<feed xmlns='http://www.w3.org/2005/Atom'>
<title>src/sys/netinet, branch release/5.3.0_cvs</title>
<subtitle>FreeBSD source tree</subtitle>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/'/>
<entry>
<title>This commit was manufactured by cvs2svn to create tag</title>
<updated>2004-11-04T19:12:42+00:00</updated>
<author>
<name>cvs2svn</name>
<email>cvs2svn@FreeBSD.org</email>
</author>
<published>2004-11-04T19:12:42+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=3f86d8a2ea3f3265afaa1fd263b0004c5c000e69'/>
<id>3f86d8a2ea3f3265afaa1fd263b0004c5c000e69</id>
<content type='text'>
'RELENG_5_3_0_RELEASE'.

This commit was manufactured to restore the state of the 5.3-RELEASE image.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
'RELENG_5_3_0_RELEASE'.

This commit was manufactured to restore the state of the 5.3-RELEASE image.
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tcp_output:1.104 from HEAD to RELENG_5_3:</title>
<updated>2004-10-30T20:50:06+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2004-10-30T20:50:06+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=82d4c1675e2d0ff99df2b5ed2fab8c6e74f69cf3'/>
<id>82d4c1675e2d0ff99df2b5ed2fab8c6e74f69cf3</id>
<content type='text'>
  date: 2004/10/30 12:02:50;  author: rwatson;  state: Exp;  lines: +2 -2
  Correct a bug in TCP SACK that could result in wedging of the TCP stack
  under high load: only set function state to loop and continuing sending
  if there is no data left to send.

  RELENG_5_3 candidate.

  Feet provided:  Peter Losher &lt;Peter underscore Losher at isc dot org&gt;
  Diagnosed by:   Aniel Hartmeier &lt;daniel at benzedrine dot cx&gt;
  Submitted by:   mohan &lt;mohans at yahoo-inc dot com&gt;

Approved by:	re (kensmith)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
  date: 2004/10/30 12:02:50;  author: rwatson;  state: Exp;  lines: +2 -2
  Correct a bug in TCP SACK that could result in wedging of the TCP stack
  under high load: only set function state to loop and continuing sending
  if there is no data left to send.

  RELENG_5_3 candidate.

  Feet provided:  Peter Losher &lt;Peter underscore Losher at isc dot org&gt;
  Diagnosed by:   Aniel Hartmeier &lt;daniel at benzedrine dot cx&gt;
  Submitted by:   mohan &lt;mohans at yahoo-inc dot com&gt;

Approved by:	re (kensmith)
</pre>
</div>
</content>
</entry>
<entry>
<title>MFC r1.131:</title>
<updated>2004-10-26T17:28:36+00:00</updated>
<author>
<name>Bruce M Simpson</name>
<email>bms@FreeBSD.org</email>
</author>
<published>2004-10-26T17:28:36+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=ae78dbb3d23f8d7794b14dc4324fb1600dc08273'/>
<id>ae78dbb3d23f8d7794b14dc4324fb1600dc08273</id>
<content type='text'>
Check that rt_mask(rt) is non-NULL before dereferencing it, in the
RTM_ADD case, thus avoiding a panic.

PR:		kern/42030
Submitted by:	Iasen Kostov
Approved by:	re@
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Check that rt_mask(rt) is non-NULL before dereferencing it, in the
RTM_ADD case, thus avoiding a panic.

PR:		kern/42030
Submitted by:	Iasen Kostov
Approved by:	re@
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge kern_descrip.c:1.246, uipc_socket.c:1.214, uipc_usrreq.c:1.141,</title>
<updated>2004-10-21T09:30:48+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2004-10-21T09:30:48+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=689a28d6610af4c680f8bd5d9c5be33811a50754'/>
<id>689a28d6610af4c680f8bd5d9c5be33811a50754</id>
<content type='text'>
raw_cb.c:1.30, raw_usrreq.c:1.35, ddp_pcb.c:1.45, atm_socket.c:1.21,
ng_btsocket_hci_raw.c:1.16, ng_btsocket_l2cap.c:1.14,
ng_btsocket_l2cap_raw.c:1.13, ng_btsocket_rfcomm.c:1.13, in_pcb.c:1.156,
tcp_subr.c:1.205, in6_pcb.c:1.61, ipx_pcb.c:1.29, ipx_usrreq.c:1.41,
natm.c:1.35, socketvar.h:1.135 from HEAD to RELENG_5_3:

  Push acquisition of the accept mutex out of sofree() into the caller
  (sorele()/sotryfree()):

  - This permits the caller to acquire the accept mutex before the socket
    mutex, avoiding sofree() having to drop the socket mutex and re-order,
    which could lead to races permitting more than one thread to enter
    sofree() after a socket is ready to be free'd.

