Commit Graph

497 Commits

Author SHA1 Message Date
Sam Leffler
167f409fd6 config+build glue for Atheros support 2003-06-25 14:51:20 +00:00
Sam Leffler
a826874f28 add "no RNG support options" for ubsec and hifn drivers 2003-06-25 14:49:24 +00:00
Hartmut Brandt
02152e8f90 Make the netgraph ATM node compilable into the kernel. 2003-06-25 13:21:04 +00:00
Jake Burkholder
28ab032ea9 Moved the syscons options, kbd options and DEV_SPLASH to the MI options
file.
2003-06-18 15:25:01 +00:00
Poul-Henning Kamp
22db1e9ff5 Add "GEOM_FOX", a class which detects and selects between multiple
redundant paths to the same device.

This class reacts to a label in the first sector of the device,
which is created the following way:

        #    "0123456789abcdef012345..."
        #    "<----magic-----><-id-...>
        echo "GEOM::FOX       someid" | dd of=/dev/da0 conv=sync

NB: Since the fact that multiple disk devices are in fact the same
    device is not known to GEOM, the geom taste/spoil process cannot
    fully catch all corner cases and this module can therefore be
    confused if you do the right wrong things.

NB: The disk level drivers need to do the right thing for this to
    be useful, and that is not by definition currently the case.
2003-06-18 09:29:28 +00:00
Warner Losh
7b22d083ff New global option: BURN_BRIDGES
Compile out code that will disappear in 6.0, per Peter Wemm's bridge
burning proposal.
2003-06-12 04:39:32 +00:00
Scott Long
8c33536c7f Add the MUTEX_NOINLINE option that explicitely de-inlines the mutex
operations.

Submitted by:	jhb
2003-05-18 03:46:30 +00:00
Eric Anholt
42da33c444 Update the DRM to the latest from DRI CVS. Includes some bugfixes and removal
of the infrastructure for the gamma driver which was removed a while back.
The DRM_LINUX option is removed because the handler is now provided by the
linux compat code itself.
2003-04-25 01:18:47 +00:00
John Baldwin
8667535d13 NO_COMPAT_FREEBSD4 is no longer used. 2003-04-15 20:59:43 +00:00
Robert Watson
3757e11997 Re-add MUTEX_DEBUG and MUTEX_PROFILING, which got hosed by rejected
chunks from bde's patch.

Spotted by:	jhb
2003-04-15 20:49:48 +00:00
Robert Watson
d971c22b4a Improve consistency, ordering, style of options:
- Remove extra blank lines
- Sort options
- Remove comments that belong in NOTES

Submitted by:	bde (older revision)
2003-04-15 19:43:52 +00:00
Robert Watson
e965edfda2 Add MAC_ALWAYS_LABEL_MBUF to options; this permits the administrator
to force the allocation of MAC labels for all mbufs regardless of
whether a configured policy requires labeling when the mbuf is
allocated.  This can be useful it you anticipate loading a fully
labeled policy after boot and don't want mbufs to exist without
label storage, for performance measurement purposes, etc.  It also
slightly lowers the overhead of m_tag labeling due to removing the
decision logic.

While here, improve commenting of other MAC options.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-04-14 21:45:12 +00:00
Dag-Erling Smørgrav
ed9adee74c Options that go into homonymous headers shouldn't specify the header name.
Submitted by:	Hiten Pandya <hiten@unixdaemons.com>
2003-04-12 09:40:37 +00:00
Mike Silbersack
53dcc544a8 Rename MBUF_FRAG_TEST to MBUF_STRESS_TEST as it will be extended
to include more than just frag tests.
2003-04-12 06:11:46 +00:00
Tor Egge
5bbb806004 Add support for reading directly from file to userland buffer when the
O_DIRECT descriptor status flag is set and both offset and length is a
multiple of the physical media sector size.
2003-03-26 23:40:42 +00:00
Robert Watson
eae870cdb4 Add a new kernel option, MALLOC_MAKE_FAILURES, which compiles
in a debugging feature causing M_NOWAIT allocations to fail at
a specified rate.  This can be useful for detecting poor
handling of M_NOWAIT: the most frequent problems I've bumped
into are unconditional deference of the pointer even though
it's NULL, and hangs as a result of a lost event where memory
for the event couldn't be allocated.  Two sysctls are added:

debug.malloc.failure_rate

  How often to generate a failure: if set to 0 (default), this
  feature is disabled.  Otherwise, the frequency of failures --
  I've been using 10 (one in ten mallocs fails), but other
  popular settings might be much lower or much higher.

debug.malloc.failure_count

  Number of times a coerced malloc failure has occurred as a
  result of this feature.  Useful for tracking what might have
  happened and whether failures are being generated.

Useful possible additions: tying failure rate to malloc type,
printfs indicating the thread that experienced the coerced
failure.

Reviewed by:	jeffr, jhb
2003-03-26 20:18:40 +00:00
Mike Silbersack
9d9edc5693 Add the MBUF_FRAG_TEST option. When compiled in, this option
allows you to tell ip_output to fragment all outgoing packets
into mbuf fragments of size net.inet.ip.mbuf_frag_size bytes.
This is an excellent way to test if network drivers can properly
handle long mbuf chains being passed to them.

net.inet.ip.mbuf_frag_size defaults to 0 (no fragmentation)
so that you can at least boot before your network driver dies. :)
2003-03-25 05:45:05 +00:00
Sam Leffler
b7c4858f1e o add crypto driver glue for using the new rndtest driver/module; this is
conditional in each driver on foo_RNDTEST being defined_
o bring HIFN_DEBUG and UBSEC_DEBUG out to be visible options; they control
  the debugging printfs that are set with hw.foo.debug (e.g. hw.hifn.debug)
2003-03-11 22:47:06 +00:00
Shunsuke Akiyama
20280807ca Fix device freeze to reduce output packet size.
And make this value configurable by kernel config or sysctl.
2003-03-09 11:50:27 +00:00
Tim J. Robbins
74c69254e6 Remove unimplemented IP-in-IPX encapsulation support (options IPTUNNEL). 2003-03-08 06:58:22 +00:00
Alan Cox
09c80124a3 Remove ENABLE_VFS_IOOPT. It is a long unfinished work-in-progress.
Discussed on:	arch@
2003-03-06 03:41:02 +00:00
Peter Wemm
3c6b084e96 Finish driving a stake through the heart of netns and the associated
ifdefs scattered around the place - its dead Jim!

The SMB stuff had stolen AF_NS, make it official.
2003-03-05 19:24:24 +00:00
David Schultz
9c62b3ee7c Make TTYHOG tunable.
Reviewed by:	mike (mentor)
2003-03-05 08:16:29 +00:00
Robert Watson
03d031626d A cute yet small MAC policy that provides a simple ACL mechanism to
permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh.  The policy is twiddled using
sysctl(8).  To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired.  This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack.  It appears to work properly in my local configuration,
but needs more broad testing.

A sample policy might be:

  # sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"

This permits uid 425 to bind TCP sockets to ports 79 and 80.  Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-03-02 23:01:42 +00:00
Marcel Moolenaar
907cf80fbf Remove support for running in SimOS. The support has rotted over
time and there's no indication that it will improve anytime soon.
By removing support for SimOS it is possible to build LINT on
Alpha, which is considered more important at the moment.

Not objected to on: alpha@
2003-02-25 00:42:40 +00:00
Sam Leffler
14dd6717f8 Add a new config option IPSEC_FILTERGIF to control whether or not
packets coming out of a GIF tunnel are re-processed by ipfw, et. al.
By default they are not reprocessed.  With the option they are.

This reverts 1.214.  Prior to that change packets were not re-processed.
After they were which caused problems because packets do not have
distinguishing characteristics (like a special network if) that allows
them to be filtered specially.

