Commit Graph

26059 Commits

Author SHA1 Message Date
jesper
cfd2d3b2c6 Silby's take one on increasing FreeBSD's resistance to SYN floods:
One way we can reduce the amount of traffic we send in response to a SYN
flood is to eliminate the RST we send when removing a connection from
the listen queue.  Since we are being flooded, we can assume that the
majority of connections in the queue are bogus.  Our RST is unwanted
by these hosts, just as our SYN-ACK was.  Genuine connection attempts
will result in hosts responding to our SYN-ACK with an ACK packet.  We
will automatically return a RST response to their ACK when it gets to us
if the connection has been dropped, so the early RST doesn't serve the
genuine class of connections much.  In summary, we can reduce the number
of packets we send by a factor of two without any loss in functionality
by ensuring that RST packets are not sent when dropping a connection
from the listen queue.

Submitted by:	Mike Silbersack <silby@silby.com>
Reviewed by:	jesper
MFC after:	2 weeks
2001-06-06 19:41:51 +00:00
wpaul
3f70846d28 Disable extra TCP/UCP checksum checking in nge_rxeof() for now. 2001-06-06 19:17:10 +00:00
wpaul
c33301ebfb Use LGE_INC() macro to increment tx producer index in lge_encap().
Disable the extra TCP/UCP checksum checking in lge_rxeof() since it
doesn't appear to actually work as advertised.
2001-06-06 19:16:02 +00:00
jlemon
aabc69395c Add a wrapper for the fifo kqfilter which falls through to the ufs routine.
This permits the fifo to inherit the ufs VNODE kqfilter.
2001-06-06 17:40:57 +00:00
jlemon
837aa48afd The kq write filter was hooked up to the wrong socket, and thus was
not behaving correctly.  Fix by attaching to the correct socket.

Also call so{rw}wakeup in addition to the fifo wakeup, so that any
kqfilters attached to the socket buffer get poked.
2001-06-06 17:38:36 +00:00
gallatin
6128ab31a7 hold the vm_mtx around vm_map_lookup_entry() and vm_map_findspace() 2001-06-06 14:07:52 +00:00
ru
eee4ff44ee Unbreak setregid(2).
Spotted by:	Alexander Leidinger <Alexander@Leidinger.net>
2001-06-06 13:58:03 +00:00
gallatin
dcb68f6a47 Apparently, the vm_mtx must be held around vm_map_find(). I'm assuming
that it needn't be held around vm_mmap() since vm_mmap() itself aquires
it.

Sleuthing by: obrien
2001-06-06 13:46:16 +00:00
non
bd3c21136a Sorry, an "ARCHIVE Python 06408" does not need SA_QUIRK_NOCOMP. 2001-06-06 13:01:44 +00:00
bde
988bc39438 Fixed missing parentheses in the definition of KTR_COMPILE. KTR_COMPILE
is usually (always?) used in expressions like (KTR_COMPILE & KTR_FOO).
Defining it as KTR_INTR|KTR_PROC gave the wrong value in approximately
8497 places according to error output for compiling LINT.
2001-06-06 06:58:13 +00:00
joerg
aca913b650 Nuke the various poorly maintained copies of ioctl_fd.h. The file is
not machine-dependant, thus it has been moved out (repo-copied) into
<sys/fdcio.h>.
2001-06-06 06:15:03 +00:00
tanimura
b62ac96aa6 Lock VM Giant prior to locking a vm map.
Spotted by:	Daniel Rock <D.Rock@t-online.de>
Tested by:	David Wolfskill <david@catwhisker.org>,
		Sean Eric Fagan <sef@kithrup.com>
2001-06-06 04:13:11 +00:00
jhb
c662e0d18b Don't hold sched_lock across addupc_task().
Reported by:	David Taylor <davidt@yadt.co.uk>
Submitted by:	bde
2001-06-06 00:57:24 +00:00
imp
1b231c63e8 Use bus_space when reading CIS. This allows us to access it in 8 bit
mode, which is what the standard mandates.

Submitted by: Takanori Watanabe-san
Reviewed by: jhb
2001-06-05 23:42:51 +00:00
wpaul
2ea81c771a In lge_detach(), don't contigfree() the jumbogram buffer memory;
lge_free_jumbo_mem() does it for us.
2001-06-05 23:16:52 +00:00
imp
8b6d80bc3e Commit part of the patch that I have for card eject problems with the
ep driver.  The rest of the patch will wait until I can put the time
into it to get it righter than the kludge it is.

