67524 Commits

Author SHA1 Message Date
Robert Watson
1bd0b24685 o Update sysctl.8 to reflect renaming of various security-related
sysctls, and to introduce new ones.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 21:55:22 +00:00
Mark Murray
018925b883 Invoke the new 'unifdef:' target, and make this lib a complete subset
of the crypto (master) code.
2001-11-30 21:55:10 +00:00
Robert Watson
6f3933fa6f o Introduce kern.security.bsd.unprivileged_read_msgbuf, which allows
the administrator to restrict access to the kernel message buffer.
  It defaults to '1', which permits access, but if set to '0', requires
  that the process making the sysctl() have appropriate privilege.
o Note that for this to be effective, access to this data via system
  logs derived from /dev/klog must also be limited.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 21:40:52 +00:00
Bruce A. Mah
fdd5b232b2 New release note: send-pr(1) -a (+ MFC).
MFC noted:  Increased TCP sndspace/rcvspace defaults.
2001-11-30 21:37:25 +00:00
Mark Murray
b3c1c587b6 Diff-reduce WRT src/secure/*telnet*/Makefile.
Also, add an "unifdef:" target, so that the telnet sources can
be remade from the crypto sources in src/crypto/telnet.
2001-11-30 21:34:51 +00:00
Matthew Dillon
d912c694ee The transmit burst limit for newreno completely breaks TCP's performance
if the receive side is using delayed acks.  Temporarily remove it.

MFC after:	0 days
2001-11-30 21:33:39 +00:00
Robert Watson
e409590d0e o Further sysctl name simplification, generally stripping 'permitted',
using '_'s more consistently.

Discussed with:	bde, jhb
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 21:33:16 +00:00
Mark Murray
d282330c31 Style clean-up, and diff-reduce WRT src/secure/*telnet*/Makefile
Lost in this commit - KerberosIV compatability. This will be
re-added later.
2001-11-30 21:14:44 +00:00
Mark Murray
acf4d74a74 Style clean-up, and diff-reduce WRT src/secure/*/telnet/Makefile 2001-11-30 21:12:31 +00:00
Mark Murray
f3c99bd05e Clean up makefiles, and turn on WARNS=2. Take into account the telnet
#if cleanup.
2001-11-30 21:10:58 +00:00
Mark Murray
401eb6965c Forced commit.
This file was taken from the Heimdal implementation of Kerberos 5, done
by KTH.
2001-11-30 21:09:11 +00:00
Mark Murray
8fa113e5fc Very large style makeover.
1) ANSIfy.
2) Clean up ifdefs so that
   a) ones that never/always apply are appropriately either
      fully removed, or just the #if junk is removed.
   b) change #if defined(FOO) for appropiate values of FOO.
      (currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff

This code can now be unifdef(1)ed to make non-crypto telnet.
2001-11-30 21:06:38 +00:00
Robert Watson
48713bdc3c o Move current inhabitants of kern.security to kern.security.bsd, so
that new models can inhabit kern.security.<modelname>.
o While I'm there, shorten somewhat excessive variable names, and clean
  things up a little.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 20:58:31 +00:00
Robert Watson
433a202297 o Improve consistency of style by fixing tabs around _PATH_AUTHCONF. 2001-11-30 16:25:09 +00:00
Robert Watson
0caeee4e36 o Introduce _PATH_CAPABILITY and _PATH_CAPABILITY_DB to the system
path set.  These files will hold per-user capability information.

Obtained from:	TrustedBSD Project
Submitted by:	tmm
2001-11-30 16:24:20 +00:00
Mitsuru IWASAKI
931a10c9d2 Add a couple of minor changes.
- set sc->acpi_s4bios to 1 by default for hibernation until
   OS-initiated S4 transition is implemented.
 - change the behavior of acpi_sleep_state_sysctl() if new value is
   the same as old one, do nothing instead of EINVAL.
2001-11-30 16:06:00 +00:00
Robert Watson
24373ce6ed Use 'mkdir -p /.attribute/system' instead of breaking it into
two seperate mkdir targets.

Submitted by:	jedgar
2001-11-30 15:32:07 +00:00
Robert Watson
cff9580525 Use 'mkdir -p /.attribute/system' instead of breaking it into
two seperate mkdir targets.
2001-11-30 15:21:20 +00:00
Robert Watson
15f1c8d3d2 README.extattr incorrectly specified sample command lines for
UFS_EXTATTR_AUTOSTART.  Insert the missing 'initattr' arguments
to extattrctl.