This is really a stopgap measure designed for immediate MFC so that
4.8 has consistent handling to what was in 4.7.

PR:		48159
Reviewed by:	Guido van Rooij <guido@gvr.org>
MFC after:	1 day
2003-02-23 00:47:06 +00:00
Joerg Wunsch
e1df235292 Finally make vinum ready for the root filesystem in FreeBSD 5.x. (A
similar patch has been in 4.x for a while, but is more hacky there.)

For this to work, vinum has to be loaded early (e. g. from
boot/loader), for obvious reasons.  If the kernel env variable
(aka. loader variable) "vinum.autostart" is set, vinum then asks the
sysctl kern.disks for all available disks in the system, and scans
them for possible vinum headers.

For statically compiled kernels, this behaviour can be obtained even
without boot/loader by using "options VINUM_AUTOSTART" (though this is
not the recommended way).

Alternatively, the 4.x way to specify "vinum.drives" is also supported.

No further hacks (like the 4.x "vinum.root" variable) are needed,
since in 5.x, mountroot() asks back at the drivers to have them
resolve the name of the root FS into a dev_t (using the dev_clone
eventhandler).

(The MFC reminder below is for a partial MFC for vinum.autostart, the
rest is already there in 4.x.)

Timed out on:	grog
MFC after:	2 weeks
2003-02-05 21:02:56 +00:00
Gordon Tetlow
cd53fddb6a Add config glue to add an optional GEOM_VOL to add optional volume support.
Reviewed by:	jake (mentor)
2003-02-03 17:35:54 +00:00
Poul-Henning Kamp
83dde52716 Add a rudimentary class for slicing Apple partitioned disks.
More work is needed on this, stakeholders please contact me.

Not quite asked for by:	rwatson
2003-01-31 16:27:07 +00:00
Poul-Henning Kamp
91898abc5e Bang! Bang! Bang! etc etc
Remove NODEVFS and NO_GEOM from options.

Approved by:	trb@
2003-01-28 09:04:19 +00:00
Jeff Roberson
c3384118a1 - Introduce the SCHED_ULE and SCHED_4BSD options for compile time selection
of the scheduler.
 - Add SCHED_4BSD as the scheduler for all kernel config files in cvs.
2003-01-26 05:29:12 +00:00
Poul-Henning Kamp
d3cd81e026 Move NODEVFS and NO_GEOM to opt_global.h.
This allows me to mark code which they control with #ifdef without
polluting files with #includes of opt_devfs.h and opt_geom.h.

Once these two options are removed, this will allow mechanical removal
of the bits their removal makes obsolete.
2003-01-19 10:02:47 +00:00
Yoshihiro Takahashi
1f23083ab9 Fixed comment. 2003-01-18 08:26:42 +00:00
Poul-Henning Kamp
d2128d818f Add a very simple but functional GEOM mirror class.
This is committed more as an instructive tool than as a production
facility, but this will change over time.
2003-01-14 22:44:48 +00:00
Robert Watson
c47257370f Hook up kernel options and build information for mac_lomac.
Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-11-26 17:32:39 +00:00
Juli Mallett
5f07565bcb Move SHOW_BUSYBUFS and PANIC_REBOOT_WAIT_TIME into the MI options file, since
MI code uses them, and every platform provides them (except x86_64 whose
options file was lacking one).

Reviewed by:	bde, rwatson
2002-11-18 06:17:07 +00:00
Matthew N. Dodd
1c54ff3315 Convert kernel compile option PCI_ALLOW_UNSUPPORTED_IO_RANGE to
a loader tunable hw.pci.allow_unsupported_io_range.

Submitted by:	 Hiten Pandya <hiten@angelica.unixdaemons.com>
Approved by:	 re (murray)
2002-11-13 09:42:25 +00:00
Peter Wemm
23eeeff7be Split 4.x and 5.x signal handling so that we can keep 4.x signal
handling clean and functional as 5.x evolves.  This allows some of the
nasty bandaids in the 5.x codepaths to be unwound.

Encapsulate 4.x signal handling under COMPAT_FREEBSD4 (there is an
anti-foot-shooting measure in place, 5.x folks need this for a while) and
finish encapsulating the older stuff under COMPAT_43.  Since the ancient
stuff is required on alpha (longjmp(3) passes a 'struct osigcontext *'
to the current sigreturn(2), instead of the 'ucontext_t *' that sigreturn
is supposed to take), add a compile time check to prevent foot shooting
there too.  Add uniform COMPAT_43 stubs for ia64/sparc64/powerpc.

Tested on: i386, alpha, ia64.  Compiled on sparc64 (a few days ago).
Approved by: re
2002-10-25 19:10:58 +00:00
Robert Watson
eae2f20c47 Provide kernel options for the various MAC policy modules so that
they may be statically linked into the kernel.  Note that statically
linked modules, unlike dynamically linked modules, get INVARIANTS,
so if there are INVARIANTS failures, you'll bump into them rather
than not.  Add the options to NOTES.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-24 17:21:40 +00:00
Scott Long
f9d186edc8 After much delay and anticipation, welcome RAIDFrame into the FreeBSD
world.  This should be considered highly experimental.

Approved-by:	re
2002-10-20 08:17:39 +00:00
Poul-Henning Kamp
19b5c7bc4b Add Geom Based Disk Encryption to the tree.
This is an encryption module designed for to secure denial of access
to the contents of "cold disks" with or without destruction activation.

Major features:

   * Based on AES, MD5 and ARC4 algorithms.
   * Four cryptographic barriers:
        1) Pass-phrase encrypts the master key.
        2) Pass-phrase + Lock data locates master key.
        3) 128 bit key derived from 2048 bit master key protects sector key.
        3) 128 bit random single-use sector keys protect data payload.
   * Up to four different changeable pass-phrases.
   * Blackening feature for provable destruction of master key material.
   * Isotropic disk contents offers no information about sector contents.
   * Configurable destination sector range allows steganographic deployment.

This commit adds the kernel part, separate commits will follow for the
userland utility and documentation.

This software was developed for the FreeBSD Project by Poul-Henning Kamp and
NAI Labs, the Security Research Division of Network Associates, Inc.  under
DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
research program.

Many thanks to Robert Watson, CBOSS Principal Investigator for making this
possible.

Sponsored by:   DARPA & NAI Labs.
2002-10-19 17:02:17 +00:00
Sam Leffler
b9234fafa0 Tie new "Fast IPsec" code into the build. This involves the usual
configuration stuff as well as conditional code in the IPv4 and IPv6
areas.  Everything is conditional on FAST_IPSEC which is mutually
exclusive with IPSEC (KAME IPsec implmentation).

As noted previously, don't use FAST_IPSEC with INET6 at the moment.

Reviewed by:	KAME, rwatson
Approved by:	silence
Supported by:	Vernier Networks
2002-10-16 02:25:05 +00:00
Mike Barcroft
4275e0d98d Remove the P1003_1B kernel option; it is no longer used. 2002-10-13 16:29:17 +00:00
Mike Barcroft
ce43eaeb32 Remove _KPOSIX_VERSION as a kernel option, nothing uses this any more. 2002-10-13 14:29:04 +00:00
Poul-Henning Kamp
3bd6561289 NB: This commit does *NOT* make GEOM the default in FreeBSD
NB: But it will enable it in all kernels not having options "NO_GEOM"

Put the GEOM related options into the intended order.

Add "options NO_GEOM" to all kernel configs apart from NOTES.

In some order of controlled fashion, the NO_GEOM options will be
removed, architecture by architecture in the coming days.

There are currently three known issues which may force people to
need the NO_GEOM option:

boot0cfg/fdisk:
        Tries to update the MBR while it is being used to control
        slices.  GEOM does not allow this as a direct operation.

