mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-18 10:35:55 +00:00
Code Issues Releases Activity
91421ba234
freebsd/sys/netinet
History
Robert Watson 91421ba234 o Move per-process jail pointer (p->pr_prison) to inside of the subject 
credential structure, ucred (cr->cr_prison).
o Allow jail inheritence to be a function of credential inheritence.
o Abstract prison structure reference counting behind pr_hold() and
  pr_free(), invoked by the similarly named credential reference
  management functions, removing this code from per-ABI fork/exit code.
o Modify various jail() functions to use struct ucred arguments instead
  of struct proc arguments.
o Introduce jailed() function to determine if a credential is jailed,
  rather than directly checking pointers all over the place.
o Convert PRISON_CHECK() macro to prison_check() function.
o Move jail() function prototypes to jail.h.
o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the
  flag in the process flags field itself.
o Eliminate that "const" qualifier from suser/p_can/etc to reflect
  mutex use.

Notes:

o Some further cleanup of the linux/jail code is still required.
o It's now possible to consider resolving some of the process vs
  credential based permission checking confusion in the socket code.
o Mutex protection of struct prison is still not present, and is
  required to protect the reference count plus some fields in the
  structure.

Reviewed by:	freebsd-arch
Obtained from:	TrustedBSD Project
2001-02-21 06:39:57 +00:00
..
libalias Add a few ``const''s to silence some -Wwrite-strings warnings 2001-01-29 11:44:13 +00:00
accf_data.c
accf_http.c Fix incorrect logic wouldn't disconnect incomming connections that had been 2001-01-03 19:50:23 +00:00
fil.c fix conflicts 2001-02-04 14:26:56 +00:00
icmp6.h
icmp_var.h Clean up RST ratelimiting. Previously, ratelimiting occured before tests 2001-02-11 07:39:51 +00:00
if_atm.c
if_atm.h
if_ether.c Sync with the bridge/dummynet/ipfw code already tested in stable. 2001-02-10 00:10:18 +00:00
if_ether.h
if_fddi.h
igmp_var.h
igmp.c
igmp.h
in_cksum.c
in_gif.c Another round of the <sys/queue.h> FOREACH transmogriffer. 2001-02-04 16:08:18 +00:00
in_gif.h
in_hostcache.c Convert more malloc+bzero to malloc+M_ZERO. 2000-12-08 21:51:06 +00:00
in_hostcache.h
in_pcb.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
in_pcb.h Update the "icmp_admin_prohib_like_rst" code to check the tcp-window and 2000-12-24 10:57:21 +00:00
in_proto.c
in_rmx.c
in_systm.h
in_var.h Convert if_multiaddrs from LIST to TAILQ so that it can be traversed 2001-02-06 10:12:15 +00:00
in.c Another round of the <sys/queue.h> FOREACH transmogriffer. 2001-02-04 16:08:18 +00:00
in.h o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
ip6.h
ip_auth.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_auth.h
ip_compat.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_divert.c Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
ip_dummynet.c Sync with the bridge/dummynet/ipfw code already tested in stable. 2001-02-10 00:10:18 +00:00
ip_dummynet.h MFS: bridge/ipfw/dummynet fixes (bridge.c will be committed separately) 2001-02-02 00:18:00 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
ip_encap.h
ip_fil.c
ip_fil.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_flow.c
ip_flow.h
ip_frag.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_frag.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_ftp_pxy.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_fw.c Clean up warning. 2001-02-15 22:32:06 +00:00
ip_fw.h Introduce a new feature in IPFW: Check of the source or destination 2001-02-13 14:12:37 +00:00
ip_icmp.c Remove unneeded loop increment in src/sys/netinet/in_pcb.c:in_pcbnotify 2001-02-18 09:34:55 +00:00
ip_icmp.h
ip_input.c Send a ICMP unreachable instead of dropping the packet silent, if we 2001-02-20 21:31:47 +00:00
ip_log.c
ip_mroute.c Fix typo: seperate -> separate. 2001-02-06 11:21:58 +00:00
ip_mroute.h
ip_nat.c fix duplicate rcsid 2001-02-04 15:25:15 +00:00
ip_nat.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_output.c Another round of the <sys/queue.h> FOREACH transmogriffer. 2001-02-04 16:08:18 +00:00
ip_proxy.c
ip_proxy.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_raudio_pxy.c
ip_rcmd_pxy.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_state.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_state.h
ip_var.h
ip.h
ipl.h fix conflicts 2001-02-04 14:26:56 +00:00
ipprotosw.h
mlfk_ipl.c fix conflicts 2001-02-04 14:26:56 +00:00
raw_ip.c Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_input.c Clean up RST ratelimiting. Previously, ratelimiting occured before tests 2001-02-11 07:39:51 +00:00
tcp_output.c
tcp_reass.c Clean up RST ratelimiting. Previously, ratelimiting occured before tests 2001-02-11 07:39:51 +00:00
tcp_seq.h
tcp_subr.c Only call in_pcbnotify if the src port number != 0, as we 2001-02-20 23:25:04 +00:00
tcp_timer.c
tcp_timer.h
tcp_timewait.c Only call in_pcbnotify if the src port number != 0, as we 2001-02-20 23:25:04 +00:00
tcp_usrreq.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
tcp_var.h Remove unneeded loop increment in src/sys/netinet/in_pcb.c:in_pcbnotify 2001-02-18 09:34:55 +00:00
tcp.h o Minor style(9)ism to make consistent with -STABLE 2001-01-09 18:26:17 +00:00
tcpip.h
udp_usrreq.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
udp_var.h remove unused data structure definition, and corresponding macro into*() 2001-02-18 07:10:03 +00:00
udp.h