applications to specify a non-local IP address when bind()'ing a socket
to a local endpoint.
This allows applications to spoof the client IP address of connections
if (obviously!) they somehow are able to receive the traffic normally
destined to said clients.
This patch doesn't include any changes to ipfw or the bridging code to
redirect the client traffic through the PCB checks so TCP gets a shot
at it. The normal behaviour is that packets with a non-local destination
IP address are not handled locally. This can be dealth with some IPFW hackery;
modifications to IPFW to make this less hacky will occur in subsequent
commmits.
Thanks to Julian Elischer and others at Ironport. This work was approved
and donated before Cisco acquired them.
Obtained from: Julian Elischer and others
MFC after: 2 weeks
jail-aware. Up to now we returned the first address of the interface
for SIOCGIFADDR w/o an ifr_addr in the query. This caused problems for
programs querying for an address but running inside a jail, as the
address returned usually did not belong to the jail.
Like for v6, if there was an ifr_addr given on v4, you could probe
for more addresses on the interfaces that you were not allowed to see
from inside a jail. Return an error (EADDRNOTAVAIL) in that case
now unless the address is on the given interface and valid for the
jail.
PR: kern/114325
Reviewed by: rwatson
MFC after: 4 weeks
- The contents of 'feroceon_cpufuncs' dispatch table was really dedicated for the
new Sheeva CPU (in 88F6xxx and MV-78xxx SOCs), and NOT Feroceon.
- Feroceon CPU (in 88F5xxx SOCs) appears as a regular ARM926EJ-S core and does
not require dedicated routines.
This will be accompanied by a file rename commit.
- Provide dedicated rmans for MEM and IO resources.
- Convert PCI IRQ routing info into a table (from callback approach), provide
config data for alternative DB- boards.
- Fix a wrong boundary check error in pcib_mbus_init_bar()
Obtained from: Semihalf
- Allow for setting per platform MPP/GPIO configuration in the kernel, so
that we can override all settings firmware might set.
- Set decode windows for the remaining on-chip peripherals: CESA, SATA and XOR.
- Improve handling of USB controllers so that all port are available on the
given SOC/platform (e.g. up to three on DB-78xxx), this includes rework of
USB decode windows set-up.
- Other minor fixes and cosmetics.
Obtained from: Semihalf
created by atapicam is being kept opened or mounted. This is probably just
a temporary solution until we invent something better.
Reviewed by: scottl
Approved by: rwatson (mentor)
Sponsored by: FreeBSD Foundation
Reported by: Jaakko Heinonen
o add net80211 support for a tdma vap that is built on top of the
existing adhoc-demo support
o add tdma scheduling of frame transmission to the ath driver; it's
conceivable other devices might be capable of this too in which case
they can make use of the 802.11 protocol additions etc.
o add minor bits to user tools that need to know: ifconfig to setup and
configure, new statistics in athstats, and new debug mask bits
While the architecture can support >2 slots in a TDMA BSS the current
design is intended (and tested) for only 2 slots.
Sponsored by: Intel
- Clean up TCLK handling so that it's dynamically recognized depending on
registers settings or chip version/revision. Update registers definitions.
- Teach SOC ident routine about A0 (initial silicon version for general
audience)
Obtained from: Marvell, Semihalf
locked. Lookup could attempt to recursively lock that vnode.
Do not call vn_start_write(V_WAIT) while vnode is locked, this may
result in a deadlock with suspension.
vfs_busy() the mountpoint before dropping vnode lock for vnode
that was used to look up the mountpoint, to prevent unmount in
between.
Reported and tested by: pho
Reviewed by: rwatson
MFC after: 3 weeks
This fixes problems with discovering some USB devices that are very slow to
respond during initialisation.
When a USB device is inserted, CAM performs the sequence:
1) INQUIRY
2) INQUIRY (second time with other parameters)
3) TEST UNIT READY
4) READ CAPACITY
Before this change CAM didn't check if TEST UNIT READY was successful and went
on blindly to the next state and sent READ CAPACITY. If the device was still
not ready by then, CAM ended with error message. This patch adds checking for the
status of TEST UNIT READY command and retrying up to 10 times with 0.5 sec
interval.
Submitted by: Grzegorz Bernacki gjb ! semihalf dot com
Reviewed by: scottl
1.Sync TD on close to ensure USB request in close callback issued.
2.Add sysctls to indicate device role.
3.Enable handsfree port support.
Now modem port and obex port works well.
Handsfree port works but not with good response.
When trying to read scratched or damaged CDs and DVDs, the default
mechanism is sub-optimal. Programs like ddrescue do much better if
you turn off retries entirely, since their algorithms are designed
scan big areas fast, then winnow the areas down. Turning off retries
speeds these programs up by as much as 20x, since the drive is able to
'stream past' many small errors...
The sysctl/tunable kern.cam.cd.retry_count controls this. That
defaults to '4' (for a total of 5 attempts). Setting to 0 turns off
all retry attempts.
Reviewed by: scottl@
specifically SPI controllers now also work in big-endian
machines and some conversions relevant for FC and SAS
controllers as well as support for ILP32 machines which all
were omitted in previous attempts are now also implemented.
The IOCTL-interface is intentionally left (and where needed
actually changed) to be completely little-endian as otherwise
we would have to add conversion code for every possible
configuration page to mpt(4), which didn't seem the right
thing to do, neither did converting only half of the user-
interface to the native byte order.
This change was tested on amd64 (SAS+SPI), i386 (SAS) and
sparc64 (SAS+SPI). Due to lack of the necessary hardware
the target mode code is still left to be made endian-clean.
Reviewed by: scottl
MFC after: 1 month
functions and stop attaching of dcons(4) and dcons_crom(4) if
they indicate failure. This fixes a panic seen on sparc64 machines
with no free physical memory in the requested 32-bit region but
still doesn't make dcons(4)/dcons_crom(4) these work. I think
the latter can be fixed by simply specifying ~0UL as the upper
limit for contigmalloc(9) and letting the bounce pages and the
IOMMU respectively handle limitations of the DMA engine. I didn't
want to change that without the consensus of simokawa@ though,
who unfortunately didn't reply so far.
MFC after: 1 week
long commands into multiple requests. [09:01]
Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]
Security: FreeBSD-SA-09:01.lukemftpd
Security: FreeBSD-SA-09:02.openssl
Obtained from: NetBSD [SA-09:01]
Obtained from: OpenSSL Project [SA-09:02]
Approved by: so (simon)
