + * offset already. We don't need to send it + * So we just use it as a flag to say that + * we are or are not setting up a real routing + * table. Only IP and IPV6 need have this + * be 0 so all other protocols can stay the + * same (ABI compatible). + */ + dom->dom_rtattach( + (void **) &nep->ne_rtable[i], 0); + break; + } + } + if ((rnh = nep->ne_rtable[i]) == NULL) { + error = ENOBUFS; + vfs_mount_error(mp, "%s %s %d", + "Unable to initialize radix node head ", + "for address family", i); + goto out; + } + } + RADIX_NODE_HEAD_LOCK(rnh); + rn = (*rnh->rnh_addaddr)(saddr, smask, rnh, np->netc_rnodes); + RADIX_NODE_HEAD_UNLOCK(rnh); + if (rn == NULL || np != (struct netcred *)rn) { /* already exists */ + error = EPERM; + vfs_mount_error(mp, "Invalid radix node head, rn: %p %p", + rn, np); + goto out; + } + np->netc_exflags = argp->ex_flags; + np->netc_anon = crget(); + np->netc_anon->cr_uid = argp->ex_anon.cr_uid; + crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, + np->netc_anon->cr_groups); + np->netc_anon->cr_prison = &prison0; + prison_hold(np->netc_anon->cr_prison); + np->netc_numsecflavors = argp->ex_numsecflavors; + bcopy(argp->ex_secflavors, np->netc_secflavors, + sizeof(np->netc_secflavors)); + return (0); +out: + free(np, M_NETADDR); + return (error); +} + +/* Helper for netstack_vfs_free_addrlist. */ +/* ARGSUSED */ +static int +netstack_vfs_free_netcred(struct radix_node *rn, void *w) +{ + struct radix_node_head *rnh = (struct radix_node_head *) w; + struct ucred *cred; + + (*rnh->rnh_deladdr) (rn->rn_key, rn->rn_mask, rnh); + cred = ((struct netcred *)rn)->netc_anon; + if (cred != NULL) + crfree(cred); + free(rn, M_NETADDR); + return (0); +} + +/* + * Free the net address hash lists that are hanging off the mount points. + */ +static void +netstack_vfs_free_addrlist(struct netexport *nep) +{ + int i; + struct radix_node_head *rnh; + struct ucred *cred; + + for (i = 0; i <= AF_MAX; i++) { + if ((rnh = nep->ne_rtable[i])) { + RADIX_NODE_HEAD_LOCK(rnh); + (*rnh->rnh_walktree) (rnh, + netstack_vfs_free_netcred, rnh); + RADIX_NODE_HEAD_UNLOCK(rnh); + RADIX_NODE_HEAD_DESTROY(rnh); + free(rnh, M_RTABLE); + nep->ne_rtable[i] = NULL; /* not SMP safe XXX */ + } + } + cred = nep->ne_defexported.netc_anon; + if (cred != NULL) + crfree(cred); + +} + +/* + * High level function to manipulate export options on a mount point + * and the passed in netexport. + * Struct export_args *argp is the variable used to twiddle options, + * the structure is described in sys/mount.h + */ +static int +netstack_vfs_export(netstack_t nstack, struct mount *mp, + struct export_args *argp) +{ + struct netexport *nep; + int error; + + if (argp->ex_numsecflavors < 0 + || argp->ex_numsecflavors >= MAXSECFLAVORS) + return (EINVAL); + + error = 0; + lockmgr(&mp->mnt_explock, LK_EXCLUSIVE, NULL); + nep = mp->mnt_export; + if (argp->ex_flags & MNT_DELEXPORT) { + if (nep == NULL) { + error = ENOENT; + goto out; + } + if (mp->mnt_flag & MNT_EXPUBLIC) { + netstack_vfs_setpublicfs(nstack, NULL, NULL, NULL); + MNT_ILOCK(mp); + mp->mnt_flag &= ~MNT_EXPUBLIC; + MNT_IUNLOCK(mp); + } + netstack_vfs_free_addrlist(nep); + mp->mnt_export = NULL; + free(nep, M_MOUNT); + nep = NULL; + MNT_ILOCK(mp); + mp->mnt_flag &= ~(MNT_EXPORTED | MNT_DEFEXPORTED); + MNT_IUNLOCK(mp); + } + if (argp->ex_flags & MNT_EXPORTED) { + if (nep == NULL) { + nep = malloc(sizeof(struct netexport), M_MOUNT, M_WAITOK | M_ZERO); + mp->mnt_export = nep; + } + if (argp->ex_flags & MNT_EXPUBLIC) { + if ((error = vfs_setpublicfs(mp, nep, argp)) != 0) + goto out; + MNT_ILOCK(mp); + mp->mnt_flag |= MNT_EXPUBLIC; + MNT_IUNLOCK(mp); + } + if ((error = netstack_vfs_hang_addrlist(mp, nep, argp))) + goto out; + MNT_ILOCK(mp); + mp->mnt_flag |= MNT_EXPORTED; + MNT_IUNLOCK(mp); + } + +out: + lockmgr(&mp->mnt_explock, LK_RELEASE, NULL); + /* + * Once we have executed the netstack_vfs_export() command, we do + * not want to keep the "export" option around in the + * options list, since that will cause subsequent MNT_UPDATE + * calls to fail. The export information is saved in + * mp->mnt_export, so we can safely delete the "export" mount option + * here. + */ + vfs_deleteopt(mp->mnt_optnew, "export"); + vfs_deleteopt(mp->mnt_opt, "export"); + return (error); +} + +/* + * Set the publicly exported filesystem (WebNFS). Currently, only + * one public filesystem is possible in the spec (RFC 2054 and 2055) + */ +static int +netstack_vfs_setpublicfs(netstack_t nstack __unused, struct mount *mp, + struct netexport *nep, struct export_args *argp) +{ + int error; + struct vnode *rvp; + char *cp; + + /* + * mp == NULL -> invalidate the current info, the FS is + * no longer exported. May be called from either netstack_vfs_export + * or unmount, so check if it hasn't already been done. + */ + if (mp == NULL) { + if (nfs_pub.np_valid) { + nfs_pub.np_valid = 0; + if (nfs_pub.np_index != NULL) { + free(nfs_pub.np_index, M_TEMP); + nfs_pub.np_index = NULL; + } + } + return (0); + } + + /* + * Only one allowed at a time. + */ + if (nfs_pub.np_valid != 0 && mp != nfs_pub.np_mount) + return (EBUSY); + + /* + * Get real filehandle for root of exported FS. + */ + bzero(&nfs_pub.np_handle, sizeof(nfs_pub.np_handle)); + nfs_pub.np_handle.fh_fsid = mp->mnt_stat.f_fsid; + + if ((error = VFS_ROOT(mp, LK_EXCLUSIVE, &rvp))) + return (error); + + if ((error = VOP_VPTOFH(rvp, &nfs_pub.np_handle.fh_fid))) + return (error); + + vput(rvp); + + /* + * If an indexfile was specified, pull it in. + */ + if (argp->ex_indexfile != NULL) { + if (nfs_pub.np_index != NULL) + nfs_pub.np_index = malloc(MAXNAMLEN + 1, M_TEMP, + M_WAITOK); + error = copyinstr(argp->ex_indexfile, nfs_pub.np_index, + MAXNAMLEN, (size_t *)0); + if (!error) { + /* + * Check for illegal filenames. + */ + for (cp = nfs_pub.np_index; *cp; cp++) { + if (*cp == '/') { + error = EINVAL; + break; + } + } + } + if (error) { + free(nfs_pub.np_index, M_TEMP); + nfs_pub.np_index = NULL; + return (error); + } + } + + nfs_pub.np_mount = mp; + nfs_pub.np_valid = 1; + return (0); +} + +/* + * Used by the filesystems to determine if a given network address + * (passed in 'nam') is present in their exports list, returns a pointer + * to struct netcred so that the filesystem can examine it for + * access rights (read/write/etc). + */ +static struct netcred * +netstack_vfs_export_lookup(struct mount *mp, struct sockaddr *nam) +{ + struct netexport *nep; + register struct netcred *np; + register struct radix_node_head *rnh; + struct sockaddr *saddr; + + nep = mp->mnt_export; + if (nep == NULL) + return (NULL); + np = NULL; + if (mp->mnt_flag & MNT_EXPORTED) { + /* + * Lookup in the export list first. + */ + if (nam != NULL) { + saddr = nam; + rnh = nep->ne_rtable[saddr->sa_family]; + if (rnh != NULL) { + RADIX_NODE_HEAD_RLOCK(rnh); + np = (struct netcred *) + (*rnh->rnh_matchaddr)(saddr, rnh); + RADIX_NODE_HEAD_RUNLOCK(rnh); + if (np && np->netc_rnodes->rn_flags & RNF_ROOT) + np = NULL; + } + } + /* + * If