| created | 2024-03-24T11:40:14Z |
|---|---|
| begin | 2024-03-22T00:00:00Z |
| end | 2024-03-23T00:00:00Z |
| path | src/sys |
| commits | 5 |
| date | 2024-03-22T05:54:25Z | |||
|---|---|---|---|---|
| author | ratchov | |||
| files | src/sys/kern/kern_pledge.c | log | diff | annotate |
| message |
pledge: Allow the AUDIO_GETDEV ioctl in "audio" ok deraadt, kn, phessler |
|||
| date | 2024-03-22T07:15:04Z | |||
|---|---|---|---|---|
| author | claudio | |||
| files | src/sys/nfs/nfs_socket.c | log | diff | annotate |
| src/sys/nfs/nfs_syscalls.c | log | diff | annotate | |
| message |
Limit NFS connections to originate from a reserved port. For TCP connections do the check when adding the socket via nfssvc(2). For UDP do the check early after soreceive(). On top of this limit the sockets added via nfssvc(2) to IPv4 TCP and UDP sockets. OK millert@ deraadt@ |
|||
| date | 2024-03-22T17:34:11Z | |||
|---|---|---|---|---|
| author | mvs | |||
| files | src/sys/kern/uipc_socket.c | log | diff | annotate |
| src/sys/kern/uipc_usrreq.c | log | diff | annotate | |
| src/sys/sys/socketvar.h | log | diff | annotate | |
| message |
Use sorflush() instead of direct unp_scan(..., unp_discard) to discard dead unix(4) sockets. The difference in direct unp_scan() and sorflush() is the mbuf(9) chain. For the first case it is still linked to the `so_rcv', for the second it is not. This is required to make `sb_mtx' mutex(9) the only `so_rcv' sockbuf protection and remove socket re-locking from the most of uipc_*send() paths. The unlinked mbuf(9) chain doesn't require any protection, so this allows to perform sleeping unp_discard() lockless. Also, the mbuf(9) chain of the discarded socket still contains addresses of file descriptors and it is much safer to unlink it before FRELE() them. This is the reason to commit this diff standalone. ok bluhm |
|||
| date | 2024-03-22T18:05:01Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet/in_pcb.c | log | diff | annotate |
| src/sys/netinet/in_pcb.h | log | diff | annotate | |
| src/sys/netinet6/in6_pcb.c | log | diff | annotate | |
| message |
Make local port which is bound during connect(2) unique per laddr. in_pcbconnect() did not pass down the address it got from in_pcbselsrc() to in_pcbpickport(). As a consequence local port numbers selected during connect(2) were globally unique although they belong to different addresses. This strict uniqueness is not necessary and wastes usable ports for outgoing connections. To solve this, pass ina from in_pcbconnect() to in_pcbbind_locked(). This does not interfere how wildcard sockets are matched with specific sockets during bind(2). It only allows non-wildcard sockets to share a local port during connect(2). OK mvs@ deraadt@ |
|||
| date | 2024-03-22T21:48:38Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet/in_pcb.c | log | diff | annotate |
| src/sys/netinet/in_pcb.h | log | diff | annotate | |
| message |
Remove padding from union inpaddru. Alignment of IPv4 address with lower part of IPv6 address looks like a leftover from times when IPv6 compatible addresses should contain IPv4 addreses. Better use a simple union for both IPv4 and IPv6 addresses like everywhere else. Use this type also for common zero address. OK mvs@ |
|||