This protects us against card eject problems at all times,e xecpt when
we're in the epintr ISR.
2001-06-05 22:29:16 +00:00
joerg
9007393631 Make the FDC (state machine) state an enum, as opposed to an int
abusing a bunch of #defines, for clarity and better debugging support.
2001-06-05 21:01:46 +00:00
wpaul
6604862abe Fix mindo:
PCN_BCR_CLRBIT(sc, PCN_BCR_MIICTL, PCN_MIICTL_DANAS);

should be:

	PCN_BCR_SETBIT(sc, PCN_BCR_MIICTL, PCN_MIICTL_DANAS);

Turning this bit on is what disables MII autoneg, not turning it off.
Without this, manually setting the media doesn't work.

Noticed by: Jim Browne <jbrowne@jbrowne.com>
2001-06-05 20:51:17 +00:00
shafeeq
0a20ee6fc7 Now works again and as a module and with devfs.
Used the bpf & tun drivers as examples as to what is necessary for devfs.
2001-06-05 19:45:16 +00:00
mjacob
f0fd85f1d4 Fix botch for state levels. Role minor release. Start adding code for a
'force logout' path.

MFC after:	4 weeks
2001-06-05 17:11:06 +00:00
hm
d53d0538cc PR: i386/26347
Submitted by:	Nicola Vitale <nivit@libero.it>
Reviewed by:	hm
Fix screen number display in HP mode in case PCVT_NSCREENS > 10
2001-06-05 15:31:47 +00:00
jlemon
4f6043acdf Add a kqueue filter for writing to ufs filesystems which always returns
true.  This permits better interoperability with programs which register
filters on their stdin/stdout handles.

Submitted by: Niels Provos <provos@citi.umich.edu>
2001-06-05 13:52:37 +00:00
imp
15f1bcc2a6 Close the line displine on detach. Lots of folks have submittd this, and
I think bde even reviewed it once.

Also, change the name of ActionTEC pat to more generic Lucent Kermit
chip.  Add stub for Xircom card.  Add cardbus attachment too.
2001-06-05 05:58:57 +00:00
dd
b095352b52 Add a line discipline close routine which restores some functionality
I accidently nuked in rev. 1.54.  Also rework the error handling in
snplwrite a little.
2001-06-05 05:07:53 +00:00
dd
c4a9de5820 Style and cosmetic cleanups. This driver is now reasonably stlye(9)
compliant.  All the variable definitions and function names are
reasonably consistent, and the functions which should be static (i.e.,
all of them) are.  Other assorted fixes were made.  The majority of
the delta is indentation fixes.

Partially reviewed by:	bde
2001-06-05 05:00:17 +00:00
imp
305c102e31 Only build i82365_isa attachment when we have isa bus. 2001-06-05 04:26:12 +00:00
obrien
9ef33c8546 There seems to be a problem that the order of disk write operation being
incorrect due to a missing check for some dependency.  This change
avoids the freelist corruption (but not the temporarily inconsistent
state of the file system).

A message is printed as a reminder of the under lying problem when a
pagedep structure is not freed due to the NEWBLOCK flag being set.

Submitted by:	Tor.Egge@fast.no
2001-06-05 01:49:37 +00:00
dd
6d411a236c Use the l_nullioctl exported from tty_conf.c rather than rolling our own. 2001-06-04 23:31:21 +00:00
dd
1a1e7aad6c Unstaticize l_nullioctl; it is needed elsewhere (like in tty_snoop.c).
Suggested by:	bde
2001-06-04 23:30:47 +00:00
jlemon
551cff886a While in the interrupt loop, check for a bogus interrupt value of 0xff.
This may be returned if the underlying hardware is a pc-card which has
been ejected.

Reviewed by: warner
2001-06-04 22:01:44 +00:00
joerg
42cb92a8f5 Move out the files from src/sys/isa/ic/ to src/sys/dev/ic/, so they
can be made userland-visible as <dev/ic/...>.  Also, those files are
not supposed to contain any bus-specific details at all, so placing
them under .../isa/ has been a misnomer from the beginning.

The files in src/sys/dev/ic/ have been repo-copied from their old
location (this commit is a forced null commit there to record this
message).
2001-06-04 21:04:14 +00:00
jhb
215b7581d1 Use bitmasks of the KTR_* constants instead of hexidecimal values for
the KTR_COMPILE and KTR_MASK examples.
2001-06-04 18:26:02 +00:00
jhb
180fab1304 Add a new psuedo-KTR trace level KTR_ALL which is a mask of all currently
used KTR levels.
2001-06-04 18:24:07 +00:00
mjacob
c153f506c0 first blush at some FC path inquiry settings 2001-06-04 18:23:49 +00:00
mjacob
1609e05d58 Do NOLUNS dance for oddball Exabyte. We *really* need to do this as hints.
Correct match for A5000 SES instance.