no address match, use the default if it exists. + */ + if (np == NULL && mp->mnt_flag & MNT_DEFEXPORTED) + np = &nep->ne_defexported; + } + return (np); +} + +/* + * XXX: This comment comes from the deprecated ufs_check_export() + * XXX: and may not entirely apply, but lacking something better: + * This is the generic part of fhtovp called after the underlying + * filesystem has validated the file handle. + * + * Verify that a host should have access to a filesystem. + */ + +static int +netstack_vfs_stdcheckexp(netstack_t nstack __unused, struct mount *mp, + struct sockaddr *nam, int *extflagsp, struct ucred **credanonp, + int *numsecflavors, int **secflavors) +{ + struct netcred *np; + + lockmgr(&mp->mnt_explock, LK_SHARED, NULL); + np = netstack_vfs_export_lookup(mp, nam); + if (np == NULL) { + lockmgr(&mp->mnt_explock, LK_RELEASE, NULL); + *credanonp = NULL; + return (EACCES); + } + *extflagsp = np->netc_exflags; + if ((*credanonp = np->netc_anon) != NULL) + crhold(*credanonp); + if (numsecflavors) + *numsecflavors = np->netc_numsecflavors; + if (secflavors) + *secflavors = np->netc_secflavors; + lockmgr(&mp->mnt_explock, LK_RELEASE, NULL); + return (0); +} + +static void +netstack_socreate(netstack_t nstack __unused, struct socket *so, + struct protosw *prp, struct ucred *cred __unused, struct thread *td) +{ + + if ((prp->pr_domain->dom_family == PF_INET) || + (prp->pr_domain->dom_family == PF_INET6) || + (prp->pr_domain->dom_family == PF_ROUTE)) + so->so_fibnum = td->td_proc->p_fibnum; + else + so->so_fibnum = 0; +} + +static kobj_method_t netstack_methods[] = { + KOBJMETHOD(netstack_vfs_export, netstack_vfs_export), + KOBJMETHOD(netstack_vfs_setpublicfs, netstack_vfs_setpublicfs), + KOBJMETHOD(netstack_vfs_stdcheckexp, netstack_vfs_stdcheckexp), + KOBJMETHOD(netstack_socreate, netstack_socreate), + KOBJMETHOD_END +}; +NETSTACK_MODULE(freebsd, netstack_methods, SI_ORDER_ANY); +#ifdef SCTP +MODULE_DEPEND(netstack, crypto, 1, 1, 1); +#endif +MODULE_VERSION(netstack, 1); + Index: sys/net/netuuid.c =================================================================== --- sys/net/netuuid.c (revision 0) +++ sys/net/netuuid.c (revision 0) @@ -0,0 +1,95 @@ +/*- + * Copyright (c) 2002 Marcel Moolenaar + * Copyright (c) 2012, Juniper Networks, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD: projects/tp2/sys/net/netuuid.c 238830 2012-07-13 08:04:43Z stevek $"); + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +/* + * Return the first MAC address we encounter or, if none was found, + * construct a sufficiently random multicast address. We don't try + * to return the same MAC address as previously returned. We always + * generate a new multicast address if no MAC address exists in the + * system. + * It would be nice to know if 'ifnet' or any of its sub-structures + * has been changed in any way. If not, we could simply skip the + * scan and safely return the MAC address we returned before. + */ +static int +net_get_uuid(uint16_t *node, size_t sz) +{ + struct ifnet *ifp; + struct ifaddr *ifa; + struct sockaddr_dl *sdl; + + if (sz < UUID_NODE_LEN) + return (EINVAL); + + IFNET_RLOCK_NOSLEEP(); + TAILQ_FOREACH(ifp, &V_ifnet, if_link) { + /* Walk the address list */ + IF_ADDR_RLOCK(ifp); + TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { + sdl = (struct sockaddr_dl*)ifa->ifa_addr; + if (sdl != NULL && sdl->sdl_family == AF_LINK && + sdl->sdl_type == IFT_ETHER) { + /* Got a MAC address. */ + bcopy(LLADDR(sdl), node, UUID_NODE_LEN); + IF_ADDR_RUNLOCK(ifp); + IFNET_RUNLOCK_NOSLEEP(); + CURVNET_RESTORE(); + return (0); + } + } + IF_ADDR_RUNLOCK(ifp); + } + IFNET_RUNLOCK_NOSLEEP(); + + return (ENOENT); +} + +struct uuid_source netuuid_source = { + .get_uuid = net_get_uuid, +}; +UUID_SOURCE(net); + Index: sys/net/route.c =================================================================== --- sys/net/route.c (revision 239685) +++ sys/net/route.c (working copy) @@ -46,10 +46,15 @@ #include #include #include +#include +#include #include +#include #include #include #include +#include +#include #include #include @@ -114,6 +119,18 @@ SYSCTL_UINT(_net, OID_AUTO, add_addr_allfibs, CTLF &rt_add_addr_allfibs, 0, ""); TUNABLE_INT("net.add_addr_allfibs", &rt_add_addr_allfibs); +static struct syscall_helper_data route_syscalls[] = { + SYSCALL_INIT_HELPER(setfib), + SYSCALL_INIT_LAST +}; + +static int rtioctl_socket(struct socket *, u_long, caddr_t, struct thread *); +struct socket_iocgroup rtiocgroup = { + .soiocg_group = 'r', + .soiocg_ioctl = rtioctl_socket +}; +SO_IOCGROUP_SET(rt); + VNET_DEFINE(struct rtstat, rtstat); #define V_rtstat VNET(rtstat) @@ -192,14 +209,21 @@ static void route_init(void) { struct domain *dom; - int max_keylen = 0; + int error, max_keylen; + /* register the "setfib" syscall */ + error = syscall_helper_register(route_syscalls); + KASSERT((error != 0), + ("%s: syscall_helper_register failed for route syscalls", + __func__)); + /* whack the tunable ints into line. */ if (rt_numfibs > RT_MAXFIBS) rt_numfibs = RT_MAXFIBS; if (rt_numfibs == 0) rt_numfibs = 1; + max_keylen = 0; for (dom = domains; dom; dom = dom->dom_next) if (dom->dom_maxrtkey > max_keylen) max_keylen = dom->dom_maxrtkey; @@ -645,6 +669,19 @@ out: ifa_free(ifa); } +static int +rtioctl_socket(struct socket *so, u_long cmd, caddr_t data, + struct thread *td __unused) +{ + int error; + + CURVNET_SET(so->so_vnet); + error = rtioctl_fib(cmd, data, so->so_fibnum); + CURVNET_RESTORE(); + + return (error); +} + int rtioctl(u_long req, caddr_t data) { @@ -1658,3 +1695,29 @@ rtinit(struct ifaddr *ifa, int cmd, int flags) } return (rtinit1(ifa, cmd, flags, fib)); } + +int +rtsosetfib(struct socket *so, struct sockopt *sopt) +{ + int error, optval; + + if (sopt->sopt_level != SOL_SOCKET || + sopt->sopt_name != SO_SETFIB) + return (ENOPROTOOPT); + + error = sooptcopyin(sopt, &optval, sizeof optval, + sizeof optval); + if (error) + return (error); + if (optval < 0 || optval >= rt_numfibs) + return (error); + + if (so->so_proto->pr_domain->dom_family == PF_INET || + so->so_proto->pr_domain->dom_family == PF_INET6 || + so->so_proto->pr_domain->dom_family == PF_ROUTE) + so->so_fibnum = optval; + else + so->so_fibnum = 0; + return (0); +} + Index: sys/net/route.h =================================================================== --- sys/net/route.h (revision 239685) +++ sys/net/route.h (working copy) @@ -97,6 +97,8 @@ extern u_int rt_numfibs; /* number fo usable routi * XXX kernel function pointer `rt_output' is visible to applications. */ struct mbuf; +struct socket; +struct sockopt; /* * We distinguish between routes to hosts and routes to networks, @@ -354,6 +356,11 @@ struct rt_addrinfo { } \ } while (0) +#define RT_SOSETFIB(_so, _sopt) \ + (((_sopt)->sopt_level == SOL_SOCKET && \ + (_sopt)->sopt_name == SO_SETFIB) ? \ + rtsosetfib((_so), (_sopt)) : ENOPROTOOPT) + struct radix_node_head *rt_tables_get_rnh(int, int); struct ifmultiaddr; @@ -418,6 +425,8 @@ int rtrequest_fib(int, struct sockaddr *, struct sockaddr *, struct sockaddr *, int, struct rtentry **, u_int); int rtrequest1_fib(int, struct rt_addrinfo *, struct rtentry **, u_int); +int rtsosetfib(struct socket *, struct sockopt *); + #include typedef void (*rtevent_arp_update_fn)(void *, struct rtentry *, uint8_t *, struct sockaddr *); typedef void (*rtevent_redirect_fn)(void *, struct rtentry *, struct rtentry *, struct sockaddr *); Index: sys/netinet6/in6_jail.c =================================================================== --- sys/netinet6/in6_jail.c (revision 0) +++ sys/netinet6/in6_jail.c (revision 0) @@ -0,0 +1,422 @@ +/*- + * Copyright (c) 1999 Poul-Henning Kamp. + * Copyright (c) 2008 Bjoern A. Zeeb. + * Copyright (c) 2009 James Gritton. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD: projects/tp2/sys/netinet6/in6_jail.c 239068 2012-07-19 22:08:38Z stevek $"); + +#include "opt_compat.h" +#include "opt_ddb.h" +#include "opt_inet.h" +#include "opt_inet6.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +int +prison_qcmp_v6(const void *ip1, const void *ip2) +{ + const struct in6_addr *ia6a, *ia6b; + int i, rc; + + ia6a = (const struct in6_addr *)ip1; + ia6b = (const struct in6_addr *)ip2; + + rc = 0; + for (i = 0; rc == 0 && i < sizeof(struct in6_addr); i++) { + if (ia6a->s6_addr[i] > ia6b->s6_addr[i]) + rc = 1; + else if (ia6a->s6_addr[i] < ia6b->s6_addr[i]) + rc = -1; + } + return (rc); +} + +int +prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6) +{ + int ii, ij, used; + struct prison *ppr; + + ppr = pr->pr_parent; + if (!(pr->pr_flags & PR_IP6_USER)) { + /* This has no user settings, so just copy the parent's list. */ + if (pr->pr_ip6s < ppr->pr_ip6s) { + /* + * There's no room for the parent's list. Use the + * new list buffer, which is assumed to be big enough + * (if it was passed). If there's no buffer, try to + * allocate one. + */ + used = 1; + if (newip6 == NULL) { + newip6 = malloc(ppr->pr_ip6s * sizeof(*newip6), + M_PRISON, M_NOWAIT); + if (newip6 != NULL) + used = 0; + } + if (newip6 != NULL) { + bcopy(ppr->pr_ip6, newip6, + ppr->pr_ip6s * sizeof(*newip6)); + free(pr->pr_ip6, M_PRISON); + pr->pr_ip6 = newip6; + pr->pr_ip6s = ppr->pr_ip6s; + } + return (used); + } + pr->pr_ip6s = ppr->pr_ip6s; + if (pr->pr_ip6s > 0) + bcopy(ppr->pr_ip6, pr->pr_ip6, + pr->pr_ip6s * sizeof(*newip6)); + else if (pr->pr_ip6 != NULL) { + free(pr->pr_ip6, M_PRISON); + pr->pr_ip6 = NULL; + } + } else if (pr->pr_ip6s > 0) { + /* Remove addresses that aren't in the parent. */ + for (ij = 0; ij < ppr->pr_ip6s; ij++) + if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0], + &ppr->pr_ip6[ij])) + break; + if (ij < ppr->pr_ip6s) + ii = 1; + else { + bcopy(pr->pr_ip6 + 1, pr->pr_ip6, + --pr->pr_ip6s * sizeof(*pr->pr_ip6)); + ii = 0; + } + for (ij = 1; ii < pr->pr_ip6s; ) { + if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[ii], + &ppr->pr_ip6[0])) { + ii++; + continue; + } + switch (ij >= ppr->pr_ip4s ? -1 : + prison_qcmp_v6(&pr->pr_ip6[ii], + &ppr->pr_ip6[ij])) { + case -1: + bcopy(pr->pr_ip6 + ii + 1, pr->pr_ip6 + ii, + (--pr->pr_ip6s - ii) * sizeof(*pr->pr_ip6)); + break; + case 0: + ii++; + ij++; + break; + case 1: + ij++; + break; + } + } + if (pr->pr_ip6s == 0) { + pr->pr_flags |= PR_IP6_DISABLE; + free(pr->pr_ip6, M_PRISON); + pr->pr_ip6 = NULL; + } + } + return 0; +} + +/* + * Pass back primary IPv6 address for this jail. + * + * If not restricted return success but do not alter the address. Caller has + * to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT). + * + * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6. + */ +int +prison_get_ip6(struct ucred *cred, struct in6_addr *ia6) +{ + struct prison *pr; + + KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); + KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); + + pr = cred->cr_prison; + if (!(pr->pr_flags & PR_IP6)) + return (0); + mtx_lock(&pr->pr_mtx); + if (!(pr->pr_flags & PR_IP6)) { + mtx_unlock(&pr->pr_mtx); + return (0); + } + if (pr->pr_ip6 == NULL) { + mtx_unlock(&pr->pr_mtx); + return (EAFNOSUPPORT); + } + + bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); + mtx_unlock(&pr->pr_mtx); + return (0); +} + +/* + * Return 1 if we should do proper source address selection or are not jailed. + * We will return 0 if we should bypass source address selection in favour + * of the primary jail IPv6 address. Only in this case *ia will be updated and + * returned in NBO. + * Return EAFNOSUPPORT, in case this jail does not allow IPv6. + */ +int +prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6) +{ + struct prison *pr; + struct in6_addr lia6; + int error; + + KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); + KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); + + if (!jailed(cred)) + return (1); + + pr = cred->cr_prison; + if (pr->pr_flags & PR_IP6_SADDRSEL) + return (1); + + lia6 = in6addr_any; + error = prison_get_ip6(cred, &lia6); + if (error) + return (error); + if (IN6_IS_ADDR_UNSPECIFIED(&lia6)) + return (1); + + bcopy(&lia6, ia6, sizeof(struct in6_addr)); + return (0); +} + +/* + * Return true if pr1 and pr2 have the same IPv6 address restrictions. + */ +int +prison_equal_ip6(struct prison *pr1, struct prison *pr2) +{ + + if (pr1 == pr2) + return (1); + + while (pr1 != &prison0 && +#ifdef VIMAGE + !(pr1->pr_flags & PR_VNET) && +#endif + !(pr1->pr_flags & PR_IP6_USER)) + pr1 = pr1->pr_parent; + while (pr2 != &prison0 && +#ifdef VIMAGE + !(pr2->pr_flags & PR_VNET) && +#endif + !(pr2->pr_flags & PR_IP6_USER)) + pr2 = pr2->pr_parent; + return (pr1 == pr2); +} + +/* + * Make sure our (source) address is set to something meaningful to this jail. + * + * v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0) + * when needed while binding. + * + * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail, + * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail + * doesn't allow IPv6. + */ +int +prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only) +{ + struct prison *pr; + int error; + + KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); + KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); + + pr = cred->cr_prison; + if (!(pr->pr_flags & PR_IP6)) + return (0); + mtx_lock(&pr->pr_mtx); + if (!(pr->pr_flags & PR_IP6)) { + mtx_unlock(&pr->pr_mtx); + return (0); + } + if (pr->pr_ip6 == NULL) { + mtx_unlock(&pr->pr_mtx); + return (EAFNOSUPPORT); + } + + if (IN6_IS_ADDR_LOOPBACK(ia6)) { + bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); + mtx_unlock(&pr->pr_mtx); + return (0); + } + + if (IN6_IS_ADDR_UNSPECIFIED(ia6)) { + /* + * In case there is only 1 IPv6 address, and v6only is true, + * then bind directly. + */ + if (v6only != 0 && pr->pr_ip6s == 1) + bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); + mtx_unlock(&pr->pr_mtx); + return (0); + } + + error = prison_check_ip6_locked(pr, ia6); + mtx_unlock(&pr->pr_mtx); + return (error); +} + +/* + * Rewrite destination address in case we will connect to loopback address. + * + * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6. + */ +int +prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6) +{ + struct prison *pr; + + KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); + KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); + + pr = cred->cr_prison; + if (!