SCSI floppy drives:
        Appearantly the scsi-da driver return "EBUSY" if no media
        is inserted.  This is wrong, it should return ENXIO.

PC98:
        It is unclear if GEOM correctly recognizes all variants of
        PC98 disklabels.  (Help Wanted!  I have neither docs nor HW)

These issues are all being worked.

Sponsored by:	DARPA & NAI Labs.
2002-10-05 16:35:33 +00:00
Scott Long
316ec49abd Some kernel threads try to do significant work, and the default KSTACK_PAGES
doesn't give them enough stack to do much before blowing away the pcb.
This adds MI and MD code to allow the allocation of an alternate kstack
who's size can be speficied when calling kthread_create.  Passing the
value 0 prevents the alternate kstack from being created.  Note that the
ia64 MD code is missing for now, and PowerPC was only partially written
due to the pmap.c being incomplete there.
Though this patch does not modify anything to make use of the alternate
kstack, acpi and usb are good candidates.

Reviewed by:	jake, peter, jhb
2002-10-02 07:44:29 +00:00
Scott Long
1da8092eea Do away with AAC_COMPAT_LINUX option entirely. The functionality will
automatically be enabled if the kernel is compiled with COMPAT_LINUX.

Submitted by:	jhb
MFC after:	3 days
2002-09-25 15:21:50 +00:00
Scott Long
7419815d60 The AAC_COMPAT_LINUX option was really annoying, since it made the
aac driver dependent on the linux emulation module.  This was
especially bad for the release engineers who tried to move the
aac driver from the kernel onto the drivers floppy.  The linux
compat bits for this driver are now in their own driver, aac_linux.
It can be loaded as a module or compiled into the kernel.  For
the latter case, the AAC_COMPAT_LINUX option is needed, along with
the COMPAT_LINUX option.

I've tested this in every configuration I can think of.  This is an
MFC candidate for 4.7.

Idea from:	rwatson
MFC after:	3 days
2002-09-25 05:00:25 +00:00
Jeff Roberson
4b124a4b8e - Add options ALQ and KTR_ALQ. 2002-09-22 07:14:27 +00:00
John Baldwin
0be15dec9a Ahem, actually add the DDB_TRACE option and finish changing DDB_UNATTENDED
to use its own header.
2002-09-19 18:52:37 +00:00
Alfred Perlstein
3ffb9fadc8 Regen for added syscalls. 2002-09-19 00:48:57 +00:00
Peter Wemm
e94ecf7338 Move the KSTACK_PAGES option from MD to MI. Although not all platforms
support this, we do have MI code that references it and is otherwise
unaware of an override.  The alternative is to put knowledge in these
MI files about which platforms have the opt_kstack_pages.h option file.
It is more likely that other platforms will gain the ability to tune the
kstack size.
2002-09-07 22:07:11 +00:00
Maxim Sobolev
8e96e13e6a Add a new gre(4) driver, which could be used to create GRE (RFC1701)
and MOBILE (RFC2004) IP tunnels.

Obrained from:  NetBSD
2002-09-06 17:12:50 +00:00
Scott Long
3636639d7b Remove options that don't actually exist (in this form). 2002-09-01 07:13:10 +00:00
Justin T. Gibbs
4e7bbbf96c Add support for ahd/ahc register pretty printing in diagnostics.
This feature can be disabled via the AHD/AHC_REG_PRETTY_PRINT kernel
option.

The ahc driver now uses the same debug options mechanism as ahd:
AHC_DEBUG 	- Compile in debugging code
AHC_DEBUG_OPTS	- String of debug options as listed in aic7xxx.h
2002-08-31 06:55:59 +00:00
Archie Cobbs
901fadf792 New L2TP netgraph node type.
Obtained from:	Packet Design
2002-08-20 21:59:50 +00:00
Robert Watson
f050add5c1 Wrap maintenance of varios nmac{objectname} counters in MAC_DEBUG so we
can avoid the cost of a large number of atomic operations if we're not
interested in the object count statistics.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-16 14:21:38 +00:00
Søren Schmidt
fd4b4ecc73 Add the ability to use ATAPI devices via CAM.
The CAM<>ATAPI layer was submitted by "Thomas Quinot <thomas@cuivre.fr.eu.org>"
changes form the version on the net by me (formatting, ability to be used
alone without the ATAPI native device driver, proper speed reporting...)

See /sys/conf/NOTES for usage.

Submitted by: Thomas Quinot <thomas@cuivre.fr.eu.org>
2002-08-09 20:54:06 +00:00
Warner Losh
073eef8ca2 Add code that will download firmware to a Symbol LA4100-series of CF
cards.  Since the firmware is hard coded into the kernel, I've made it
a kernel option (WI_SYMBOL_FIRMWARE).

Note: This only downloads into the RAM of these cards.  It doesn't
download into FLASH, and is somewhat limited.  There needs to be a
better way to deal, but this works for now.  My Symbol LA4132 CF card
works now.

Obtained from: NetBSD
2002-08-03 00:19:58 +00:00
Robert Watson
12e9f256e3 Kernel options for Mandatory Access Control (MAC).
MAC support will be merged into the main tree over the next week in
reasonable size chunks; much more to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-27 19:50:28 +00:00
Warner Losh
a850203de0 Make PCI_ENABLE_IO_MODES a sysctl hw.pci.enable_io_modes. It can also
be set at boot time.  It defaults to 1 now since it can be set in the
boot loader.  If this proves unwise, we can reset it to defaulting to 0.
2002-07-26 07:58:16 +00:00
Peter Wemm
b5d0be8951 Remove dependency on NPCI. Use 'options ATA_NOPCI' to compile without
pci support.  This really needs to be fixed properly some day, but judging
by the fact that the nopci case hasn't compiled for quite a while, there
does not seem to be much urgency.

Reviewed by:	sos
2002-07-21 21:37:09 +00:00
John Baldwin
fbfee3f615 Move SMBFS from i386 and pc98 files and options files to MI files and
options files.
2002-07-15 19:11:21 +00:00
John Baldwin
47a3594e8e The puc(4) driver/bridge is MI, so don't bury it in MD options and files
config files.  It also depends on PCI.
2002-07-15 15:39:10 +00:00
John Baldwin
0b9113359f Sort all the SYSV IPC options. They are still all clumped together, but
at least they are sorted relative to themselves now.
2002-07-15 15:28:16 +00:00
John Baldwin
404b3dcf21 - Properly sort GEOM and NODEVFS.
- GEOM doesn't need to specify a filename, the correct one is chosen by
  default.
2002-07-15 15:25:08 +00:00
John Baldwin
97fef0a119 Make WLCACHE and WLDEBUG MI options. 2002-07-15 15:21:51 +00:00
John Baldwin
7f01180e4e Make NDGBPORTS an MI option since the dgb(4) driver is an MI driver.
Remove comments about NDGBPORTS from the options* files.  Please document
options in NOTES, not in the options* files.
2002-07-15 15:18:34 +00:00
Alfred Perlstein
074453c230 Introduce syscall.master option 'COMPAT4' which allows one to wrap
syscalls for FreeBSD 4 compatibility.
Add kernel option COMPAT_FREEBSD4 to enable these syscalls.
2002-07-12 06:38:34 +00:00
Kenneth D. Merry
2c8f5a28bb Move the MSIZE and MCLSHIFT options out of the undocumented section in
NOTES.  Add some comments about the potential problems associated with NIC
driver modules and changing these options.

Fix sorting problems in sys/conf/options with the MSIZE and MCLSHIFT
options.

