This change allows creating file descriptors with close-on-exec set in some
situations. SOCK_CLOEXEC and SOCK_NONBLOCK can be OR'ed in socket() and
socketpair()'s type parameter, and MSG_CMSG_CLOEXEC to recvmsg() makes file
descriptors (SCM_RIGHTS) atomically close-on-exec.
The numerical values for SOCK_CLOEXEC and SOCK_NONBLOCK are as in NetBSD.
MSG_CMSG_CLOEXEC is the first free bit for MSG_*.
The SOCK_* flags are not passed to MAC because this may cause incorrect
failures and can be done later via fcntl() anyway. On the other hand, audit
is expected to cope with the new flags.
For MSG_CMSG_CLOEXEC, unp_externalize() is extended to take a flags
argument.
Reviewed by: kib
the firmware (instead of just the main firmware version) when evaluating
firmware compatibility. Document the new "hw.cxgbe.fw_install" knob
being introduced here.
This should fix kern/173584 too. Setting hw.cxgbe.fw_install=2 will
mostly do what was requested in the PR but it's a bit more intelligent
in that it won't reinstall the same firmware repeatedly if the knob is
left set.
PR: kern/173584
MFC after: 5 days
work-in-progress.
This is the first man page I have written so apologies in advance if it
offends anybody's sensibilities :-)
Reviewed by: grehan
Obtained from: NetApp
to the current demotion factor instead of assigning it.
This allows external scripts to control demotion factor together
with kernel in a raceless manner.
support for their new RAID adapter ARC-1214.
Many thanks to Areca for continuing to support FreeBSD.
Submitted by: 黃清隆 Ching-Lung Huang <ching2048 areca com tw>
MFC after: 2 weeks
auditdistd (distributed audit daemon) to the build:
- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.
Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)
o Describe passing file descriptors as separate section.
- Descriptors can be passed through any protocol of the UNIX family,
not SOCK_STREAM and SOCK_SEQPACKET only. [1]
o Describe socket options as separate section.
- Move LOCAL_PEERCRED option to this section.
- Describe struct xucred.
- In LOCAL_CREDS section mention that credentials
are passed only on the first read on non-datagram
sockets.
o Xref all mentioned system calls.
Noticed by: Igor Sysoev [1]
provide this information along with messages documentation,
like this done in manual pages for other netgraph nodes.
Submitted by: Mamontov Roman <mr.xanto gmail.com>
Allow textdumps to be called explicitly from DDB.
If "dump" is called in DDB and textdumps are enabled then abort the
dump and tell the user to turn off textdumps.
Add options TEXTDUMP_PREFERRED to turn textdumps on by default.
Add options TEXTDUMP_VERBOSE to be a bit more verbose while textdumping.
Reviewed by: rwatson
MFC after: 2 weeks
RocketRAID 4500 series.
Many thanks to HighPoint Technologies for their continued support
of FreeBSD!
Submitted by: HighPoint Technologies
MFC after: 3 days
on the related functionality in the runtime via the sysctl variable
net.pfil.forward. It is turned off by default.
Sponsored by: Yandex LLC
Discussed with: net@
MFC after: 2 weeks
but committing it helps to get everyone on the same page and makes
sure we make progress.
Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.
Credits follow:
Submitted by: Garrett Cooper <yanegomi@gmail.com>
Sponsored by: Isilon Systems
Based on work by: keramida@
Thanks to: gnn@, mdf@, mlaier@, sjg@
Special thanks to: keramida@
available to the user. Should be applicable to all branches and versions
where est(4) exists.
thanks to gjb for reviewing and suggesting nits
Reviewed by: gjb@
MFC after: 2 weeks
This is important to secure a small timeframe at boot time, when
network is already configured, but pf(4) is not yet.
PR: kern/171622
Submitted by: Olivier Cochard-LabbИ <olivier cochard.me>
reside, and move there ipfw(4) and pf(4).
o Move most modified parts of pf out of contrib.
Actual movements:
sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5
sys/netinet/ipfw -> sys/netpfil/ipfw
The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.
Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.
The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.
Discussed with: bz, luigi
current link points to a irrelevant catchall site.
PR: docs/171411
Submitted by: Mark Martinec <Mark.Martinec@ijs.si> (pr), me (patch)
Approved by: joel (mentor)
MFC after: 2 weeks
used with Terasic's DE-4 and other similar FPGA boards. This display
is 800x480 and includes a capacitive touch screen, multi-touch
gesture recognition, etc. This device driver depends on a Cambridge-
provided IP core that allows the MTL device to be hooked up to the
Altera Avalon SoC bus, and also provides a VGA-like text frame buffer.