(pr->pr_flags & PR_IP6)) + return (0); + mtx_lock(&pr->pr_mtx); + if (!(pr->pr_flags & PR_IP6)) { + mtx_unlock(&pr->pr_mtx); + return (0); + } + if (pr->pr_ip6 == NULL) { + mtx_unlock(&pr->pr_mtx); + return (EAFNOSUPPORT); + } + + if (IN6_IS_ADDR_LOOPBACK(ia6)) { + bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr)); + mtx_unlock(&pr->pr_mtx); + return (0); + } + + /* + * Return success because nothing had to be changed. + */ + mtx_unlock(&pr->pr_mtx); + return (0); +} + +/* + * Check if given address belongs to the jail referenced by cred/prison. + * + * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail, + * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail + * doesn't allow IPv6. + */ +int +prison_check_ip6_locked(struct prison *pr, struct in6_addr *ia6) +{ + int i, a, z, d; + + /* + * Check the primary IP. + */ + if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0], ia6)) + return (0); + + /* + * All the other IPs are sorted so we can do a binary search. + */ + a = 0; + z = pr->pr_ip6s - 2; + while (a <= z) { + i = (a + z) / 2; + d = prison_qcmp_v6(&pr->pr_ip6[i+1], ia6); + if (d > 0) + z = i - 1; + else if (d < 0) + a = i + 1; + else + return (0); + } + + return (EADDRNOTAVAIL); +} + +int +prison_check_ip6(struct ucred *cred, struct in6_addr *ia6) +{ + struct prison *pr; + int error; + + KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); + KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); + + pr = cred->cr_prison; + if (!(pr->pr_flags & PR_IP6)) + return (0); + mtx_lock(&pr->pr_mtx); + if (!(pr->pr_flags & PR_IP6)) { + mtx_unlock(&pr->pr_mtx); + return (0); + } + if (pr->pr_ip6 == NULL) { + mtx_unlock(&pr->pr_mtx); + return (EAFNOSUPPORT); + } + + error = prison_check_ip6_locked(pr, ia6); + mtx_unlock(&pr->pr_mtx); + return (error); +} + Index: sys/netinet6/ip6_forward.c =================================================================== --- sys/netinet6/ip6_forward.c (revision 239685) +++ sys/netinet6/ip6_forward.c (working copy) @@ -105,9 +105,6 @@ ip6_forward(struct mbuf *m, int srcrt) struct secpolicy *sp = NULL; int ipsecrt = 0; #endif -#ifdef SCTP - int sw_csum; -#endif #ifdef IPFIREWALL_FORWARD struct m_tag *fwd_tag; #endif Index: sys/netinet6/ip6_output.c =================================================================== --- sys/netinet6/ip6_output.c (revision 239685) +++ sys/netinet6/ip6_output.c (working copy) @@ -1517,10 +1517,15 @@ ip6_ctloutput(struct socket *so, struct sockopt *s error = 0; break; case SO_SETFIB: - INP_WLOCK(in6p); - in6p->inp_inc.inc_fibnum = so->so_fibnum; - INP_WUNLOCK(in6p); - error = 0; + error = RT_SOSETFIB(so, sopt); + if (error == 0) { + INP_WLOCK(in6p); + in6p->inp_inc.inc_fibnum = + so->so_fibnum; + INP_WUNLOCK(in6p); + } + if (error == ENOPROTOOPT) + error = 0; break; default: break; Index: sys/netinet/in_jail.c =================================================================== --- sys/netinet/in_jail.c (revision 0) +++ sys/netinet/in_jail.c (revision 0) @@ -0,0 +1,435 @@ +/*- + * Copyright (c) 1999 Poul-Henning Kamp. + * Copyright (c) 2008 Bjoern A. Zeeb. + * Copyright (c) 2009 James Gritton. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD: projects/tp2/sys/netinet/in_jail.c 239068 2012-07-19 22:08:38Z stevek $"); + +#include "opt_compat.h" +#include "opt_ddb.h" +#include "opt_inet.h" +#include "opt_inet6.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +int +prison_qcmp_v4(const void *ip1, const void *ip2) +{ + in_addr_t iaa, iab; + + /* + * We need to compare in HBO here to get the list sorted as expected + * by the result of the code. Sorting NBO addresses gives you + * interesting results. If you do not understand, do not try. + */ + iaa = ntohl(((const struct in_addr *)ip1)->s_addr); + iab = ntohl(((const struct in_addr *)ip2)->s_addr); + + /* + * Do not simply return the difference of the two numbers, the int is + * not wide enough. + */ + if (iaa > iab) + return (1); + else if (iaa < iab) + return (-1); + else + return (0); +} + +/* + * Restrict a prison's IP address list with its parent's, possibly replacing + * it. Return true if the replacement buffer was used (or would have been). + */ +int +prison_restrict_ip4(struct prison *pr, struct in_addr *newip4) +{ + int ii, ij, used; + struct prison *ppr; + + ppr = pr->pr_parent; + if (!(pr->pr_flags & PR_IP4_USER)) { + /* This has no user settings, so just copy the parent's list. */ + if (pr->pr_ip4s < ppr->pr_ip4s) { + /* + * There's no room for the parent's list. Use the + * new list buffer, which is assumed to be big enough + * (if it was passed). If there's no buffer, try to + * allocate one. + */ + used = 1; + if (newip4 == NULL) { + newip4 = malloc(ppr->pr_ip4s * sizeof(*newip4), + M_PRISON, M_NOWAIT); + if (newip4 != NULL) + used = 0; + } + if (newip4 != NULL) { + bcopy(ppr->pr_ip4, newip4, + ppr->pr_ip4s * sizeof(*newip4)); + free(pr->pr_ip4, M_PRISON); + pr->pr_ip4 = newip4; + pr->pr_ip4s = ppr->pr_ip4s; + } + return (used); + } + pr->pr_ip4s = ppr->pr_ip4s; + if (pr->pr_ip4s > 0) + bcopy(ppr->pr_ip4, pr->pr_ip4, + pr->pr_ip4s * sizeof(*newip4)); + else if (pr->pr_ip4 != NULL) { + free(pr->pr_ip4, M_PRISON); + pr->pr_ip4 = NULL; + } + } else if (pr->pr_ip4s > 0) { + /* Remove addresses that aren't in the parent. */ + for (ij = 0; ij < ppr->pr_ip4s; ij++) + if (pr->pr_ip4[0].s_addr == ppr->pr_ip4[ij].s_addr) + break; + if (ij < ppr->pr_ip4s) + ii = 1; + else { + bcopy(pr->pr_ip4 + 1, pr->pr_ip4, + --pr->pr_ip4s * sizeof(*pr->pr_ip4)); + ii = 0; + } + for (ij = 1; ii < pr->pr_ip4s; ) { + if (pr->pr_ip4[ii].s_addr == ppr->pr_ip4[0].s_addr) { + ii++; + continue; + } + switch (ij >= ppr->pr_ip4s ? -1 : + prison_qcmp_v4(&pr->pr_ip4[ii], + &ppr->pr_ip4[ij])) { + case -1: + bcopy(pr->pr_ip4 + ii + 1, pr->pr_ip4 + ii, + (--pr->pr_ip4s - ii) * sizeof(*pr->pr_ip4)); + break; + case 0: + ii++; + ij++; + break; + case 1: + ij++; + break; + } + } + if (pr->pr_ip4s == 0) { + pr->pr_flags |= PR_IP4_DISABLE; + free(pr->pr_ip4, M_PRISON); + pr->pr_ip4 = NULL; + } + } + return (0); +} + +/* + * Pass back primary IPv4 address of this jail. + * + * If not restricted return success but do not alter the address. Caller has + * to make sure to initialize it correctly (e.g. INADDR_ANY). + * + * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4. + * Address returned in NBO. + */ +int +prison_get_ip4(struct ucred *cred, struct in_addr *ia) +{ + struct prison *pr; + + KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); + KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); + + pr = cred->cr_prison; + if (!(pr->pr_flags & PR_IP4)) + return (0); + mtx_lock(&pr->pr_mtx); + if (!