This change adds all the kernel parts of a network stack. The network stack
is partial but implements many of the important parts.
Add if(4) network interface abstraction. Network interfaces are registered
in a global list that can be iterated and each assigned an unique integer
identifier.
Add reference counted packets with a cache that recycles recent packets.
Add support for lo(4) loopback and ether(4) ethernet network interfaces.
The /dev/lo0 loopback device is created automatically on boot.
Add arp(4) address resolution protocol driver for translation of inet(4)
network layer addresses into ether(4) link layer addresses. arp(4) entries
are cached and evicted from the cache when needed or when the entry has not
been used for a while. The cache is limited to 256 entries for now.
Add ip(4) internet protocol version 4 support. IP fragmentation and options
are not implemented yet.
Add tcp(4) transmission control protocol sockets for a reliable transport
layer protocol that provides a reliable byte stream connection between two
hosts. The implementation is incomplete and does not yet implement out of
band data, options, and high performance extensions.
Add udp(4) user datagram protocol sockets for a connectionless transport
layer that provides best-effort delivery of datagrams.
Add ping(4) sockets for a best-effort delivery of echo datagrams.
Change type of sa_family_t from unsigned short to uint16_t.
Add --disable-network-drivers to the kernel(7) options and expose it with a
bootloader menu. tix-iso-bootconfig can set this option by default.
Import CRC32 code from libz for the Ethernet checksum.
This is a compatible ABI change that adds features to socket(2) (AF_INET,
IPPROTO_TCP, IPPROTO_UDP, IPPROTO_PING), the ioctls for if(4), socket
options, and the lo0 loopback interface.
This commit is based on work by Meisaka Yukara contributed as the commit
bbf7f1e8a5238a2bd1fe8eb1d2cc5c9c2421e2c4. Almost no lines of this work
remains in this final commit as it has been rewritten or refactored away
over the years, see the individual file headers for which files contain
remnants of this work.
Co-authored-by: Meisaka Yukara <Meisaka.Yukara@gmail.com>
This change makes all the standard library and kernel headers use header
guards with a consistent scheme within the reserved namespace to avoid
conflicts with non-standard-library-implementation code.
This change refactors the Unix socket / pipe backend to have a ring buffer
containing segments, where each segment has an optional leading ancillary
buffer containing control messages followed by a normal data buffer.
The SCM_RIGHTS control message has been implemented which transfers file
descriptors to the receiving process. File descriptors are reference counted
and cycles are prevented using the following restrictions:
1) Unix sockets cannot be sent on themselves (on either end).
2) Unix sockets themselves being sent cannot be sent on.
3) Unix sockets cannot send a Unix socket being sent on.
This is a compatible ABI change.
The idle thread is now actually run when the system is idle because it
truly goes idle. The idle thread is made power efficient by using the hlt
instruction rather than a busy loop.
The new futex(2) system call is used to implement fast user-space mutexes,
condition variables, and semaphores. The same backend and design is used as
kutexes for truly sleeping kernel mutexes and condition variables.
The new exit_thread(2) flag EXIT_THREAD_FUTEX_WAKE wakes a futex.
Sleeping on clocks in the kernel now uses timers for true sleep.
The interrupt worker thread now truly sleeps when idle.
Kernel threads are now named.
This is a compatible ABI change.
This change adds missing features:
* %[ for pattern matching with a scanset.
* %m for allocation of strings.
* %p for pointers.
* Field width for integers.
The following features remain unimplemented, like with printf(3):
* Floating point support.
* Wide character support.
* %n$ positional parameters.
The code has been completely refactored to be much more maintainable.
The implemented features should now be standards compliant. A large number
of edge cases have been fixed.
The vscanf_callback(3) function has been renamed to vcbscanf(3) and a new
cbscanf(3) function has been added.
POSIX allows <fcntl.h> to include <sys/stat.h>, but doesn't require it.
There's little reason to do that, since they are separate headers, and
<fcntl.h> just needs the mode_t constants. Fix the code accidentally
relying on <fcntl.h> including <sys/stat.h>. The mode_t constants are now
provided in their own kernel header <sortix/mode.h>.
Additionally fix <sys/stat.h> pulling in all of <sys/types.h>, which is not
allowed by POSIX, which only requires a few types to be declared. Fix the
code accidentally relying on <sys/stat.h> including <sys/types.h>.
Finally fix <dirent.h> pulling in <stdint.h> through <sortix/dirent.h>.
The <sortix/__/dt.h> and <sortix/__/stat.h> headers are no longer required
and their contents have been merged into <sortix/__/dirent.h>.
This reverts commit f6cde2d7a6.
gcc detected this header existing and emitted its own limits.h that
included the libc limits.h. This caused the #include_next chain to reach
the end and including the header failed.
Undoing this commit for now until the compiler toolchain is updated to
avoid this problem.
This change refactors the process group implementation and adds support
for sessions. The setsid(2) and getsid(2) system calls were added.
psctl(2) now has PSCTL_TTYNAME, which lets you get the name of a process's
terminal, and ps(1) now uses it.
The initial terminal is now called /dev/tty1.
/dev/tty is now a factory for the current terminal.
A global lock now protects the process hierarchy which makes it safe to
access other processes. This refactor removes potential vulnerabilities
and increases system robustness.
A number of terminal ioctls have been added.
This is a compatible ABI change.
The bootloader will now load the /boot/random.seed file if it exists, in
which case the kernel will use it as the initial kernel entropy. The kernel
warns if no random seed was loaded, unless the --no-random-seed option was
given. This option is used for live environments that inherently have no
prior secret state. The kernel initializes its entropy pool from the random
seed as of the first things, so randomness is available very early on.
init(8) will emit a fresh /boot/random.seed file on boot to avoid the same
entropy being used twice. init(8) also writes out /boot/random.seed on
system shutdown where the system has the most entropy. init(8) will warn if
writing the file fails, except if /boot is a real-only filesystem, and
keeping such state is impossible. The system administrator is then
responsible for ensuring the bootloader somehow passes a fresh random seed
on the next boot.
/boot/random.seed must be owned by the root user and root group and must
have file permissions 600 to avoid unprivileged users can read it. The file
is passed to the kernel by the bootloader as a multiboot module with the
command line --random-seed.
If no random seed is loaded, the kernel attempts a poor quality fallback
where it seeds the kernel arc4random(3) continuously with the current time.
The timing variance may provide some effective entropy. There is no real
kernel entropy gathering yet. The read of the CMOS real time clock is moved
to an early point in the kernel boot, so the current time is available as
fallback entropy.
The kernel access of the random seed module is supposed to be infallible
and happens before the kernel log is set up, but there is not yet a failsafe
API for mapping single pages in the early kernel.
sysupgrade(8) creates /boot/random.seed if it's absent as a temporary
compatibility measure for people upgrading from the 1.0 release. The GRUB
port will need to be upgraded with support for /boot/random.seed in the
10_sortix script. Installation with manual bootloader configuration will
need to load the random seed with the --random-seed command line. With GRUB,
this can be done with: module /boot/random.seed --random-seed