PR:		19887
MFC after:	2 weeks
2001-06-04 18:20:52 +00:00
mjacob
b4abcf4731 first blush at some FC path inquiry settings 2001-06-04 18:08:30 +00:00
imp
6681528552 If the chip isn't in power state D0, put it in power state D0. I
elected to do this in the probe rather than the attach so that we don't
disturb things which this might reset.  different cards have different
quirks, according to their datasheets.

This should fix the "I booted in windows and rebooted to FreeBSD and
now things don't work" problem.

PR: 4847, 20670
2001-06-04 17:14:28 +00:00
brian
c7f4c36673 Add BSD-style copyright headers
Approved by: Charles Mott <cmott@scientech.com>
2001-06-04 15:09:51 +00:00
brian
9f3b881d27 Change to a standard BSD-style copyright
Approved by:	Atsushi Murai <amurai@spec.co.jp>
2001-06-04 14:52:17 +00:00
ru
0773e1a32e When looking for an interface appropriate for the (new or changing)
route in ifa_ifwithroute(), as the last resort, look up the route to
the gateway, not destination (to derive the interface from).

PR:		kern/27852
Submitted by:	Iasen Kostoff <tbyte@tbyte.org>
MFC after:	2 weeks
2001-06-04 14:13:15 +00:00
imp
00f8e110c1 Add new pci attachment for pcic. This supports pci cards as well as
card bus bridges.

We now always use pci interrupts for pci cards.  This will allow us to
more easily configure things.  You must change your IRQ lines in
/etc/pccard.conf to match what we've probed.  I'm not sure the right
way to deal with this right now.

Development of pci pcmcia has been funded by Monzoon Networks AG.  I
am grateful for their generosity.
2001-06-04 06:49:46 +00:00
dillon
728fde1722 The pipe_write() code was locking the pipe without busying it first in
certain cases, and a close() by another process could potentially rip the
pipe out from under the (blocked) locking operation.

Reported-by: Alexander Viro <viro@math.psu.edu>
2001-06-04 04:04:45 +00:00
paul
0c8b378fe3 S_IFCHR is not a bit mask, it's just a value in a field. The correct
way to clear that field is to use S_IFMT.

Pointed out by BDE.
2001-06-04 03:39:14 +00:00
imp
e309572288 #defines for pci way interrupt routing. 2001-06-04 03:36:22 +00:00
imp
c2d338f929 Move the pcic interrupt from pcic.c to pcic_isa.c. The ISA handling
for card change interrupts is different than the pci stuff that's
coming soon.  Set the management irq in different ways.  If
pci_parallel interrutp routing, then use the PCI way of getting
interrupts.  Move polling mode into pcic_isa since when we're routing
via pci polling doesn't work because many bridges (systems hang solid).

If we're routing interrupts via pci, they can be shared, so flag them
as such.

Note, this doesn't actually change anything since the pci attachment
isn't quite ready to be committed.
2001-06-04 03:29:06 +00:00
imp
9ee21f0efe Minor style(9) nit. a|b -> a | b. 2001-06-04 03:13:45 +00:00
mjacob
c800ca26f7 Use correct flag in test whether this interrupt handler is fast or not.
PR:		27866
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
2001-06-04 00:52:09 +00:00
jesper
c3a9ed1825 Prevent denial of service using bogus fragmented IPv4 packets.
A attacker sending a lot of bogus fragmented packets to the target
(with different IPv4 identification field - ip_id), may be able
to put the target machine into mbuf starvation state.

By setting a upper limit on the number of reassembly queues we
prevent this situation.

This upper limit is controlled by the new sysctl
net.inet.ip.maxfragpackets which defaults to 200,
as the IPv6 case, this should be sufficient for most
systmes, but you might want to increase it if you have
lots of TCP sessions.
I'm working on making the default value dependent on
nmbclusters.

If you want old behaviour (no upper limit) set this sysctl
to a negative value.

If you don't want to accept any fragments (not recommended)
set the sysctl to 0 (zero).

Obtained from:	NetBSD
MFC after:	1 week
2001-06-03 23:33:23 +00:00
joerg
4209466e2e Fix my email address. I accidentally cut'npasted the wrong (old)
hostname laste time.
2001-06-03 20:41:21 +00:00
yar
a8290c2add First, wrap the if_up() call into splimp()/splx() because
if_up() must be called at splnet or higher.
Second, set the IFF_RUNNING flag on an interface after its
resources (i.e. tunnel source and destination addresses)
have been set. Note that we don't set IFF_UP because it is
if_up()'s job to do that.

PR:		kern/27851
Submitted by:	Horacio J. PeÓa <horape@compendium.com.ar>
2001-06-03 17:31:11 +00:00