Noticed by:	green
2001-11-30 15:15:27 +00:00
Brian Somers
add3c04151 Pay attention to failures to SIOCAIFADDR and SIOCDIFFADDR. 2001-11-30 14:01:21 +00:00
Brian Somers
c4a913b6b8 Don't provide an RTA_GATEWAY sockaddr when we write RTM_CHANGE messages
to the routing socket.

The local address on a point-to-point interface is not actually a
gateway address - despite it appearing in the second column of
netstat -r's output.  Providing a gateway to an RTM_CHANGE will
currently change the route's interface so that it's using the
specified gateway - not what we want.

Patiently explained to me by:	ru
2001-11-30 14:01:20 +00:00
Brian Somers
2ea80d6d37 Add some DEBUG logging to tell us when interface addresses are being
added and removed
2001-11-30 14:01:18 +00:00
Brian Somers
0f02fdac67 During SIOCAIFADDR, if in_ifinit() fails and we've already added an
interface address, blow the address away again before returning the
error.

In in_ifinit(), if we get an error from rtinit() and we've also got
a destination address, return the error rather than masking EEXISTS.
Failing to create a host route when configuring an interface should
be treated as an error.
2001-11-30 14:00:55 +00:00
Alexey Zelkin
4a57e677c7 Merge NetBSD's changes from netbsd_strtod.c in preparation of
removing it from our source tree in order to have one version
of strtod() for all arches. netbsd_strtod.c still left in source
tree until alpha folks make sure that our native strtod() works
as well as NetBSD's one.

Reviewed by: peter, bde (some time ago)
2001-11-30 12:48:30 +00:00
Peter Wemm
304dea369a cpuid bit 30 is 'IA64', for when you're running in i386 mode on an ia64
cpu.  (This is for either userland apps running in i386 mode on an ia64
OS, or when the cpu is in i386 legacy mode running an i386 OS).
2001-11-30 11:57:23 +00:00
Crist J. Clark
28f49c6daf Make the error messaging more helpful.
PR:		31483
Approved by:	iwasaki, ru
MFC after:	4 days
2001-11-30 11:35:01 +00:00
Ruslan Ermilov
bd7142087b - Make ip_rtaddr() global, and use it to look up the correct source
address in icmp_reflect().
- Two new "struct icmpstat" members: icps_badaddr and icps_noroute.

PR:		kern/31575
Obtained from:	BSD/OS
MFC after:	1 week
2001-11-30 10:40:28 +00:00
Doug Rabson
6759374681 * Don't use critical_enter/critical_exit when accessing the VHPT - its
pointless and would be inadequate for SMP systems. We will rely on the
  VM system's locks to serialise this for now.
* Change pmap_remove() so that if the range being removed is larger than
  the number of pages mapped by the pmap, we iterate over the currently
  mapped pages instead of over the virtual address range. This should
  make a difference when removing large virtual address ranges from an
  address space.
2001-11-30 10:07:54 +00:00
Andrey A. Chernov
f157f22f4e Properly classify 0x80 - 0xa0 range 2001-11-30 07:19:21 +00:00
Valentino Vaschetto
ba03376142 Spelling error: dependant -> dependent
PR
2001-11-30 07:18:23 +00:00
Andrey A. Chernov
bb11c9f1fb Add 0x98 to CONTROL section 2001-11-30 07:10:08 +00:00
Alfred Perlstein
25993d3a47 Back out my 'fix', resid is different for strategy than for write 2001-11-30 06:24:34 +00:00
Bill Fenner
7735bb0f64 Implement several of the c99 updates to printf(3):
- New length modifiers: hh, j, t, z.
 - New flag: '.  Note that %'f is not yet implemented.
 - Use "inf"/"nan" for efg formats, "INF"/"NAN" for EFG formats.
 - Implemented %q in terms of %ll; if "quad_t" is not "long long"
   %q will break.