  - This also covers clearing of the so_pcb weak socket reference from
    the protocol to the socket, preventing races in clearing and
    evaluation of the reference such that sofree() might be called more
    than once on the same socket.

  This appears to close a race I was able to easily trigger by repeatedly
  opening and resetting TCP connections to a host, in which the
  tcp_close() code called as a result of the RST raced with the close()
  of the accepted socket in the user process resulting in simultaneous
  attempts to de-allocate the same socket.  The new locking increases
  the overhead for operations that may potentially free the socket, so we
  will want to revise the synchronization strategy here as we normalize
  the reference counting model for sockets.  The use of the accept mutex
  in freeing of sockets that are not listen sockets is primarily
  motivated by the potential need to remove the socket from the
  incomplete connection queue on its parent (listen) socket, so cleaning
  up the reference model here may allow us to substantially weaken the
  synchronization requirements.

  RELENG_5_3 candidate.

  MFC after:      3 days
  Reviewed by:    dwhite
  Discussed with: gnn, dwhite, green
  Reported by:    Marc UBM Bocklet &lt;ubm at u-boot-man dot de&gt;
  Reported by:    Vlad &lt;marchenko at gmail dot com&gt;

Approved by:    re (scottl)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
raw_cb.c:1.30, raw_usrreq.c:1.35, ddp_pcb.c:1.45, atm_socket.c:1.21,
ng_btsocket_hci_raw.c:1.16, ng_btsocket_l2cap.c:1.14,
ng_btsocket_l2cap_raw.c:1.13, ng_btsocket_rfcomm.c:1.13, in_pcb.c:1.156,
tcp_subr.c:1.205, in6_pcb.c:1.61, ipx_pcb.c:1.29, ipx_usrreq.c:1.41,
natm.c:1.35, socketvar.h:1.135 from HEAD to RELENG_5_3:

  Push acquisition of the accept mutex out of sofree() into the caller
  (sorele()/sotryfree()):

  - This permits the caller to acquire the accept mutex before the socket
    mutex, avoiding sofree() having to drop the socket mutex and re-order,
    which could lead to races permitting more than one thread to enter
    sofree() after a socket is ready to be free'd.

  - This also covers clearing of the so_pcb weak socket reference from
    the protocol to the socket, preventing races in clearing and
    evaluation of the reference such that sofree() might be called more
    than once on the same socket.

  This appears to close a race I was able to easily trigger by repeatedly
  opening and resetting TCP connections to a host, in which the
  tcp_close() code called as a result of the RST raced with the close()
  of the accepted socket in the user process resulting in simultaneous
  attempts to de-allocate the same socket.  The new locking increases
  the overhead for operations that may potentially free the socket, so we
  will want to revise the synchronization strategy here as we normalize
  the reference counting model for sockets.  The use of the accept mutex
  in freeing of sockets that are not listen sockets is primarily
  motivated by the potential need to remove the socket from the
  incomplete connection queue on its parent (listen) socket, so cleaning
  up the reference model here may allow us to substantially weaken the
  synchronization requirements.

  RELENG_5_3 candidate.

  MFC after:      3 days
  Reviewed by:    dwhite
  Discussed with: gnn, dwhite, green
  Reported by:    Marc UBM Bocklet &lt;ubm at u-boot-man dot de&gt;
  Reported by:    Vlad &lt;marchenko at gmail dot com&gt;

Approved by:    re (scottl)
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge udp_usrreq.c:1.167 from HEAD to RELENG_5:</title>
<updated>2004-10-14T11:49:25+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2004-10-14T11:49:25+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=3cb254ea13f4907abf49399e5184ab092c3bdd90'/>
<id>3cb254ea13f4907abf49399e5184ab092c3bdd90</id>
<content type='text'>
  date: 2004/10/12 20:03:56;  author: rwatson;  state: Exp;  lines: +3 -3
  Don't release the udbinfo lock until after the last use of  UDP inpcb
  in udp_input(), since the udbinfo lock is used to prevent removal of
  the inpcb while in use (i.e., as a form of reference count) in the
  in-bound path.

