sockbuf: Improve sbcreatecontrol() parameter types to save casts - Change 'caddr_t p' to 'const void *p' to save casts for the callers. The 'const' qualifier is also added meanwhile. - Change 'int size' to 'size_t size', given that callers generally pass this parameter as sizeof(). - Update all relevant callers. For the reference, OpenBSD also did this for sbcreatecontrol().
kernel - Add per-process capability-based restrictions * This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed. Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features. * Add new system calls and a manual page for syscap_get(2) and syscap_set(2) * Add sys/caps.h * Add the "setcaps" userland utility and manual page. * Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure. * The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
kernel: Remove numerous #include <sys/thread2.h>. Most of them were added when we converted spl*() calls to crit_enter()/crit_exit(), almost 14 years ago. We can now remove a good chunk of them again for where crit_*() are no longer used. I had to adjust some files that were relying on thread2.h or headers that it includes coming in via other headers that it was removed from.
Remove IPsec and related code from the system. It was unmaintained ever since we inherited it from FreeBSD 4.8. In fact, we had two implementations from that time: IPSEC and FAST_IPSEC. FAST_IPSEC is the implementation to which FreeBSD has moved since, but it didn't even build in DragonFly. Fixes for dports have been committed to DeltaPorts. Requested-by: dillon Dports-testing-and-fixing: zrj
Remove faith(4) and faithd(8) from the tree. FreeBSD did that 3 years ago (r274331). Quoting from their commit msg: -----8<----- It looks like industry have chosen different (and more traditional) stateless/stateful NAT64 as translation mechanism. Last non-trivial commits to both faith(4) and faithd(8) happened more than 12 years ago, so I assume it is time to drop RFC3142 in FreeBSD. ----->8----- Some more info here: https://lists.freebsd.org/pipermail/freebsd-net/2014-October/040224.html Discussed-with: sephe
kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions. The main reason is that our having to use the MB_WAIT and MB_DONTWAIT flags was a recurring issue when porting drivers from FreeBSD because it tended to get forgotten and the code would compile anyway with the wrong constants. And since MB_WAIT and MB_DONTWAIT ended up as ocflags for an objcache_get() or objcache_reclaimlist call (which use M_WAITOK and M_NOWAIT), it was just one big converting back and forth with some sanitization in between. This commit allows M_* again for the mbuf functions and keeps the sanitizing as it was before: when M_WAITOK is among the passed flags, objcache functions will be called with M_WAITOK and when it is absent, they will be called with M_NOWAIT. All other flags are scrubbed by the MB_OCFLAG() macro which does the same as the former MBTOM(). Approved-by: dillon
kernel - Implement IPV6 subnet routing / proxy ND6 (equiv to proxy ARP) * Do not require per-host RTF_ANNOUNCE/AF_LINK entries. They still work but they aren't needed any more (and they are such a huge bitch to set up anyway... best to avoid them). * Machine must have net.inet6.ip6.forwarding mode enabled. * Internet-facing interface must be promiscuous mode. * Will automatically proxy ND6 any subnets if the interface is different from the one receiving the multicast. So e.g. you can route IPV6 which would otherwise have to be switched. The subnet interface must currently be different because if it were the same the solicitation would be directly received by the target host anyway (being a multicast) and we would compete with it. This is also a good safety. Example: ifconfig igb0 inet6 2999:499:1:555:1::72/80 For DNS ifconfig igb0 inet6 2999:499:1:555:1::1/80 For subnet default route ifconfig igb1 inet6 2999:499:1:555::2/80 For internet router ifconfig igb1 promisc route add -inet6 default 2999:499:1:555::1 The internet router is doing a terminal /64 block, e.g. it's address is 2999:499:1:555::1/64, but we want to break the net up further and route portions of it instead of switch.