Reviewed by:	bde
2002-07-11 04:15:53 +00:00
Mark Peek
b7c5c8fb06 Back out previous TCBHASHSIZE change. This should not be a kernel option.
Pointed out by:	bde
2002-07-08 22:00:43 +00:00
Mark Peek
08d6c46194 Document TCBHASHSIZE in NOTES and add it to the allowable kernel options.
PR:		32912
Submitted by:	Carl Schmidt <carl@slackerbsd.org>
MFC after:	3 days
2002-07-08 02:53:59 +00:00
Kenneth D. Merry
98cb733c67 At long last, commit the zero copy sockets code.
MAKEDEV:	Add MAKEDEV glue for the ti(4) device nodes.

ti.4:		Update the ti(4) man page to include information on the
		TI_JUMBO_HDRSPLIT and TI_PRIVATE_JUMBOS kernel options,
		and also include information about the new character
		device interface and the associated ioctls.

man9/Makefile:	Add jumbo.9 and zero_copy.9 man pages and associated
		links.

jumbo.9:	New man page describing the jumbo buffer allocator
		interface and operation.

zero_copy.9:	New man page describing the general characteristics of
		the zero copy send and receive code, and what an
		application author should do to take advantage of the
		zero copy functionality.

NOTES:		Add entries for ZERO_COPY_SOCKETS, TI_PRIVATE_JUMBOS,
		TI_JUMBO_HDRSPLIT, MSIZE, and MCLSHIFT.

conf/files:	Add uipc_jumbo.c and uipc_cow.c.

conf/options:	Add the 5 options mentioned above.

kern_subr.c:	Receive side zero copy implementation.  This takes
		"disposable" pages attached to an mbuf, gives them to
		a user process, and then recycles the user's page.
		This is only active when ZERO_COPY_SOCKETS is turned on
		and the kern.ipc.zero_copy.receive sysctl variable is
		set to 1.

uipc_cow.c:	Send side zero copy functions.  Takes a page written
		by the user and maps it copy on write and assigns it
		kernel virtual address space.  Removes copy on write
		mapping once the buffer has been freed by the network
		stack.

uipc_jumbo.c:	Jumbo disposable page allocator code.  This allocates
		(optionally) disposable pages for network drivers that
		want to give the user the option of doing zero copy
		receive.

uipc_socket.c:	Add kern.ipc.zero_copy.{send,receive} sysctls that are
		enabled if ZERO_COPY_SOCKETS is turned on.

		Add zero copy send support to sosend() -- pages get
		mapped into the kernel instead of getting copied if
		they meet size and alignment restrictions.

uipc_syscalls.c:Un-staticize some of the sf* functions so that they
		can be used elsewhere.  (uipc_cow.c)

if_media.c:	In the SIOCGIFMEDIA ioctl in ifmedia_ioctl(), avoid
		calling malloc() with M_WAITOK.  Return an error if
		the M_NOWAIT malloc fails.

		The ti(4) driver and the wi(4) driver, at least, call
		this with a mutex held.  This causes witness warnings
		for 'ifconfig -a' with a wi(4) or ti(4) board in the
		system.  (I've only verified for ti(4)).

ip_output.c:	Fragment large datagrams so that each segment contains
		a multiple of PAGE_SIZE amount of data plus headers.
		This allows the receiver to potentially do page
		flipping on receives.

if_ti.c:	Add zero copy receive support to the ti(4) driver.  If
		TI_PRIVATE_JUMBOS is not defined, it now uses the
		jumbo(9) buffer allocator for jumbo receive buffers.

		Add a new character device interface for the ti(4)
		driver for the new debugging interface.  This allows
		(a patched version of) gdb to talk to the Tigon board
		and debug the firmware.  There are also a few additional
		debugging ioctls available through this interface.

		Add header splitting support to the ti(4) driver.

		Tweak some of the default interrupt coalescing
		parameters to more useful defaults.

		Add hooks for supporting transmit flow control, but
		leave it turned off with a comment describing why it
		is turned off.

if_tireg.h:	Change the firmware rev to 12.4.11, since we're really
		at 12.4.11 plus fixes from 12.4.13.

		Add defines needed for debugging.

		Remove the ti_stats structure, it is now defined in
		sys/tiio.h.

ti_fw.h:	12.4.11 firmware.

ti_fw2.h:	12.4.11 firmware, plus selected fixes from 12.4.13,
		and my header splitting patches.  Revision 12.4.13
		doesn't handle 10/100 negotiation properly.  (This
		firmware is the same as what was in the tree previously,
		with the addition of header splitting support.)

sys/jumbo.h:	Jumbo buffer allocator interface.

sys/mbuf.h:	Add a new external mbuf type, EXT_DISPOSABLE, to
		indicate that the payload buffer can be thrown away /
		flipped to a userland process.

socketvar.h:	Add prototype for socow_setup.

tiio.h:		ioctl interface to the character portion of the ti(4)
		driver, plus associated structure/type definitions.

uio.h:		Change prototype for uiomoveco() so that we'll know
		whether the source page is disposable.

ufs_readwrite.c:Update for new prototype of uiomoveco().

vm_fault.c:	In vm_fault(), check to see whether we need to do a page
		based copy on write fault.

vm_object.c:	Add a new function, vm_object_allocate_wait().  This
		does the same thing that vm_object allocate does, except
		that it gives the caller the opportunity to specify whether
		it should wait on the uma_zalloc() of the object structre.

		This allows vm objects to be allocated while holding a
		mutex.  (Without generating WITNESS warnings.)

		vm_object_allocate() is implemented as a call to
		vm_object_allocate_wait() with the malloc flag set to
		M_WAITOK.

vm_object.h:	Add prototype for vm_object_allocate_wait().

vm_page.c:	Add page-based copy on write setup, clear and fault
		routines.

vm_page.h:	Add page based COW function prototypes and variable in
		the vm_page structure.

Many thanks to Drew Gallatin, who wrote the zero copy send and receive
code, and to all the other folks who have tested and reviewed this code
over the years.
2002-06-26 03:37:47 +00:00
Nick Hibma
d8dbc77c56 Make the speed used by gdb over serial settable in the kernel configuration.
This facilitates the use in circumstances where you are using a serial
console as well. GDB doesn't support anything higher than 9600 baud (19k2
if you are lucky), but the console does.
2002-06-18 21:30:37 +00:00
Robert Watson
1bde53c130 POSIX.1e capabilities aren't here yet, don't put an option for it
in the options file.
2002-06-13 22:41:23 +00:00
Poul-Henning Kamp
11b2dcdbbe Put geom_gpt.c under the GEOM option instead of having a special GEOM_GPT
option for it.
2002-06-10 18:49:41 +00:00
John Baldwin
363ba2bcfd According to Bruce, this file shouldn't have comments to describe what
options do.  Comments should be in NOTES and having the comments in two
places usually means that one place will just bitrot.  Thus, remove the
comment for KTRACE_REQUEST_POOL from the previous revision.

Requested by:	bde
2002-06-07 14:33:23 +00:00
John Baldwin
ea3fc8e4cd Overhaul the ktrace subsystem a bit. For the most part, the actual vnode
operations to dump a ktrace event out to an output file are now handled
asychronously by a ktrace worker thread.  This enables most ktrace events
to not need Giant once p_tracep and p_traceflag are suitably protected by
the new ktrace_lock.

There is a single todo list of pending ktrace requests.  The various
ktrace tracepoints allocate a ktrace request object and tack it onto the
end of the queue.  The ktrace kernel thread grabs requests off the head of
the queue and processes them using the trace vnode and credentials of the
thread triggering the event.

Since we cannot assume that the user memory referenced when doing a
ktrgenio() will be valid and since we can't access it from the ktrace
worker thread without a bit of hassle anyways, ktrgenio() requests are
still handled synchronously.  However, in order to ensure that the requests
from a given thread still maintain relative order to one another, when a
synchronous ktrace event (such as a genio event) is triggered, we still put
the request object on the todo list to synchronize with the worker thread.
The original thread blocks atomically with putting the item on the queue.
When the worker thread comes across an asynchronous request, it wakes up
the original thread and then blocks to ensure it doesn't manage to write a
later event before the original thread has a chance to write out the
synchronous event.  When the original thread wakes up, it writes out the
synchronous using its own context and then finally wakes the worker thread
back up.  Yuck.  The sychronous events aren't pretty but they do work.