Although it is compiled as a single device driver, it actually
implements a number of different device nodes exporting various
aspects of this multi-function device to userspace:
- Simple memory-mapped driver for the MTL 24-bit pixel frame buffer.
- Simple memory-mapped driver for the MTL control register set.
- Simple memory-mapped driver for the MTL text frame buffer.
- syscons attachment for the MTL text frame buffer.
This driver attaches directly to Nexus as is common for SoC device
drivers, and for the time being is considered BERI-specific, although
in principle it might be used with other hard and soft cores on
Altera FPGAs.
Control registers, including touchscreen input, are simply memory
mapped; in the future it would be desirable to hook up a more
conventional device node that can stream events, support kqueue(2)/
poll(2)/select(2), etc.
This is the first use of syscons on MIPS, as far as I can tell, and
there are some loose ends, such as an inability to use the hardware
cursor. More fundamentally, it appears that syscons(4) assumes that
either a host is PC-like (i386, amd64) *or* it must be using a
graphical frame buffer. While the MTL supports a graphical frame
buffer, using the text frame buffer is preferable for console use.
Fixing this issue in syscons(4) requires non-trivial changes, as the
text frame buffer support assumes that direct memory access can be
done to the text frame buffer without using bus accessor methods,
which is not the case on MIPS. As a workaround for this, we instead
double-buffer and pretend to be a graphical frame buffer exposing
text accessor methods, leading to some quirks in syscons behaviour.
Sponsored by: DARPA, AFRL
The driver attempts to support all documented parts, but has only been
tested with the 512Mbit part on the Terasic DE4 FPGA board. It should be
trivial to adapt the driver's attach routine to other embedded boards
using with any parts in the family.
Also import isfctl(8) which can be used to erase sections of the flash.
Sponsored by: DARPA, AFRL
which presents a UART-like interface over the Avalon bus that can be
addressed over JTAG. This IP core proves extremely useful, allowing us to
connect trivially to the FreeBSD console over JTAG for FPGA-embedded hard
and soft cores. As interrupts are optionally configured for this soft
core, we support both interrupt-driven and polled modes of operation,
which must be selected using device.hints. UART instances appear in /dev
as ttyu0, ttyu1, etc.
However, it also contains a number of quirks, which make it difficult to
tell when JTAG is connected, and some buffering issues. We work around
these as best we can, using various heuristics.
While the majority of this device driver is not only not BERI-specific,
but also not MIPS-specific, for now add its defines in the BERI files
list, as the console-level parts are aware of where the first JTAG UART
is mapped on Avalon, and contain MIPS-specific address translation, to
use before Newbus and device.hints are available.
Sponsored by: DARPA, AFRL
which can be synthesised in Altera FPGAs. An altera_sdcardc device
probes during the boot, and /dev/altera_sdcard devices come and go as
inserted and removed. The device driver attaches directly to the
Nexus, as is common for system-on-chip device drivers.
This IP core suffers a number of significant limitations, including a
lack of interrupt-driven I/O -- we must implement timer-driven polling,
only CSD 0 cards (up to 2G) are supported, there are serious memory
access issues that require the driver to verify writes to memory-mapped
buffers, undocumented alignment requirements, and erroneous error
returns. The driver must therefore work quite hard, despite a fairly
simple hardware-software interface. The IP core also supports at most
one outstanding I/O at a time, so is not a speed demon.
However, with the above workarounds, and subject to performance
problems, it works quite reliably in practice, and we can use it for
read-write mounts of root file systems, etc.
Sponsored by: DARPA, AFRL
CPU cores on Altera FPGAs. The device driver allows memory-mapped devices
on Altera's Avalon SoC bus to be exported to userspace via device nodes.
device.hints directories dictate device name, permissible access methods,
physical address and length, and I/O alignment. Devices can be accessed
using read(2)/write(2), but also memory mapped in userspace using mmap(2).
Devices attach directly to the Nexus, as is common for embedded device
drivers; in the future something more mature might be desirable. There is
currently no facility to support directing device-originated interrupts to
userspace.
In the future, this device driver may be renamed to socgen(4), as it can
in principle also be used with other system-on-chip (SoC) busses, such as
Axi on ASICs and FPGAs. However, we have only tested it on Avalon busses
with memory-mapped ROMs, frame buffers, etc.
Sponsored by: DARPA, AFRL
- remove extra dynamic variable initializations;
- restore (4BSD) and implement (ULE) hogticks variable setting;
- make sched_rr_interval() more tolerant to options;
- restore (4BSD) and implement (ULE) kern.sched.quantum sysctl, a more
user-friendly wrapper for sched_slice;
- tune some sysctl descriptions;
- make some style fixes.