Start before routing for better system protection.
(pf used to start late during system boot, after
many a network daemon have started already, which
sucked from security POV.)
Remark: For maximum security, pf should start before
netif, but it would create a dependency loop because
pfsync has to start after netif, yet before pf.
Discussed with: mlaier on -pf
MFC after: 5 days
system boot, and hook it up in the system.
The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.
Discussed with: mlaier on -pf
MFC after: 5 days
sampling rate between playback and recording. This can be
disabled / enabled via kernel hints
(hint.pcm.<unit>.fixed_rate=0/4000-48000) or sysctl
hw.snd.pcm<unit>.fixed_rate=0/4000-48000). Default to 48khz
fixed rate. [1]
* Basic cleanup. *_es1371x_* -> *_es137x_*.
* Some locking fixes. [2]
Submitted by: Ariff Abdullah <skywizard@MyBSD.org.my>
Discussed with: yongari [2]
See also: http://lists.freebsd.org/pipermail/freebsd-multimedia/2005-September/002758.html [1]
Reported by: Jos Backus <jos at catnook.com> [1]
- utilize default methods instead of rolling local ones;
- avoid to specify BEFORE conditions we don't really need
(pflog will be REQUIRE'd by pf);
- omit extra decoration from warning messages, warn() will
decorate them sufficiently.
* General spl* cleanup. It doesn't serve any purpose anymore.
* Nuke sndstat_busy(). Addition of sndstat_acquire() /
sndstat_release() for sndstat exclusive access. [1]
sys/dev/sound/pcm/sound.c:
* Remove duplicate SLIST_INIT()
* Use sndstat_acquire() / release() to lock / release the entire
sndstat during pcm_unregister(). This should fix LOR #159 [1]
sys/dev/sound/pcm/sound.h:
* Definition of SD_F_SOFTVOL (part of feeder volume)
* Nuke sndstat_busy(). Addition of sndstat_acquire() /
sndstat_release() for exclusive sndstat access. [1]
Submitted by: Ariff Abdullah <skywizard@MyBSD.org.my>
LOR: 159 [1]
Discussed with: yongari [1]
* Added codec id for CMI9761.
* feeder_volume *whitelist* through ac97_fix_volume()
sys/dev/sound/pcm/ac97.h:
* Added AC97_F_SOFTVOL definition.
sys/dev/sound/pcm/channel.c:
* Slight changes for chn_setvolume() to conform with OSS.
* FEEDER_VOLUME is now part of feeder building process.
sys/dev/sound/pcm/mixer.c:
* General spl* cleanup. It doesn't serve any purpose anymore.
* Main hook for feeder_volume.
Submitted by: Ariff Abdullah <skywizard@MyBSD.org.my>
Tested by: multimedia@
threads. This is quite useful if generating a debug log for post-mortem
by another developer, in which case the person at the console may not
know which threads are of interest. The output of this can be quite
long.
Discussed with: kris
MFC after: 3 days
This is a special case because tcp_twstart() destroys a tcp control
block via tcp_discardcb() so we cannot call tcp_drop(struct *tcpcb) on
such connections. Use tcp_twclose() instead.
MFC after: 5 days
- WEP TX fix:
The original code called software crypto, ieee80211_crypto_encap(),
which never worked since IEEE80211_KEY_SWCRYPT was never flagged due to
ieee80211_crypto_newkey() assumes that wi always supports hardware based
crypto regardless of operational mode(by virtue of IEEE80211_C_WEP).
This fix works around that issue by adding wi_key_alloc() to force
the use of s/w crypto. Also if anyone ever decides to cleanup ioctl
handling where key changes wouldn't cause a call to wi_init() every time,
we'll need wi_key_alloc() to DTRT.
In addition to that, this fix also adds code to wi_write_wep() to force
existing keys to be switched between h/w and s/w crypto such that an
operation mode change(sta <-> hostap) will flag IEEE80211_KEY_SWCRYPT
properly.
- WEP RX fix:
Clear IEEE80211_F_DROPUNENC even in hostap mode. Quote from Sam:
"This is really gross but I don't see an easy way around it.
By doing it we lose the ability to independently drop unencode
frames (and support mixed wep/!wep use). We should really be
setting the EXCLUDE_UNENCRYPTED flag written in wi_write_wep
based on IEEE80211_F_DROPUNENC but with our clearing it we can't
depend on it being set properly."
Reported by: Holm Tiffe <holm at freibergnet dot de>
Submitted by: sam
MFC after: 3 days
a list of possible keywords, not all them in a single argument.
This also fixes the issue of extra delimiter characters appearing
on the help line from rc.d scripts not setting $extra_commands.
- Remove description of poll in trap feature.
- Tell that polling should be turned on and off with ifconfig.
- Move description of kern.polling.enable to the end and say
that this a deprecated way of turning polling on.
- Remove note that idle poll has some problems in CURRENT. I failed
to find them, while Sam and Luigi failed to remember what the
problem actually were there.
o Axe poll in trap.
o Axe IFF_POLLING flag from if_flags.
o Rework revision 1.21 (Giant removal), in such a way that
poll_mtx is not dropped during call to polling handler.
This fixes problem with idle polling.
o Make registration and deregistration from polling in a
functional way, insted of next tick/interrupt.
o Obsolete kern.polling.enable. Polling is turned on/off
with ifconfig.
Detailed kern_poll.c changes:
- Remove polling handler flags, introduced in 1.21. The are not
needed now.
- Forget and do not check if_flags, if_capenable and if_drv_flags.
- Call all registered polling handlers unconditionally.
- Do not drop poll_mtx, when entering polling handlers.
- In ether_poll() NET_LOCK_GIANT prior to locking poll_mtx.
- In netisr_poll() axe the block, where polling code asks drivers
to unregister.
- In netisr_poll() and ether_poll() do polling always, if any
handlers are present.
- In ether_poll_[de]register() remove a lot of error hiding code. Assert
that arguments are correct, instead.
- In ether_poll_[de]register() use standard return values in case of
error or success.
- Introduce poll_switch() that is a sysctl handler for kern.polling.enable.
poll_switch() goes through interface list and enabled/disables polling.
A message that kern.polling.enable is deprecated is printed.
Detailed driver changes:
- On attach driver announces IFCAP_POLLING in if_capabilities, but
not in if_capenable.
- On detach driver calls ether_poll_deregister() if polling is enabled.
- In polling handler driver obtains its lock and checks IFF_DRV_RUNNING
flag. If there is no, then unlocks and returns.
- In ioctl handler driver checks for IFCAP_POLLING flag requested to
be set or cleared. Driver first calls ether_poll_[de]register(), then
obtains driver lock and [dis/en]ables interrupts.
- In interrupt handler driver checks IFCAP_POLLING flag in if_capenable.
If present, then returns.This is important to protect from spurious
interrupts.
Reviewed by: ru, sam, jhb
to avoid touching pageable memory while holding a mutex.
Simplify argument list replacement logic.
PR: kern/84935
Submitted by: "Antoine Pelisse" apelisse AT gmail.com (in a different form)
MFC after: 3 days
file cannot be linked into place when requested (not required) to do it,
reassure them that cpio is still intelligent enough that it will perform
a full copy instead.