Since ktrace events can be triggered in fairly low-level areas (msleep()
and cv_wait() for example) the ktrace code is designed to use very few
locks when posting an event (currently just the ktrace_mtx lock and the
vnode interlock to bump the refcoun on the trace vnode).  This also means
that we can't allocate a ktrace request object when an event is triggered.
Instead, ktrace request objects are allocated from a pre-allocated pool
and returned to the pool after a request is serviced.

The size of this pool defaults to 100 objects, which is about 13k on an
i386 kernel.  The size of the pool can be adjusted at compile time via the
KTRACE_REQUEST_POOL kernel option, at boot time via the
kern.ktrace_request_pool loader tunable, or at runtime via the
kern.ktrace_request_pool sysctl.

If the pool of request objects is exhausted, then a warning message is
printed to the console.  The message is rate-limited in that it is only
printed once until the size of the pool is adjusted via the sysctl.

I have tested all kernel traces but have not tested user traces submitted
by utrace(2), though they should work fine in theory.

Since a ktrace request has several properties (content of event, trace
vnode, details of originating process, credentials for I/O, etc.), I chose
to drop the first argument to the various ktrfoo() functions.  Currently
the functions just assume the event is posted from curthread.  If there is
a great desire to do so, I suppose I could instead put back the first
argument but this time make it a thread pointer instead of a vnode pointer.

Also, KTRPOINT() now takes a thread as its first argument instead of a
process.  This is because the check for a recursive ktrace event is now
per-thread instead of process-wide.

Tested on:	i386
Compiles on:	sparc64, alpha
2002-06-07 05:32:59 +00:00
Justin T. Gibbs
cdd49e97b4 Hook up the ahd driver. 2002-06-06 16:35:58 +00:00
Alfred Perlstein
6e330f3e36 bde noticed that SOMAXCONN breaks pretty badly as an option for LINT.
so back it out.
2002-06-02 04:32:52 +00:00
Marcel Moolenaar
bcd46c600a Add support to GEOM for GUID Partition Tables (GPTs). The support
is currently conditional on both the GEOM and GEOM_GPT options to
avoid getting GPT by default and having the MBR and GPT classes
clash.
The correct behaviour of the MBR class would be to back-off (reject)
a MBR if it's a Protective MBR (a MBR with a single partition of type
0xEE that spans the whole disk (as far as the MBR is concerned).
The correct behaviour if the GPT class would be to back-off (reject)
a GPT if there's a MBR that's not a Protective MBR.

At this stage it's inconvenient to destroy a good MBR when working
with GPTs that it's more convenient to have the MBR class back-off
when it detects the GPT signature on disk and have the GPT class
ignore the MBR.

In sys/gpt.h UUIDs (GUIDs) for the following FreeBSD partitions
have been defined:

GPT_ENT_TYPE_FREEBSD
	FreeBSD slice with disklabel. This is the equivalent of
	the well-known FreeBSD MBR partition type.
GPT_ENT_TYPE_FREEBSD_{SWAP|UFS|UFS2|VINUM}
	FreeBSD partitions in the context of disklabel. This is
	speculating on the idea to use the GPT to hold partitions
	instead if slices and removing the fixed (and low) limits
	we have on the number of partitions.

This commit lacks a GPT image for the regression suite.
2002-05-28 09:04:48 +00:00
John Baldwin
2498cf8c42 Add code to make default mutexes adaptive if the ADAPTIVE_MUTEXES kernel
option is used (not on by default).

- In the case of trying to lock a mutex, if the MTX_CONTESTED flag is set,
  then we can safely read the thread pointer from the mtx_lock member while
  holding sched_lock.  We then examine the thread to see if it is currently
  executing on another CPU.  If it is, then we keep looping instead of
  blocking.
- In the case of trying to unlock a mutex, it is now possible for a mutex
  to have MTX_CONTESTED set in mtx_lock but to not have any threads
  actually blocked on it, so we need to handle that case.  In that case,
  we just release the lock as if MTX_CONTESTED was not set and return.
- We do not adaptively spin on Giant as Giant is held for long times and
  it slows SMP systems down to a crawl (it was taking several minutes,
  like 5-10 or so for my test alpha and sparc64 SMP boxes to boot up when
  they adaptively spinned on Giant).
- We only compile in the code to do this for SMP kernels, it doesn't make
  sense for UP kernels.

Tested on:	i386, alpha, sparc64
2002-05-21 20:47:11 +00:00
Robert Watson
2bab796d96 Remove IFS from 5.0-CURRENT. This facilitates introducing UFS2 as
IFS had its fingers deep in the belly of the UFS/FFS split.  IFS
will be reimplemented by the maintainer at a later date.

Requested by:	adrian (maintainer)
2002-05-19 00:11:08 +00:00
Tom Rhodes
d394511de3 More s/file system/filesystem/g 2002-05-16 21:28:32 +00:00
Jeff Roberson
0e2d6cc899 Disable the shared locking namei() code for now. It breaks several stacking
filesystems.  This is on hold until the rest of VFS Locking is reviewed and
deemed safe.  It can be enabled with 'options LOOKUP_SHARED'.
2002-05-14 21:59:49 +00:00
Bruce Evans
7085e70878 Reconnect db_elf.c to the build (now under "options DDB_NOKLDSYM"). It
doesn't actually build yet.
2002-05-07 10:59:52 +00:00
Eric Anholt
67a2a28fe4 Hook the DRM up to the build and add it to NOTES.
Approved by:	des
2002-04-28 04:58:40 +00:00
Scott Long
df263cbd02 Add a filesystem driver for the Universal Disk Format. For more info,
see http://people.freebsd.org/~scottl/udf

 MFC after:	when asmodai gets the backport done
 Prodded by:	phk asmodai des
2002-04-14 16:36:49 +00:00
Jeff Roberson
a59f8b9e6c Turn #ifdef LOOKUP_SHARED into #ifndef LOOKUP_EXCLUSIVE to enable this
behavior by default.  Also, change the options line to reflect this.

If there are no problems reported this will become the only behavior and the
knob will be removed in a month or so.

Demanded by:	obrien
2002-04-09 05:14:17 +00:00
Matt Jacob
355904d52f D'oh! I forgot to commit this a while back.
Add an option for enabling f/w crashdumps for the isp driver.

MFC after:	1 week
2002-04-04 23:54:58 +00:00
Ruslan Ermilov
12c79eb288 Dike out a highly insecure UCONSOLE option.
TIOCCONS must be able to VOP_ACCESS() /dev/console to succeed.

Obtained from:	OpenBSD
2002-04-03 10:56:59 +00:00
Dag-Erling Smørgrav
6c35e80948 Mutex profiling code, conditional on the MUTEX_PROFILING option. Adds the
following sysctl variables:

  debug.mutex.prof.enable	    enable / disable profiling
  debug.mutex.prof.acquisitions	    number of mutex acquisitions recorded
  debug.mutex.prof.records	    number of acquisition points recorded
  debug.mutex.prof.maxrecords	    max number of acquisition points
  debug.mutex.prof.rejected	    number of rejections (due to full table)
  debug.mutex.prof.hashsize	    hash size
  debug.mutex.prof.collisions	    number of hash collisions
  debug.mutex.prof.stats	    profiling statistics

The code records four numbers for each acquisition point (identified by
source file name and line number): longest time held, total time held,
number of non-recursive acquisitions, average time held.  The measurements
are in clock cycles (as returned by get_cyclecount(9)); this may cause
measurements on some SMP systems to be unreliable.  This can probably be
worked around by replacing get_cyclecount(9) by some incarnation of
nanotime(9).