  RELENG_5 candidate.

Approved by:	re (scottl)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
  date: 2004/10/12 20:03:56;  author: rwatson;  state: Exp;  lines: +3 -3
  Don't release the udbinfo lock until after the last use of  UDP inpcb
  in udp_input(), since the udbinfo lock is used to prevent removal of
  the inpcb while in use (i.e., as a form of reference count) in the
  in-bound path.

  RELENG_5 candidate.

Approved by:	re (scottl)
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge raw_ip.c:1.145 from HEAD to RELENG_5:</title>
<updated>2004-10-14T11:45:26+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2004-10-14T11:45:26+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=95b65b8064185a4c1838ab51a96fdee4c4edd28c'/>
<id>95b65b8064185a4c1838ab51a96fdee4c4edd28c</id>
<content type='text'>
  date: 2004/10/12 16:47:25;  author: rwatson;  state: Exp;  lines: +41 -20
  When the access control on creating raw sockets was modified so that
  processes in jail could create raw sockets, additional access control
  checks were added to raw IP sockets to limit the ways in which those
  sockets could be used.  Specifically, only the socket option IP_HDRINCL
  was permitted in rip_ctloutput().  Other socket options were protected
  by a call to suser().  This change was required to prevent processes
  in a Jail from modifying system properties such as multicast routing
  and firewall rule sets.

  However, it also introduced a regression: processes that create a raw
  socket with root privilege, but then downgraded credential (i.e., a
  daemon giving up root, or a setuid process switching back to the real
  uid) could no longer issue other unprivileged generic IP socket option
  operations, such as IP_TOS, IP_TTL, and the multicast group membership
  options, which prevented multicast routing daemons (and some other
  tools) from operating correctly.

  This change pushes the access control decision down to the granularity
  of individual socket options, rather than all socket options, on raw
  IP sockets.  When rip_ctloutput() doesn't implement an option, it will
  now pass the request directly to in_control() without an access
  control check.  This should restore the functionality of the generic
  IP socket options for raw sockets in the above-described scenarios,
  which may be confirmed with the ipsockopt regression test.

  RELENG_5 candidate.

  Reviewed by:    csjp

Approved by:	re (scottl)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
  date: 2004/10/12 16:47:25;  author: rwatson;  state: Exp;  lines: +41 -20
  When the access control on creating raw sockets was modified so that
  processes in jail could create raw sockets, additional access control
  checks were added to raw IP sockets to limit the ways in which those
  sockets could be used.  Specifically, only the socket option IP_HDRINCL
  was permitted in rip_ctloutput().  Other socket options were protected
  by a call to suser().  This change was required to prevent processes
  in a Jail from modifying system properties such as multicast routing
  and firewall rule sets.

  However, it also introduced a regression: processes that create a raw
  socket with root privilege, but then downgraded credential (i.e., a
  daemon giving up root, or a setuid process switching back to the real
  uid) could no longer issue other unprivileged generic IP socket option
  operations, such as IP_TOS, IP_TTL, and the multicast group membership
  options, which prevented multicast routing daemons (and some other
  tools) from operating correctly.

  This change pushes the access control decision down to the granularity
  of individual socket options, rather than all socket options, on raw
  IP sockets.  When rip_ctloutput() doesn't implement an option, it will
  now pass the request directly to in_control() without an access
  control check.  This should restore the functionality of the generic
  IP socket options for raw sockets in the above-described scenarios,
  which may be confirmed with the ipsockopt regression test.

  RELENG_5 candidate.