(pr->pr_flags & PR_IP4)) { + mtx_unlock(&pr->pr_mtx); + return (0); + } + if (pr->pr_ip4 == NULL) { + mtx_unlock(&pr->pr_mtx); + return (EAFNOSUPPORT); + } + + ia->s_addr = pr->pr_ip4[0].s_addr; + mtx_unlock(&pr->pr_mtx); + return (0); +} + +/* + * Return 1 if we should do proper source address selection or are not jailed. + * We will return 0 if we should bypass source address selection in favour + * of the primary jail IPv4 address. Only in this case *ia will be updated and + * returned in NBO. + * Return EAFNOSUPPORT, in case this jail does not allow IPv4. + */ +int +prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia) +{ + struct prison *pr; + struct in_addr lia; + int error; + + KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); + KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); + + if (!jailed(cred)) + return (1); + + pr = cred->cr_prison; + if (pr->pr_flags & PR_IP4_SADDRSEL) + return (1); + + lia.s_addr = INADDR_ANY; + error = prison_get_ip4(cred, &lia); + if (error) + return (error); + if (lia.s_addr == INADDR_ANY) + return (1); + + ia->s_addr = lia.s_addr; + return (0); +} + +/* + * Return true if pr1 and pr2 have the same IPv4 address restrictions. + */ +int +prison_equal_ip4(struct prison *pr1, struct prison *pr2) +{ + + if (pr1 == pr2) + return (1); + + /* + * No need to lock since the PR_IP4_USER flag can't be altered for + * existing prisons. + */ + while (pr1 != &prison0 && +#ifdef VIMAGE + !(pr1->pr_flags & PR_VNET) && +#endif + !(pr1->pr_flags & PR_IP4_USER)) + pr1 = pr1->pr_parent; + while (pr2 != &prison0 && +#ifdef VIMAGE + !(pr2->pr_flags & PR_VNET) && +#endif + !(pr2->pr_flags & PR_IP4_USER)) + pr2 = pr2->pr_parent; + return (pr1 == pr2); +} + +/* + * Make sure our (source) address is set to something meaningful to this + * jail. + * + * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail, + * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail + * doesn't allow IPv4. Address passed in in NBO and returned in NBO. + */ +int +prison_local_ip4(struct ucred *cred, struct in_addr *ia) +{ + struct prison *pr; + struct in_addr ia0; + int error; + + KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); + KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); + + pr = cred->cr_prison; + if (!(pr->pr_flags & PR_IP4)) + return (0); + mtx_lock(&pr->pr_mtx); + if (!(pr->pr_flags & PR_IP4)) { + mtx_unlock(&pr->pr_mtx); + return (0); + } + if (pr->pr_ip4 == NULL) { + mtx_unlock(&pr->pr_mtx); + return (EAFNOSUPPORT); + } + + ia0.s_addr = ntohl(ia->s_addr); + if (ia0.s_addr == INADDR_LOOPBACK) { + ia->s_addr = pr->pr_ip4[0].s_addr; + mtx_unlock(&pr->pr_mtx); + return (0); + } + + if (ia0.s_addr == INADDR_ANY) { + /* + * In case there is only 1 IPv4 address, bind directly. + */ + if (pr->pr_ip4s == 1) + ia->s_addr = pr->pr_ip4[0].s_addr; + mtx_unlock(&pr->pr_mtx); + return (0); + } + + error = prison_check_ip4_locked(pr, ia); + mtx_unlock(&pr->pr_mtx); + return (error); +} + +/* + * Rewrite destination address in case we will connect to loopback address. + * + * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4. + * Address passed in in NBO and returned in NBO. + */ +int +prison_remote_ip4(struct ucred *cred, struct in_addr *ia) +{ + struct prison *pr; + + KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); + KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); + + pr = cred->cr_prison; + if (!(pr->pr_flags & PR_IP4)) + return (0); + mtx_lock(&pr->pr_mtx); + if (!(pr->pr_flags & PR_IP4)) { + mtx_unlock(&pr->pr_mtx); + return (0); + } + if (pr->pr_ip4 == NULL) { + mtx_unlock(&pr->pr_mtx); + return (EAFNOSUPPORT); + } + + if (ntohl(ia->s_addr) == INADDR_LOOPBACK) { + ia->s_addr = pr->pr_ip4[0].s_addr; + mtx_unlock(&pr->pr_mtx); + return (0); + } + + /* + * Return success because nothing had to be changed. + */ + mtx_unlock(&pr->pr_mtx); + return (0); +} + +/* + * Check if given address belongs to the jail referenced by cred/prison. + * + * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail, + * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail + * doesn't allow IPv4. Address passed in in NBO. + */ +int +prison_check_ip4_locked(struct prison *pr, struct in_addr *ia) +{ + int i, a, z, d; + + /* + * Check the primary IP. + */ + if (pr->pr_ip4[0].s_addr == ia->s_addr) + return (0); + + /* + * All the other IPs are sorted so we can do a binary search. + */ + a = 0; + z = pr->pr_ip4s - 2; + while (a <= z) { + i = (a + z) / 2; + d = prison_qcmp_v4(&pr->pr_ip4[i+1], ia); + if (d > 0) + z = i - 1; + else if (d < 0) + a = i + 1; + else + return (0); + } + + return (EADDRNOTAVAIL); +} + +int +prison_check_ip4(struct ucred *cred, struct in_addr *ia) +{ + struct prison *pr; + int error; + + KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); + KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); + + pr = cred->cr_prison; + if (!(pr->pr_flags & PR_IP4)) + return (0); + mtx_lock(&pr->pr_mtx); + if (!(pr->pr_flags & PR_IP4)) { + mtx_unlock(&pr->pr_mtx); + return (0); + } + if (pr->pr_ip4 == NULL) { + mtx_unlock(&pr->pr_mtx); + return (EAFNOSUPPORT); + } + + error = prison_check_ip4_locked(pr, ia); + mtx_unlock(&pr->pr_mtx); + return (error); +} + Index: sys/netinet/in_prot.c =================================================================== --- sys/netinet/in_prot.c (revision 0) +++ sys/netinet/in_prot.c (revision 0) @@ -0,0 +1,90 @@ +/*- + * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 + * The Regents of the University of California. + * (c) UNIX System Laboratories, Inc. + * Copyright (c) 2000-2001 Robert N. M. Watson. + * All rights reserved. + * + * All or some portions of this file are derived from material licensed + * to the University of California by American Telephone and Telegraph + * Co. or Unix System Laboratories, Inc. and are reproduced herein with + * the permission of UNIX System Laboratories, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94 + */ + +/* + * System calls related to processes and protection + */ + +#include +__FBSDID("$FreeBSD: projects/tp2/sys/netinet/in_prot.c 238836 2012-07-13 09:48:05Z stevek $"); + +#include "opt_compat.h" +#include "opt_inet.h" +#include "opt_inet6.h" + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include +#include + +/*- + * Determine whether the subject represented by cred can "see" a socket. + * Returns: 0 for permitted, ENOENT otherwise. + */ +int +cr_canseeinpcb(struct ucred *cred, struct inpcb *inp) +{ + int error; + + error = prison_check(cred, inp->inp_cred); + if (error) + return (ENOENT); +#ifdef MAC + INP_LOCK_ASSERT(inp); + error = mac_inpcb_check_visible(cred, inp); + if (error) + return (error); +#endif + if (cr_canseeotheruids(cred, inp->inp_cred)) + return (ENOENT); + if (cr_canseeothergids(cred, inp->inp_cred)) + return (ENOENT); + + return (0); +} + Index: sys/netinet/in_proto.c =================================================================== --- sys/netinet/in_proto.c (revision 