This work was derived from initial patches by eivind.
2002-04-02 00:01:49 +00:00
Jake Burkholder
60a57b73ef ktr changes to improve performance and make writing a userland utility to
dump the trace buffer feasible.
- Remove KTR_EXTEND.  This changes the format of the trace entries when
  activated, making writing a userland tool which is not tied to a specific
  kernel configuration difficult.
- Use get_cyclecount() for timestamps.  nanotime() is much too heavy weight
  and requires recursion protection due to ktr traces occuring as a result
  of ktr traces.  KTR_VERBOSE may still require recursion protection, which
  is now conditional on it.
- Allow KTR_CPU to be overridden by MD code.  This is so that it is possible
  to trace early in startup before pcpu and/or curthread are setup.
- Add a version number for the ktr interface.  A userland tool can check this
  to detect mismatches.
- Use an array for the parameters to make decoding in userland easier.
- Add file and line recording to the non-extended traces now that the extended
  version is no more.

These changes will break gdb macros to decode the extended version of the
trace buffer which are floating around.  Users of these macros should either
use the show ktr command in ddb, or use the userland utility which can be run
on a core dump.

Approved by:	jhb
Tested on:	i386, sparc64
2002-04-01 05:35:26 +00:00
Dan Moschuk
e7876c0943 Nuke CV_DEBUG in favour of INVARIANTS.
Approved by: jhb
2002-03-30 03:52:52 +00:00
Nicolas Souchu
c17d43407f Major rework of the iicbus/smbus framework:
- VIA chipset SMBus controllers added
	- alpm driver updated
	- Support for dynamic modules added
	- bktr FreeBSD smbus updated but not tested
	- cleanup
2002-03-23 15:49:15 +00:00
Jeff Roberson
8de00f4a87 This patch adds the "LOCKSHARED" option to namei which causes it to only acquire shared locks on leafs.
The stat() and open() calls have been changed to make use of this new functionality.  Using shared locks in
these cases is sufficient and can significantly reduce their latency if IO is pending to these vnodes.  Also,
this reduces the number of exclusive locks that are floating around in the system, which helps reduce the
number of deadlocks that occur.

A new kernel option "LOOKUP_SHARED" has been added.  It defaults to off so this patch can be turned on for
testing, and should eventually go away once it is proven to be stable.  I have personally been running this
patch for over a year now, so it is believed to be fully stable.

Reviewed by:	jake, obrien
Approved by:	jake
2002-03-12 04:00:11 +00:00
Poul-Henning Kamp
036d25994c Add the GEOM option. 2002-03-11 08:06:24 +00:00
Bruce Evans
1e92845e1b Garbage-collect options ACPI_NO_ENABLE_ON_BOOT, AML_DEBUG, BLEED,
DEVICE_SYSCTLS, KEY, LOUTB, NFS_MUIDHASHSIZ, NFS_UIDHASHSIZ, PCI_QUIET
and SIMPLELOCK_DEBUG.
2002-02-15 13:16:11 +00:00
Andrew Gallatin
0483b1a8f2 Enable polling to be configured into kernels on non i386 platforms. Note that
poll_in_trap is only implemented on i386.  I've tested this on alpha.

Approved by: luigi
2002-02-12 00:26:06 +00:00
Warner Losh
7a852c22ce Make PCI_ALLOW_UNSUPPORTED_IO_RANGE an option until the ISA address
problem is fixed at the bridge level.  This is needed for some newer
laptops that have the cardbus bridge not on pci0.
2002-01-15 06:46:59 +00:00
Mitsuru IWASAKI
c573e654b7 Add OS layer ACPI mutex and threading support.
- Temporary fix a bug of Intel ACPI CA core code.
 - Add OS layer ACPI mutex support.  This can be disabled by
   specifying option ACPI_NO_SEMAPHORES.
 - Add ACPI threading support.  Now that we have a dedicate taskqueue for
   ACPI tasks and more ACPI task threads can be created by specifying option
   ACPI_MAX_THREADS.
 - Change acpi_EvaluateIntoBuffer() behavior slightly to reuse given
   caller's buffer unless AE_BUFFER_OVERFLOW occurs.  Also CM battery's
   evaluations were changed to use acpi_EvaluateIntoBuffer().
 - Add new utility function acpi_ConvertBufferToInteger().
 - Add simple locking for CM battery and temperature updating.
 - Fix a minor problem on EC locking.
 - Make the thermal zone polling rate to be changeable.
 - Change minor things on AcpiOsSignal(); in ACPI_SIGNAL_FATAL case,
   entering Debugger is easier to investigate the problem rather than panic.
2001-12-22 16:05:41 +00:00
Thomas Moestl
c93d0240c3 Move the PCI_ENABLE_IO_MODES option from conf/options.i386 to
conf/options.
2001-12-21 21:46:55 +00:00
John Baldwin
2ffc1262b0 Axe NFS_NOSERVER since it doesn't do anything anymore. Remove NFSSERVER
from your config file instead.
2001-11-15 16:03:24 +00:00
Paul Saab
cbc89bfbfe Make MAXTSIZ, DFLDSIZ, MAXDSIZ, DFLSSIZ, MAXSSIZ, SGROWSIZ loader
tunable.

Reviewed by:	peter
MFC after:	2 weeks
2001-10-10 23:06:54 +00:00
Ian Dowse
9b04180c2c Add an option ED_NO_MIIBUS, which causes the `ed' driver to be
built without support for miibus PHYs. Most ed cards don't need
miibus support, so it's useful to be able to avoid the bloat of
all the mii devices for small fixed-purpose kernels.
2001-09-29 22:32:03 +00:00
Brooks Davis
c2eed10556 Add ng_ip_input. A new netgraph node for queuing IP packets into the
main IP input processing code.
2001-09-27 21:54:27 +00:00
Brooks Davis
94408d94c3 /home/brooks/ng_gif.message 2001-09-26 23:50:17 +00:00
Peter Wemm
eb25edbda3 Cleanup and split of nfs client and server code.
This builds on the top of several repo-copies.
2001-09-18 23:32:09 +00:00
John Baldwin
1432aa0c5e Add a new kernel option RESTARTABLE_PANICS. If this option is present,
then one can restart from a panic by resetting the panicstr variable to
NULL.  This commit conditionalizes the previously committed functionality
on this variable.  It also removes the __dead2 attribute from the panic()
function so that when one continues from a panic() the behavior will
be predictable.
2001-08-23 20:32:21 +00:00
Matthew Dillon
2f9e4e8025 Limit the amount of KVM reserved for the buffer cache and for swap-meta
information.  The default limits only effect machines with > 1GB of ram
and can be overriden with two new kernel conf variables VM_SWZONE_SIZE_MAX
and VM_BCACHE_SIZE_MAX, or with loader variables kern.maxswzone and
kern.maxbcache.  This has the effect of leaving more KVM available for
sizing NMBCLUSTERS and 'maxusers' and should avoid tripups where a sysad
adds memory to a machine and then sees the kernel panic on boot due to
running out of KVM.