  Reviewed by:    csjp

Approved by:	re (scottl)
</pre>
</div>
</content>
</entry>
<entry>
<title>MFC r1.78: further rule verification (against corrupt rules added by root).</title>
<updated>2004-10-13T22:07:05+00:00</updated>
<author>
<name>Brian Feldman</name>
<email>green@FreeBSD.org</email>
</author>
<published>2004-10-13T22:07:05+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=f6ebdf929ca1a8e070555651d7ba096ff6f20907'/>
<id>f6ebdf929ca1a8e070555651d7ba096ff6f20907</id>
<content type='text'>
Approved by:	re
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Approved by:	re
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tcp_output.c:1.103 from HEAD to RELENG_5:</title>
<updated>2004-10-12T17:36:45+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2004-10-12T17:36:45+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=1f9bc317de7d9379cd98ffaa28c3d2f0eafa61bc'/>
<id>1f9bc317de7d9379cd98ffaa28c3d2f0eafa61bc</id>
<content type='text'>
  date: 2004/10/09 16:48:51;  author: rwatson;  state: Exp;  lines: +14 -2
  Acquire the send socket buffer lock around tcp_output() activities
  reaching into the socket buffer.  This prevents a number of potential
  races, including dereferencing of sb_mb while unlocked leading to
  a NULL pointer deref (how I found it).  Potentially this might also
  explain other "odd" TCP behavior on SMP boxes (although  haven't
  seen it reported).

Approved by:	re (kensmith)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
  date: 2004/10/09 16:48:51;  author: rwatson;  state: Exp;  lines: +14 -2
  Acquire the send socket buffer lock around tcp_output() activities
  reaching into the socket buffer.  This prevents a number of potential
  races, including dereferencing of sb_mb while unlocked leading to
  a NULL pointer deref (how I found it).  Potentially this might also
  explain other "odd" TCP behavior on SMP boxes (although  haven't
  seen it reported).

Approved by:	re (kensmith)
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge ip_mroute.c:1.109 to RELENG_5:</title>
<updated>2004-10-09T15:12:04+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2004-10-09T15:12:04+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=ec6386789755c859ca32bd7b5065a5e87059f9fa'/>
<id>ec6386789755c859ca32bd7b5065a5e87059f9fa</id>
<content type='text'>
  date: 2004/10/07 14:13:35;  author: rwatson;  state: Exp;  lines: +7 -4
  When running with debug.mpsafenet=0, initialize IP multicast routing
  callouts as non-CALLOUT_MPSAFE.  Otherwise, they may trigger an
  assertion regarding Giant if they enter other parts of the stack from
  the callout.

  MFC after:      3 days
  Reported by:    Dikshie &lt; dikshie at ppk dot itb dot ac dot id &gt;

Approved by:	re (scottl)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
  date: 2004/10/07 14:13:35;  author: rwatson;  state: Exp;  lines: +7 -4
  When running with debug.mpsafenet=0, initialize IP multicast routing
  callouts as non-CALLOUT_MPSAFE.  Otherwise, they may trigger an
  assertion regarding Giant if they enter other parts of the stack from
  the callout.

  MFC after:      3 days
  Reported by:    Dikshie &lt; dikshie at ppk dot itb dot ac dot id &gt;

Approved by:	re (scottl)
</pre>
</div>
</content>
</entry>
<entry>
<title>MFC pfil API change:</title>
<updated>2004-10-03T17:04:41+00:00</updated>
<author>
<name>Max Laier</name>
<email>mlaier@FreeBSD.org</email>
</author>
<published>2004-10-03T17:04:41+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=e28dbfbc3750d9020eacc3c2afad68e4b3aeddec'/>
<id>e28dbfbc3750d9020eacc3c2afad68e4b3aeddec</id>
<content type='text'>
  Add an additional struct inpcb * argument to pfil(9) in order to enable
  passing along socket information. This is required to work around a LOR
  with the socket code which results in an easy reproducible hard lockup
  with debug.mpsafenet=1. This commit does *not* fix the LOR, but enables us
  to do so later. The missing piece is to turn the filter locking into a
  leaf lock and will follow in a seperate (later) commit.

  Suggested by:           rwatson
  A lot of work by:       csjp
  LOR IDs:                14 - 17 (not fixed yet)

Approved by:	re (scottl)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
  Add an additional struct inpcb * argument to pfil(9) in order to enable
  passing along socket information. This is required to work around a LOR
  with the socket code which results in an easy reproducible hard lockup
  with debug.mpsafenet=1. This commit does *not* fix the LOR, but enables us
  to do so later. The missing piece is to turn the filter locking into a
  leaf lock and will follow in a seperate (later) commit.

  Suggested by:           rwatson
  A lot of work by:       csjp
  LOR IDs:                14 - 17 (not fixed yet)

Approved by:	re (scottl)
</pre>
</div>
</content>
</entry>
</feed>