239685) +++ sys/netinet/in_proto.c (working copy) @@ -380,3 +380,5 @@ SYSCTL_NODE(_net_inet, IPPROTO_IPCOMP, ipcomp, CTL SYSCTL_NODE(_net_inet, IPPROTO_IPIP, ipip, CTLFLAG_RW, 0, "IPIP"); #endif /* IPSEC */ SYSCTL_NODE(_net_inet, IPPROTO_RAW, raw, CTLFLAG_RW, 0, "RAW"); +SYSCTL_NODE(_net_inet, OID_AUTO, accf, CTLFLAG_RW, 0, + "Accept filters"); Index: sys/netinet/ip_gre.c =================================================================== --- sys/netinet/ip_gre.c (revision 239685) +++ sys/netinet/ip_gre.c (working copy) @@ -61,7 +61,6 @@ __FBSDID("$FreeBSD$"); #include #include -#ifdef INET #include #include #include @@ -69,9 +68,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#else -#error "ip_gre requires INET" -#endif #ifdef NETATALK #include Index: sys/netinet/ip_output.c =================================================================== --- sys/netinet/ip_output.c (revision 239685) +++ sys/netinet/ip_output.c (working copy) @@ -928,10 +928,14 @@ ip_ctloutput(struct socket *so, struct sockopt *so error = 0; break; case SO_SETFIB: - INP_WLOCK(inp); - inp->inp_inc.inc_fibnum = so->so_fibnum; - INP_WUNLOCK(inp); - error = 0; + error = RT_SOSETFIB(so, sopt); + if (error == 0) { + INP_WLOCK(inp); + inp->inp_inc.inc_fibnum = so->so_fibnum; + INP_WUNLOCK(inp); + } + if (error == ENOPROTOOPT) + error = 0; break; default: break; Index: sys/netinet/ipfw/ip_fw2.c =================================================================== --- sys/netinet/ipfw/ip_fw2.c (revision 239685) +++ sys/netinet/ipfw/ip_fw2.c (working copy) @@ -2758,8 +2758,8 @@ static moduledata_t ipfwmod = { #define IPFW_VNET_ORDER (IPFW_MODEVENT_ORDER + 2) /* Later still. */ DECLARE_MODULE(ipfw, ipfwmod, IPFW_SI_SUB_FIREWALL, IPFW_MODEVENT_ORDER); +MODULE_DEPEND(ipfw, netstack, 1, 1, 1); MODULE_VERSION(ipfw, 2); -/* should declare some dependencies here */ /* * Starting up. Done in order after ipfwmod() has been called. Index: sys/netinet/raw_ip.c =================================================================== --- sys/netinet/raw_ip.c (revision 239685) +++ sys/netinet/raw_ip.c (working copy) @@ -554,11 +554,11 @@ rip_ctloutput(struct socket *so, struct sockopt *s int error, optval; if (sopt->sopt_level != IPPROTO_IP) { - if ((sopt->sopt_level == SOL_SOCKET) && - (sopt->sopt_name == SO_SETFIB)) { + error = RT_SOSETFIB(so, sopt); + if (error == 0) inp->inp_inc.inc_fibnum = so->so_fibnum; - return (0); - } + if (error != ENOPROTOOPT) + return (error); return (EINVAL); } Index: sys/netinet/sctp_syscalls.c =================================================================== --- sys/netinet/sctp_syscalls.c (revision 0) +++ sys/netinet/sctp_syscalls.c (revision 0) @@ -0,0 +1,599 @@ +/*- + * Copyright (c) 1982, 1986, 1989, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * sendfile(2) and related extensions: + * Copyright (c) 1998, David Greenman. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)uipc_syscalls.c 8.4 (Berkeley) 2/21/94 + */ + +#include +__FBSDID("$FreeBSD: projects/tp2/sys/netinet/sctp_syscalls.c 238839 2012-07-13 10:38:08Z stevek $"); + +#include "opt_capsicum.h" +#include "opt_inet.h" +#include "opt_inet6.h" +#include "opt_sctp.h" +#include "opt_compat.h" +#include "opt_ktrace.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef KTRACE +#include +#endif +#ifdef COMPAT_FREEBSD32 +#include +#endif + +#include + +#include +#include + +#include +#include + +static struct syscall_helper_data sctp_syscalls[] = { + SYSCALL_INIT_HELPER(sctp_peeloff), + SYSCALL_INIT_HELPER(sctp_generic_sendmsg), + SYSCALL_INIT_HELPER(sctp_generic_sendmsg_iov), + SYSCALL_INIT_HELPER(sctp_generic_recvmsg), + SYSCALL_INIT_LAST +}; + +static void +sctp_syscalls_init(void *unused __unused) +{ + int error; + + error = syscall_helper_register(sctp_syscalls); + KASSERT((error != 0), + ("%s: syscall_helper_register failed for sctp syscalls", __func__)); +#ifdef COMPAT_FREEBSD32 + error = syscall32_helper_register(sctp_syscalls); + KASSERT((error != 0), + ("%s: syscall32_helper_register failed for sctp syscalls", + __func__)); +#endif +} +SYSINIT(sctp_syscalls, SI_SUB_SYSCALLS, SI_ORDER_ANY, sctp_syscalls_init, NULL); + +/* + * SCTP syscalls. + * Functionality only compiled in if SCTP is defined in the kernel Makefile, + * otherwise all return EOPNOTSUPP. + * XXX: We should make this loadable one day. + */ +int +sys_sctp_peeloff(td, uap) + struct thread *td; + struct sctp_peeloff_args /* { + int sd; + caddr_t name; + } */ *uap; +{ +#if (defined(INET) || defined(INET6)) && defined(SCTP) + struct file *nfp = NULL; + int error; + struct socket *head, *so; + int fd; + u_int fflag; + + AUDIT_ARG_FD(uap->sd); + error = fgetsock(td, uap->sd, CAP_PEELOFF, &head, &fflag); + if (error) + goto done2; + if (head->so_proto->pr_protocol != IPPROTO_SCTP) { + error = EOPNOTSUPP; + goto done; + } + error = sctp_can_peel_off(head, (sctp_assoc_t)uap->name); + if (error) + goto done; + /* + * At this point we know we do have a assoc to pull + * we proceed to get the fd setup. This may block + * but that is ok. + */ + + error = falloc(td, &nfp, &fd, 0); + if (error) + goto done; + td->td_retval[0] = fd; + + CURVNET_SET(head->so_vnet); + so = sonewconn(head, SS_ISCONNECTED); + if (so == NULL) + goto noconnection; + /* + * Before changing the flags on the socket, we have to bump the + * reference count. Otherwise, if the protocol calls sofree(), + * the socket will be released due to a zero refcount. + */ + SOCK_LOCK(so); + soref(so); /* file descriptor reference */ + SOCK_UNLOCK(so); + + ACCEPT_LOCK(); + + TAILQ_REMOVE(&head->so_comp, so, so_list); + head->so_qlen--; + so->so_state |= (head->so_state & SS_NBIO); + so->so_state &= ~SS_NOFDREF; + so->so_qstate &= ~SQ_COMP; + so->so_head = NULL; + ACCEPT_UNLOCK(); + finit(nfp, fflag, DTYPE_SOCKET, so, &socketops); + error = sctp_do_peeloff(head, so, (sctp_assoc_t)uap->name); + if (error) + goto noconnection; + if (head->so_sigio != NULL) + fsetown(fgetown(&head->so_sigio), &so->so_sigio); + +noconnection: + /* + * close the new descriptor, assuming someone hasn't ripped it + * out from under us. + */ + if (error) + fdclose(td->td_proc->p_fd, nfp, fd, td); + + /* + * Release explicitly held references before returning. + */ + CURVNET_RESTORE(); +done: + if (nfp != NULL) + fdrop(nfp, td); + fputsock(head); +done2: + return (error); +#else /* SCTP */ + return (EOPNOTSUPP); +#endif /* SCTP */ +} + +int +sys_sctp_generic_sendmsg (td, uap) + struct thread *td; + struct sctp_generic_sendmsg_args /* { + int sd, + caddr_t msg, + int mlen, + caddr_t to, + __socklen_t tolen, + struct sctp_sndrcvinfo *sinfo, + int flags + } */ *uap; +{ +#if (defined(INET) || defined(INET6)) && defined(SCTP) + struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL; + struct socket *so; + struct file *fp = NULL; + int error = 0, len; + struct sockaddr *to = NULL; +#ifdef KTRACE + struct uio *ktruio = NULL; +#endif + struct uio auio; + struct iovec iov[1]; + cap_rights_t rights; + + if (uap->sinfo) { + error = copyin(uap->sinfo, &sinfo, sizeof (sinfo)); + if (error) + return (error); + u_sinfo = &sinfo; + } + + rights = CAP_WRITE; + if (uap->tolen) { + error = getsockaddr(&to, uap->to, uap->tolen); + if (error) { + to = NULL; + goto sctp_bad2; + } + rights |= CAP_CONNECT; + } + + AUDIT_ARG_FD(uap->sd); + error = getsock_cap(td->td_proc->p_fd, uap->sd, rights, &fp, NULL); + if (error) + goto sctp_bad; +#ifdef KTRACE + if (to && (KTRPOINT(td, KTR_STRUCT))) + ktrsockaddr(to); +#endif + + iov[0].iov_base = uap->msg; + iov[0].iov_len = uap->mlen; + + so = (struct socket *)fp->f_data; + if (so->so_proto->pr_protocol != IPPROTO_SCTP) { + error = EOPNOTSUPP; + goto sctp_bad; + } +#ifdef MAC + error = mac_socket_check_send(td->td_ucred, so); + if (error) + goto sctp_bad; +#endif /* MAC */ + + auio.uio_iov = iov; + auio.uio_iovcnt = 1; + auio.uio_segflg = UIO_USERSPACE; + auio.uio_rw = UIO_WRITE; + auio.uio_td = td; + auio.uio_offset = 0; /* XXX */ + auio.uio_resid = 0; + len = auio.uio_resid = uap->mlen; + CURVNET_SET(so->so_vnet); + error = sctp_lower_sosend(so, to, &auio, + (struct mbuf *)NULL, (struct mbuf *)NULL, + uap->flags, u_sinfo, td); + CURVNET_RESTORE(); + if (error) { + if (auio.uio_resid != len && (error == ERESTART || + error == EINTR || error == EWOULDBLOCK)) + error = 0; + /* Generation of SIGPIPE can be controlled per socket. */ + if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) && + !(uap->flags & MSG_NOSIGNAL)) { + PROC_LOCK(td->td_proc); + tdsignal(td, SIGPIPE); + PROC_UNLOCK(td->td_proc); + } + } + if (error == 0) + td->td_retval[0] = len - auio.uio_resid; +#ifdef KTRACE + if (ktruio != NULL) { + ktruio->uio_resid = td->td_retval[0]; + ktrgenio(uap->sd, UIO_WRITE, ktruio, error); + } +#endif /* KTRACE */ +sctp_bad: + if (fp) + fdrop(fp, td); +sctp_bad2: + if (to) + free(to, M_SONAME); + return (error); +#else /* SCTP */ + return (EOPNOTSUPP); +#endif /* SCTP */ +} + +int +sys_sctp_generic_sendmsg_iov(td, uap) + struct thread *td; + struct sctp_generic_sendmsg_iov_args /* { + int sd, + struct iovec *iov, + int iovlen, + caddr_t to, + __socklen_t tolen, + struct sctp_sndrcvinfo *sinfo, + int flags + } */ *uap; +{ +#if (defined(INET) || defined(INET6)) && defined(SCTP) + struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL; + struct socket *so; + struct file *fp = NULL; + int error=0, i; + ssize_t len; + struct sockaddr *to = NULL; +#ifdef KTRACE + struct uio *ktruio = NULL; +#endif + struct uio auio; + struct iovec *iov, *tiov; + cap_rights_t rights; + + if (uap->sinfo) { + error = copyin(uap->sinfo, &sinfo, sizeof (sinfo)); + if (error) + return (error); + u_sinfo = &sinfo; + } + rights = CAP_WRITE; + if (uap->tolen) { + error = getsockaddr(&to, uap->to, uap->tolen); + if (error) { + to = NULL; + goto sctp_bad2; + } + rights |= CAP_CONNECT; + } + + AUDIT_ARG_FD(uap->sd); + error = getsock_cap(td->td_proc->p_fd, uap->sd, rights, &fp, NULL); + if (error) + goto sctp_bad1; + +#ifdef COMPAT_FREEBSD32 + if (SV_CURPROC_FLAG(SV_ILP32)) + error = freebsd32_copyiniov((struct iovec32 *)uap->iov, + uap->iovlen, &iov, EMSGSIZE); + else +#endif + error = copyiniov(uap->iov, uap->iovlen, &iov, EMSGSIZE); + if (error) + goto sctp_bad1; +#ifdef KTRACE + if (to && (KTRPOINT(td, KTR_STRUCT))) + ktrsockaddr(to); +#endif + + so = (struct socket *)fp->f_data; + if (so->so_proto->pr_protocol != IPPROTO_SCTP) { + error = EOPNOTSUPP; + goto sctp_bad; + } +#ifdef MAC + error = mac_socket_check_send(td->td_ucred, so); + if (error) + goto sctp_bad; +#endif /* MAC */ + + auio.uio_iov = iov; + auio.uio_iovcnt = uap->iovlen; + auio.uio_segflg = UIO_USERSPACE; + auio.uio_rw = UIO_WRITE; + auio.uio_td = td; + auio.uio_offset = 0; /* XXX */ + auio.uio_resid = 0; + tiov = iov; + for (i = 0; i iovlen; i++, tiov++) { + if ((auio.uio_resid += tiov->iov_len) < 0) { + error = EINVAL; + goto sctp_bad; + } + } + len = auio.uio_resid; + CURVNET_SET(so->so_vnet); + error = sctp_lower_sosend(so, to, &auio, + (struct mbuf *)NULL, (struct mbuf *)NULL, + uap->flags, u_sinfo, td); + CURVNET_RESTORE(); + if (error) { + if (auio.uio_resid != len && (error == ERESTART || + error == EINTR || error == EWOULDBLOCK)) + error = 0; + /* Generation of SIGPIPE can be controlled per socket */ + if (error == EPIPE && !(so->so_options & SO_NOSIGPIPE) && + !(uap->flags & MSG_NOSIGNAL)) { + PROC_LOCK(td->td_proc); + tdsignal(td, SIGPIPE); + PROC_UNLOCK(td->td_proc); + } + } + if (error == 0) + td->td_retval[0] = len - auio.uio_resid; +#ifdef KTRACE + if (ktruio != NULL) { + ktruio->uio_resid = td->td_retval[0]; + ktrgenio(uap->sd, UIO_WRITE, ktruio, error); + } +#endif /* KTRACE */ +sctp_bad: + free(iov, M_IOV); +sctp_bad1: + if (fp) + fdrop(fp, td); +sctp_bad2: + if (to) + free(to, M_SONAME); + return (error); +#else /* SCTP */ + return (EOPNOTSUPP); +#endif /* SCTP */ +} + +int +sys_sctp_generic_recvmsg(td, uap) + struct thread *td; + struct sctp_generic_recvmsg_args /* { + int sd, + struct iovec *iov, + int iovlen, + struct sockaddr *from, + __socklen_t *fromlenaddr, + struct sctp_sndrcvinfo *sinfo, + int *msg_flags + } */ *uap; +{ +#if (defined(INET) || defined(INET6)) && defined(SCTP) + uint8_t sockbufstore[256]; + struct uio auio; + struct iovec *iov, *tiov; + struct sctp_sndrcvinfo sinfo; + struct socket *so; + struct file *fp = NULL; + struct sockaddr *fromsa; + int fromlen; + ssize_t len; + int i, msg_flags; + int error = 0; +#ifdef KTRACE + struct uio *ktruio = NULL; +#endif + + AUDIT_ARG_FD(uap->sd); + error = getsock_cap(td->td_proc->p_fd, uap->sd, CAP_READ, &fp, NULL); + if (error) { + return (error); + } +#ifdef COMPAT_FREEBSD32 + if (SV_CURPROC_FLAG(SV_ILP32)) + error = freebsd32_copyiniov((struct iovec32 *)uap->iov, + uap->iovlen, &iov, EMSGSIZE); + else +#endif + error = copyiniov(uap->iov, uap->iovlen, &iov, EMSGSIZE); + if (error) + goto out1; + + so = fp->f_data; + if (so->so_proto->pr_protocol != IPPROTO_SCTP) { + error = EOPNOTSUPP; + goto out; + } +#ifdef MAC + error = mac_socket_check_receive(td->td_ucred, so); + if (error) { + goto out; + } +#endif /* MAC */ + + if (uap->fromlenaddr) { + error = copyin(uap->fromlenaddr, + &fromlen, sizeof (fromlen)); + if (error) { + goto out; + } + } else { + fromlen = 0; + } + if (uap->msg_flags) { + error = copyin(uap->msg_flags, &msg_flags, sizeof (int)); + if (error) { + goto out; + } + } else { + msg_flags = 0; + } + auio.uio_iov = iov; + auio.uio_iovcnt = uap->iovlen; + auio.uio_segflg = UIO_USERSPACE; + auio.uio_rw = UIO_READ; + auio.uio_td = td; + auio.uio_offset = 0; /* XXX */ + auio.uio_resid = 0; + tiov = iov; + for (i = 0; i iovlen; i++, tiov++) { + if ((auio.uio_resid += tiov->iov_len) < 0) { + error = EINVAL; + goto out; + } + } + len = auio.uio_resid; + fromsa = (struct sockaddr *)sockbufstore; + +#ifdef KTRACE + if (KTRPOINT(td, KTR_GENIO)) + ktruio = cloneuio(&auio); +#endif /* KTRACE */ + memset(&sinfo, 0, sizeof(struct sctp_sndrcvinfo)); + CURVNET_SET(so->so_vnet); + error = sctp_sorecvmsg(so, &auio, (struct mbuf **)NULL, + fromsa, fromlen, &msg_flags, + (struct sctp_sndrcvinfo *)&sinfo, 1); + CURVNET_RESTORE(); + if (error) { + if (auio.uio_resid != len && (error == ERESTART || + error == EINTR || error == EWOULDBLOCK)) + error = 0; + } else { + if (uap->sinfo) + error = copyout(&sinfo, uap->sinfo, sizeof (sinfo)); + } +#ifdef KTRACE + if (ktruio != NULL) { + ktruio->uio_resid = len - auio.uio_resid; + ktrgenio(uap->sd, UIO_READ, ktruio, error); + } +#endif /* KTRACE */ + if (error) + goto out; + td->td_retval[0] = len - auio.uio_resid; + + if (fromlen && uap->from) { + len = fromlen; + if (len <= 0 || fromsa == 0) + len = 0; + else { + len = MIN(len, fromsa->sa_len); + error = copyout(fromsa, uap->from, (size_t)len); + if (error) + goto out; + } + error = copyout(&len, uap->fromlenaddr, sizeof (socklen_t)); + if (error) { + goto out; + } + } +#ifdef KTRACE + if (KTRPOINT(td, KTR_STRUCT)) + ktrsockaddr(fromsa); +#endif + if (uap->msg_flags) { + error = copyout(&msg_flags, uap->msg_flags, sizeof (int)); + if (error) { + goto out; + } + } +out: + free(iov, M_IOV); +out1: + if (fp) + fdrop(fp, td); + + return (error); +#else /* SCTP */ + return (EOPNOTSUPP); +#endif /* SCTP */ +} Index: sys/sys/jail.h =================================================================== --- sys/sys/jail.h (revision 239685) +++ sys/sys/jail.h (working copy) @@ -384,14 +384,20 @@ int prison_get_ip4(struct ucred *cred, struct in_a int prison_local_ip4(struct ucred *cred, struct in_addr *ia); int prison_remote_ip4(struct ucred *cred, struct in_addr *ia); int prison_check_ip4(struct ucred *cred, struct in_addr *ia); +int prison_check_ip4_locked(struct prison *, struct in_addr *); int prison_saddrsel_ip4(struct ucred *, struct in_addr *); +int prison_restrict_ip4(struct prison *, struct in_addr *); +int prison_qcmp_v4(const void *ip1, const void *ip2); #ifdef INET6 int prison_equal_ip6(struct prison *, struct prison *); int prison_get_ip6(struct ucred *, struct in6_addr *); int prison_local_ip6(struct ucred *, struct in6_addr *, int); int prison_remote_ip6(struct ucred *, struct in6_addr *); int prison_check_ip6(struct ucred *, struct in6_addr *); +int prison_check_ip6_locked(struct prison *, struct in6_addr *); int prison_saddrsel_ip6(struct ucred *, struct in6_addr *); +int prison_restrict_ip6(struct prison *, struct in6_addr *); +int prison_qcmp_v6(const void *ip1, const void *ip2); #endif int prison_check_af(struct ucred *cred, int af); int prison_if(struct ucred *cred, struct sockaddr *sa); Index: sys/sys/netstack.h =================================================================== --- sys/sys/netstack.h (revision 0) +++ sys/sys/netstack.h (revision 0) @@ -0,0 +1,77 @@ +/*- + * Copyright (c) 2012, Juniper Networks, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _SYS_NETSTACK_H_ +#define _SYS_NETSTACK_H_ + +#ifdef _KERNEL + +#include +#include +#include +#include + +typedef struct netstack *netstack_t; +typedef kobj_class_t netstack_class_t; + +struct netstack { + KOBJ_FIELDS; + + netstack_class_t ns_class; +}; + +struct netstack_module_data { + const char *nmd_stackname; + netstack_class_t nmd_class; +}; + +extern netstack_t curnetstack; + +int netstack_module_handler(struct module *, int, void *); +int netstack_register(netstack_t); +netstack_t netstack_create(netstack_class_t); + +#define NETSTACK_MODULE(name, methods, order) \ + DEFINE_CLASS_0(name, name##_netstack_class, methods, \ + sizeof(struct netstack)); \ + static struct netstack_module_data name##_netstack_mod_data = { \ + #name, \ + (netstack_class_t) & name##_netstack_class \ + }; \ + static moduledata_t netstack_##name##_mod = { \ + "netstack_" #name, \ + netstack_module_handler, \ + & name##_netstack_mod_data \ + }; \ + DECLARE_MODULE(netstack_##name, netstack_##name##_mod, \ + SI_SUB_PROTO_DOMAIN, order) + +#endif + +#endif /* _SYS_NETSTACK_H_ */ + Index: sys/sys/socketvar.h =================================================================== --- sys/sys/socketvar.h (revision 239685) +++ sys/sys/socketvar.h (working copy) @@ -42,6 +42,7 @@ #include #include #ifdef _KERNEL +#include #include #endif @@ -129,6 +130,17 @@ struct socket { u_short so_lrid; }; +struct socket_iocgroup { + char soiocg_group; + int (*soiocg_ioctl)(struct socket *, u_long, caddr_t, + struct thread *); + struct socket_iocgroup *soiocg_next; +}; + +#define SO_IOCGROUP_SET(name) \ + SYSINIT(so_iocgroup_add_ ## name, SI_SUB_PROTO_DOMAIN, \ + SI_ORDER_FIRST, so_iocgroup_add, & name ## iocgroup) + /* * Global accept mutex to serialize access to accept queues and * fields associated with multiple sockets. This allows us to @@ -299,6 +311,11 @@ extern u_long sb_max; extern struct uma_zone *socket_zone; extern so_gen_t so_gencnt; +extern int so_iocgroup_init_status; +extern struct socket_iocgroup *so_iocgroups; + +struct file; +struct filedesc; struct mbuf; struct sockaddr; struct ucred; @@ -312,11 +329,15 @@ struct uio; #define SU_OK 0 #define SU_ISCONNECTED 1 +void so_iocgroup_add(void *); + /* * From uipc_socket and friends */ int sockargs(struct mbuf **mp, caddr_t buf, int buflen, int type); int getsockaddr(struct sockaddr **namp, caddr_t uaddr, size_t len); +int getsock_cap(struct filedesc *fdp, int fd, cap_rights_t rights, + struct file **fpp, u_int *fflagp); void soabort(struct socket *so); int soaccept(struct socket *so, struct sockaddr **nam); int socheckuid(struct socket *so, uid_t uid); Index: sys/sys/systm.h =================================================================== --- sys/sys/systm.h (revision 239685) +++ sys/sys/systm.h (working copy) @@ -272,6 +272,8 @@ extern int cpu_disable_deep_sleep; int cr_cansee(struct ucred *u1, struct ucred *u2); int cr_canseesocket(struct ucred *cred, struct socket *so); int cr_canseeinpcb(struct ucred *cred, struct inpcb *inp); +int cr_canseeothergids(struct ucred *u1, struct ucred *u2); +int cr_canseeotheruids(struct ucred *u1, struct ucred *u2); char *getenv(const char *name); void freeenv(char *env); Index: sys/sys/uuid.h =================================================================== --- sys/sys/uuid.h (revision 239685) +++ sys/sys/uuid.h (working copy) @@ -51,7 +51,13 @@ struct uuid { }; #ifdef _KERNEL +#include +struct uuid_source { + STAILQ_ENTRY(uuid_source) link; + int (*get_uuid)(uint16_t *, size_t); +}; + #define UUID_NODE_LEN _UUID_NODE_LEN struct sbuf; @@ -68,6 +74,17 @@ void be_uuid_enc(void *buf, struct uuid const *uui void le_uuid_dec(void const *buf, struct uuid *uuid); void le_uuid_enc(void *buf, struct uuid const *uuid); +void uuid_source_register(void *); +void uuid_source_unregister(void *); + +#define UUID_SOURCE(name) \ + SYSINIT(uuid_source_register ## name, SI_SUB_PROTO_DOMAIN, \ + SI_ORDER_FIRST, uuid_source_register, \ + & name ## uuid_source); \ + SYSUNINIT(uuid_source_unregister ## name, SI_SUB_PROTO_DOMAIN, \ + SI_ORDER_FIRST, uuid_source_unregister, \ + & name ## uuid_source) + #else /* _KERNEL */ /* XXX namespace pollution? */