This change adds all the kernel parts of a network stack. The network stack
is partial but implements many of the important parts.
Add if(4) network interface abstraction. Network interfaces are registered
in a global list that can be iterated and each assigned an unique integer
identifier.
Add reference counted packets with a cache that recycles recent packets.
Add support for lo(4) loopback and ether(4) ethernet network interfaces.
The /dev/lo0 loopback device is created automatically on boot.
Add arp(4) address resolution protocol driver for translation of inet(4)
network layer addresses into ether(4) link layer addresses. arp(4) entries
are cached and evicted from the cache when needed or when the entry has not
been used for a while. The cache is limited to 256 entries for now.
Add ip(4) internet protocol version 4 support. IP fragmentation and options
are not implemented yet.
Add tcp(4) transmission control protocol sockets for a reliable transport
layer protocol that provides a reliable byte stream connection between two
hosts. The implementation is incomplete and does not yet implement out of
band data, options, and high performance extensions.
Add udp(4) user datagram protocol sockets for a connectionless transport
layer that provides best-effort delivery of datagrams.
Add ping(4) sockets for a best-effort delivery of echo datagrams.
Change type of sa_family_t from unsigned short to uint16_t.
Add --disable-network-drivers to the kernel(7) options and expose it with a
bootloader menu. tix-iso-bootconfig can set this option by default.
Import CRC32 code from libz for the Ethernet checksum.
This is a compatible ABI change that adds features to socket(2) (AF_INET,
IPPROTO_TCP, IPPROTO_UDP, IPPROTO_PING), the ioctls for if(4), socket
options, and the lo0 loopback interface.
This commit is based on work by Meisaka Yukara contributed as the commit
bbf7f1e8a5238a2bd1fe8eb1d2cc5c9c2421e2c4. Almost no lines of this work
remains in this final commit as it has been rewritten or refactored away
over the years, see the individual file headers for which files contain
remnants of this work.
Co-authored-by: Meisaka Yukara <Meisaka.Yukara@gmail.com>
This change refactors the Unix socket / pipe backend to have a ring buffer
containing segments, where each segment has an optional leading ancillary
buffer containing control messages followed by a normal data buffer.
The SCM_RIGHTS control message has been implemented which transfers file
descriptors to the receiving process. File descriptors are reference counted
and cycles are prevented using the following restrictions:
1) Unix sockets cannot be sent on themselves (on either end).
2) Unix sockets themselves being sent cannot be sent on.
3) Unix sockets cannot send a Unix socket being sent on.
This is a compatible ABI change.
The change 9d29e96c3b "Fix open(2) allowing
opening directories invalidly and check O_TRUNC errors." broke the chmod(2),
chown(2), and utimens(2) system calls on directories, because they can no
longer be opened for writing.
This changes fixes the regression by opening such paths for reading. There
is currently no filesystem permission checks for those system calls. However,
those system calls should check the permissions at the time of the operation
rather than relying on the file having been opened for writing previously.
Among other things, redirecting to a directory will now display an error
as it should.
Also fix a bug when opening /dev/pts: O_WRITE on a directory is a POSIX
violation.
Fix SEEK_END seeking twice as far as requested. Centralize lseek handling in
one place and avoid overflow bugs. Inode lseek handlers now only need to
handle SEEK_END with offset 0. Prevent the file offset from ever going below
zero or overflowing.
Character devices are now not seekable, but lseek will pretend they are, yet
always stay at the file offset 0. pread/pwrite on character devices will now
ignore the file offset and call read/write.
This change prevents character devices from being memory mapped, notably
/dev/zero can no longer be memory mapped. None of the current ports seem
to rely on this behavior and will work with just MAP_ANONYMOUS.
Refactor read and write system calls to have a shared return statement for
both seekable and non-seekable IO.
Fix file offset overflow bugs in read and write system calls.
Fix system calls returning EPERM instead of properly returning EBADF when
the file has not been opened in the right mode.
Truncate IO counts and total vector IO length so the IO operation does not
do any IO beyond OFF_MAX. Truncate also total vector IO length for recvmsg
and sendmsg. Fail with EINVAL if total vector IO length exceeds SSIZE_MAX.
Don't stop early if the total IO length is zero, so zero length IO now block
on any locks internal to the inode.
Handle reads at the maximum file offset with an end of file condition and
handle writes of at least one byte at the maximum file offset by failing
with EFBIG.
Refactor UtilMemoryBuffer to store the file size using off_t instead of
size_t to avoid casts and keep file sizes in the off_t type. Properly
handle errors in the code, such as failing with EROFS instead of EBADF if
the backing memory is not writeable, and failing with EFBIG if writing
beyond the end of the file.
Fix mkpartition not rejecting invalid partition start offsets and lengths.
Strictly enforce partition start and length checks in the partition code.
Enforce partitions exist within regular files or block devices.
Fix a few indention issues.
This change refactors the process group implementation and adds support
for sessions. The setsid(2) and getsid(2) system calls were added.
psctl(2) now has PSCTL_TTYNAME, which lets you get the name of a process's
terminal, and ps(1) now uses it.
The initial terminal is now called /dev/tty1.
/dev/tty is now a factory for the current terminal.
A global lock now protects the process hierarchy which makes it safe to
access other processes. This refactor removes potential vulnerabilities
and increases system robustness.
A number of terminal ioctls have been added.
This is a compatible ABI change.
I hereby relicense all my work on Sortix under the ISC license as below.
All Sortix contributions by other people are already under this license,
are not substantial enough to be copyrightable, or have been removed.
All imported code from other projects is compatible with this license.
All GPL licensed code from other projects had previously been removed.
Copyright 2011-2016 Jonas 'Sortie' Termansen and contributors.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
The callers expected it to return an int different than 0 on failure. The
link method returns different than 0 on failure. This actually worked by
lucky coincidence. Change the return type to int and 0 on success, and -1
on failure per popular demand.
Thanks to Meisaka Yukara for spotting this.
Increase gid_t to an unsigned 64-bit integer.
Increase id_t to an unsigned 64-bit integer.
Increase pid_t to a signed 64-bit integer.
Increase time_t to a signed 64-bit integer.
Increase uid_t to an unsigned 64-bit integer.
Note: This is an incompatible ABI change.
The d_off field exists on other operating systems and the kernel used the
field in an incompatible manner. The easy solution is to call the field
something else and later address the design mistake.