Also change the default swap-meta auto-sizing calculation to allocate half
of what it was previously allocating.  The prior defaults were way too high.
Note that we cannot afford to run out of swap-meta structures so we still
stay somewhat conservative here.
2001-08-20 00:41:12 +00:00
Peter Wemm
61a4237001 Sigh. ufs_lookup() calls ffs_snapgone(), meaning that 'options EXT2FS'
without 'options FFS' would fail to link.
2001-08-18 03:08:48 +00:00
Peter Wemm
f74654de47 Move MAXUSERS out of opt_param.h to make sure that other code doesn't
use it rather than the tunable version.
2001-07-26 23:05:35 +00:00
Brooks Davis
4d60fee22b Allow ng_split to be compiled in staticly.
MFC after:	7 weeks
2001-07-25 00:15:02 +00:00
Jim Pirzyk
5ecfb8f922 Put a knob in the kernel config files to tweak the user max stack size.
PR:		kern/28925
Reviewed by:	bakul@bitblocks.com and tlambert2@mindspring.com on -arch.
MFC after:	1 week
2001-07-20 20:26:34 +00:00
Ian Dowse
9b5ad47fb7 Bring in dirhash, a simple hash-based lookup optimisation for large
directories. When enabled via "options UFS_DIRHASH", in-core hash
arrays are maintained for large directories. These allow all
directory operations to take place quickly instead of requiring
long linear searches. For now anyway, dirhash is not enabled by
default.

The in-core hash arrays have a memory requirement that is approximately
half the size of the size of the on-disk directory file. A number
of new sysctl variables allow control over which directories get
hashed and over the maximum amount of memory that dirhash will use:

  vfs.ufs.dirhash_minsize
    The minimum on-disk directory size for which hashing should be
    used. The default is 2560 (2.5k).

  vfs.ufs.dirhash_maxmem
    The system-wide maximum total memory to be used by dirhash data
    structures. The default is 2097152 (2MB).

The current amount of memory being used by dirhash is visible
through the read-only sysctl variable vfs.ufs.dirhash_maxmem.
Finally, some extra sanity checks that are enabled by default, but
which may have an impact on performance, can be disabled by setting
vfs.ufs.dirhash_docheck to 0.

Discussed on: -fs, -hackers
2001-07-10 21:21:29 +00:00
Dima Dorfman
4718c85a24 Fill paragraphs after previous commit. 2001-07-08 01:04:10 +00:00
Dima Dorfman
86bbbaba40 Note that options should be listed in NOTES, not LINT, although LINT
is generated from NOTES.  Also correct a bogus path;
<machine>/conf/options.<machine> doesn't exist.
2001-07-08 01:02:37 +00:00
Matt Jacob
b29f9e40f5 A slightly more complete change to timeouts:
1. Add SA_IO_TIMEOUT as an option (4 minutes default) to cover reads,
writes, wfm, test unit ready.

2. Add internal SCSIOP_TIMEOUT (e.g., for mode sense) at 1 minute. This
should not require an option, but is cleaner to parameterize.

MFC after:	1 week
2001-07-02 17:48:59 +00:00
Matt Jacob
d73ce75615 Add CAM_NEW_TRAN_CODE as an option (to be included in opt_cam.h). 2001-06-24 18:15:58 +00:00
Dag-Erling Smørgrav
36b2d3b7be Add a PSEUDOFS option to allow pseudofs to be built statically. 2001-06-11 10:58:07 +00:00
Dirk Froemberg
11151a5b42 Fix typo (opt_acc.h -> opt_aac.h) for AAC_COMPAT_LINUX. 2001-06-01 22:39:50 +00:00
Kris Kennaway
64dddc1872 Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets.
This closes a minor information leak which allows a remote observer to
determine the rate at which the machine is generating packets, since the
default behaviour is to increment a counter for each packet sent.

Reviewed by:    -net
Obtained from:  OpenBSD
2001-06-01 10:02:28 +00:00
Poul-Henning Kamp
49b07961a9 Remove MFS from configs idea of the world. 2001-05-29 18:49:46 +00:00
John Baldwin
ba83773edc Add a new kernel option 'BLEED' to be used for code that is still under
development but is being developed in the tree for whatever reason.

Not objected to by:     peter, jlemon
2001-05-24 17:01:51 +00:00
Peter Wemm
6aa0a2e57a Remove DEV_SNP -> opt_snp.h
Forgotten by:  dd
2001-05-24 06:24:06 +00:00
Ruslan Ermilov
99d300a1ec - FDESC, FIFO, NULL, PORTAL, PROC, UMAP and UNION file
systems were repo-copied from sys/miscfs to sys/fs.

- Renamed the following file systems and their modules:
  fdesc -> fdescfs, portal -> portalfs, union -> unionfs.

- Renamed corresponding kernel options:
  FDESC -> FDESCFS, PORTAL -> PORTALFS, UNION -> UNIONFS.

- Install header files for the above file systems.

- Removed bogus -I${.CURDIR}/../../sys CFLAGS from userland
  Makefiles.
2001-05-23 09:42:29 +00:00
Ruslan Ermilov
0a13f04ebe Hide UNION in opt_dontuse.h (see vfs_syscalls.c,v 1.109). 2001-05-22 08:32:13 +00:00
Poul-Henning Kamp
ab9f3b292e Convert DEVFS from an "opt-in" to an "opt-out" option.
If for some reason DEVFS is undesired, the "NODEVFS" option is
needed now.

Pending any significant issues, DEVFS will be made mandatory in
-current on july 1st so that we can start reaping the full
benefits of having it.
2001-05-13 20:52:40 +00:00
Jesper Skriver
d1745f454d Say goodbye to TCP_COMPAT_42
Reviewed by:	wollman
Requested by:	wollman
2001-04-20 11:58:56 +00:00
Alfred Perlstein
7bbd138e2f Make SOMAXCONN a kernel option.
Submitted by: Terry Lambert <terry@lambert.org>
2001-04-13 03:50:37 +00:00
Robert Watson
0b5438c6d1 o Introduce "options REGRESSION", a kernel option which enables
interfaces and functionality intended for use during correctness and
  regression testing.  Features enabled by "options REGRESSION" may
  in and of themselves introduce security or correctness problems if
  used improperly, and so are not intended for use in production
  systems, only in testing environments.

Obtained from:	TrustedBSD Project
2001-04-11 19:29:24 +00:00
Boris Popov
6f2d8adb12 Add function prototypes and base module for kernel side iconv library.
Add simple "xlat" converter which performs 8to8 table based conversion.
Unicode converter will be added in the near future.

Reviewed by:			silence on arch@
Files placement reviewed by:	bde
Obtained from:			smbfs
2001-04-09 09:39:29 +00:00
Robert Watson
a70f27470f Introduce support for POSIX.1e ACLs on UFS-based file systems. This
implementation is still experimental, and while fairly broadly tested,
is not yet intended for production use.  Support for POSIX.1e ACLs on
UFS will not be MFC'd to RELENG_4.

This implementation works by providing implementations of VOP_[GS]ETACL()
for FFS, as well as modifying the appropriate access control and file
creation routines.  In this implementation, ACLs are backed into extended
attributes; the base ACL (owner, group, other) permissions remain in the
inode for performance and compatibility reasons, so only the extended and
default ACLs are placed in extended attributes.  The logic for ACL
evaluation is provided by the fs-independent kern/kern_acl.c.

o Introduce UFS_ACL, a compile-time configuration option that enables
  support for ACLs on FFS (and potentially other UFS-based file systems).
o Introduce ufs_getacl(), ufs_setacl(), ufs_aclcheck(), which
  respectively get, set, and check the ACLs on the passed vnode.
o Introduce ufs_sync_acl_from_inode(), ufs_sync_inode_from_acl() to
  maintain access control information between inode permissions and
  extended attribute data.
o Modify ufs_access() to load a file access ACL and invoke
  vaccess_acl_posix1e() if ACLs are available on the file system
o Modify ufs_mkdir() and ufs_makeinode() to associate ACLs with newly
  created directories and files, inheriting from the parent directory's
  default ACL.
o Enable these new vnode operations and conditionally compiled code
  paths if UFS_ACL is defined.