Still to do:
 - %C, %S, %lc, %ls (wide character support)
 - %'f (thousands in integer portion of %f)
 - %a/%A (exact hex representation of floating-point numbers)

Garrett Wollman wrote the first version of the vfprintf.c update;
Mike Barcroft wrote the first version of the printf.3 changes.
2001-11-30 06:12:15 +00:00
Alfred Perlstein
58cbb07307 Make the same fix for writes to RAW objects. 2001-11-30 05:59:47 +00:00
Alfred Perlstein
fd19a949b4 write should return the number of bytes written, not 0 on success.
Submitted by: Jonathan Mini <mini@haikugeek.com>
PR: kern/32350
2001-11-30 05:54:30 +00:00
Andrey A. Chernov
f2f94c9675 Clarify isblank range 2001-11-30 05:39:08 +00:00
Andrey A. Chernov
45c5ff77ea Start every data line with keyword 2001-11-30 05:24:09 +00:00
Andrey A. Chernov
3fd63c5560 Cleanup: cosmetique, standards conformance, BLANK/SPACE/GRAPH relation 2001-11-30 05:05:53 +00:00
Andrey A. Chernov
a72d401cce Clarify valid isspace() range 2001-11-30 02:01:32 +00:00
Andrey A. Chernov
40df10c3ae Clean DIGIT/XDIGIT sections 2001-11-30 01:22:01 +00:00
Brian S. Dean
3494d26527 killall operates on all processes owned by the real uid, not the
effective uid.

MFC after:	3 days
2001-11-30 00:30:28 +00:00
Luigi Rizzo
aec846d484 Per jlemon request, reintroduce some printf() when an
mbuf allocation fails, and fix (i hope) a couple of style bugs.

I believe these printf() are extremely dangerous because now they can
occur on every incoming packet and are not rate limited. They were
meant to warn the sysadmin about lack of resources, but now they
can become a nice way to panic your system under load.

Other drivers (e.g. the fxp driver) have nothing like this.

There is a pending discussion on putting this kind of warnings
elsewhere, and I hope we can fix this soon.
2001-11-29 23:47:47 +00:00
Bruce A. Mah
5b9f1319fe Reword pciconf(8) -v release to be a little more useful (now that I
understand what it does), move it to the userland section, and note MFC.
2001-11-29 23:41:14 +00:00
Bruce A. Mah
acd844e79d New release notes: ciss driver, sbni driver.
(Hardware list updated accordingly.)
2001-11-29 23:24:41 +00:00
Luigi Rizzo
01faf54bb0 For i386 architecture, remove an expensive m_devget() (and the
underlying unaligned bcopy) on incoming packets that are already
available (albeit unaligned) in a buffer.
The performance improvement varies, depending on CPU and memory
speed, but can be quite large especially on slow CPUs. I have seen
over 50% increase on forwarding speed on the sis driver for the
486/133 (embedded systems), which does exactly the same thing.

The behaviour is controlled by a sysctl variable, hw.dc_quick which
defaults to 1. Set it to 0 to restore the old behaviour.

After running a few experiments (in userland, though) I am convinced
that doing the m_devget() is detrimental to performance in almost
all cases.

Even if your CPU has degraded performance with misaligned data,
the bcopy() in the driver has the same overhead due to misaligment
as the one that you save in the uiomove(), plus you do one extra
copy and pollute the cache.

But more often than not, you do not even have to touch the payload,
e.g. when you are forwarding packets, and even in the often-cited
case of NFS, you often end up passing a pointer to the payload to
the disk controller.

In any case, you can play with the sysctl variable to toggle between
the two behaviours, and see if it makes a difference.

MFC-after: 3 days
2001-11-29 22:46:48 +00:00
Brian Feldman
7d8cee925b Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last
OpenSSH import) declaration and strdup(3)ing a value which is later
free(3)d, rather than letting the system try to free it invalidly.
2001-11-29 21:16:11 +00:00
Bruce A. Mah
57d484c8cc Bring release note on /dev/net into line with reality. 2001-11-29 19:00:16 +00:00
Alfred Perlstein
8c7daee735 Fold ANDREW_LOCKD into -current. 2001-11-29 17:36:45 +00:00
Brian Feldman
a240291a2a Note that stty is a utility and not... err... a program....
Submitted by:	ru
2001-11-29 15:46:54 +00:00
Andrew Gallatin
a58b29a603 fix DIAGNOSTIC panic caused by proc/thread typo
tested by: Martijn Pronk <martijn@smartie.xs4all.nl>
2001-11-29 15:33:46 +00:00