A few notes:

o This implementation is fairly widely tested, but still should be
  considered experimental.
o Currently, ACLs are not exported via NFS, instead, the summarizing
  file mode/etc from the inode is.  This results in conservative
  protection behavior, similar to the behavior of ACL-nonaware programs
  acting locally.
o It is possible that underlying binary data formats associated with
  this implementation may change.  Consumers of the implementation
  should expect to find their local configuration obsoleted in the
  next few months, resulting in possible loss of ACL data during an
  upgrade.
o The extended attributes interface and implementation is still
  undergoing modification to address portable interface concerns, as
  well as performance.
o Many applications do not yet correctly handle ACLs.  In general,
  due to the POSIX.1e ACL model, behavior of ACL-unaware applications
  will be conservative with respects to file protection; some caution
  is recommended.
o Instructions for configuring and maintaining ACLs on UFS will be
  committed in the near future; in the mean time it is possible to
  reference the README included in the last UFS ACL distribution
  placed in the TrustedBSD web site:

      http://www.TrustedBSD.org/downloads/

Substantial debugging, hardware, travel, or connectivity support for this
project was provided by: BSDi, Safeport Network Services, and NAI Labs.
Significant coding contributions were made by Chris Faulhaber.  Additional
support was provided by Brian Feldman, Thomas Moestl, and Ilmar Habibulin.

Reviewed by:	jedgar, keichii, mckusick, trustedbsd-discuss, freebsd-fs
Obtained from:	TrustedBSD Project
2001-03-26 17:53:19 +00:00
Scott Long
9fcfed22e2 Allow AAC_COMPAT_LINUX to be used when compiling aac support into the kernel.
Requires that COMPAT_LINUX also be set.
2001-03-22 21:34:18 +00:00
Dag-Erling Smørgrav
11b876c98e Axe TCP_RESTRICT_RST. It was never a particularly good idea except for a few
very specific scenarios, and now that we have had net.inet.tcp.blackhole for
quite some time there is really no reason to use it any more.

(first of three commits)
2001-03-19 22:03:11 +00:00
Robert Watson
516081f288 o Change options FFS_EXTATTR and options FFS_EXTATTR_AUTOSTART to
options UFS_EXTATTR and UFS_EXTATTR_AUTOSTART respectively.  This change
  reflects the fact that our EA support is implemented entirely at the
  UFS layer (modulo FFS start/stop/autostart hooks for mount and unmount
  events).  This also better reflects the fact that [shortly] MFS will also
  support EAs, as well as possibly IFS.

o Consumers of the EA support in FFS are reminded that as a result, they
  must change kernel config files to reflect the new option names.

Obtained from:	TrustedBSD Project
2001-03-19 04:35:40 +00:00
Justin T. Gibbs
acf1b64c89 Add the AAC_DEBUG option to enable debugging in the aac driver.
Reviewed by:	msmith
2001-03-17 00:09:47 +00:00
Søren Schmidt
2186ce6742 Hmm, the last commit apparently only made it halfways 2001-03-15 16:43:55 +00:00
Søren Schmidt
364a86d049 Remove the ATA_ENABLE_ATAPI_DMA, ATA_ENABLE_WC and ATA_ENABLE_TAGS
options, use the tuneables listed in ata.4 instead.
2001-03-15 15:37:26 +00:00
Robert Watson
f5161237ad o Implement "options FFS_EXTATTR_AUTOSTART", which depends on
"options FFS_EXTATTR".  When extended attribute auto-starting
  is enabled, FFS will scan the .attribute directory off of the
  root of each file system, as it is mounted.  If .attribute
  exists, EA support will be started for the file system.  If
  there are files in the directory, FFS will attempt to start
  them as attribute backing files for attributes baring the same
  name.  All attributes are started before access to the file
  system is permitted, so this permits race-free enabling of
  attributes.  For attributes backing support for security
  features, such as ACLs, MAC, Capabilities, this is vital, as
  it prevents the file system attributes from getting out of
  sync as a result of file system operations between mount-time
  and the enabling of the extended attribute.  The userland
  extattrctl tool will still function exactly as previously.
  Files must be placed directly in .attribute, which must be
  directly off of the file system root: symbolic links are
  not permitted.  FFS_EXTATTR will continue to be able
  to function without FFS_EXTATTR_AUTOSTART for sites that do not
  want/require auto-starting.  If you're using the UFS_ACL code
  available from www.TrustedBSD.org, using FFS_EXTATTR_AUTOSTART
  is recommended.

o This support is implemented by adding an invocation of
  ufs_extattr_autostart() to ffs_mountfs().  In addition,
  several new supporting calls are introduced in
  ufs_extattr.c:

    ufs_extattr_autostart(): start EAs on the specified mount
    ufs_extattr_lookup(): given a directory and filename,
                          return the vnode for the file.
    ufs_extattr_enable_with_open(): invoke ufs_extattr_enable()
                          after doing the equililent of vn_open()
                          on the passed file.
    ufs_extattr_iterate_directory(): iterate over a directory,
                          invoking ufs_extattr_lookup() and
                          ufs_extattr_enable_with_open() on each
                          entry.

o This feature is not widely tested, and therefore may contain
  bugs, caution is advised.  Several changes are in the pipeline
  for this feature, including breaking out of EA namespaces into
  subdirectories of .attribute (this is waiting on the updated
  EA API), as well as a per-filesystem flag indicating whether
  or not EAs should be auto-started.  This is required because
  administrators may not want .attribute auto-started on all
  file systems, especially if non-administrators have write access
  to the root of a file system.

Obtained from:	TrustedBSD Project
2001-03-14 05:32:31 +00:00
Poul-Henning Kamp
e10469fef8 Make md(4) and mdconfig(8) take over the role of vn(4) and vnconfig(8)
entirely as previously advertised.

md(4) adopted all assets of vn(4) some time back and has proper devfs
support and cloning abilities to boot.
2001-03-09 20:09:28 +00:00
Dag-Erling Smørgrav
dc765d223d Add the LINPROCFS option.
Forgotten by:	peter
2001-03-01 23:13:12 +00:00
John Baldwin
34b15f2a20 Add back in INVARIANT_SUPPORT and expand the comments in NOTES about it
to include the reasoning Eivind justifiably thwapped me over the head with.
2001-02-24 19:03:18 +00:00
Boris Popov
d8589bd5cb Introduce API for sequential reads/writes (build/dissect) of mbuf chains.
Reviewed by:	Ian Dowse <iedowse@maths.tcd.ie>,
		Bosko Milekic <bmilekic@technokratis.com>,
		Julian Elischer <julian@elischer.org> and arch@/net@
Obtained from:	smbfs
2001-02-24 15:44:30 +00:00
John Baldwin
ad7f236572 Now that zerror() and SPLASSERT() have been laid to rest, INVARIANT_SUPPORT
is no longer needed.  R.I.P.
2001-02-22 10:03:05 +00:00
Peter Wemm
bcf77694d1 Clean up some leftovers from the root mount cleanup that was done some
time ago.  FFS_ROOT and CD9660_ROOT are obsolete.
2001-02-04 15:35:10 +00:00
Peter Wemm
0adb9b96bd Add hpfs and the config glue for it. It was being skipped from test
coverage.
2001-01-31 05:33:23 +00:00
Søren Schmidt
6fe4e0a915 Add option ATA_ENABLE_WC for enabling write caching (now off by default). 2001-01-29 18:00:35 +00:00
Peter Wemm
5bb5f2c942 Supply a stub bpf_validate() (always returning false - the script is not
valid) if BPF is missing.
The netgraph_bpf node forced bpf to be present, reflect that in the
options.
Stop doing a 'count bpf' - we provide stubs.
Since a handful of drivers still refer to "bpf.h", provide a more accurate
indication that the API is present always. (eg: netinet6)
2001-01-29 13:26:14 +00:00
Peter Wemm
f444a0efe9 Convert mca (microchannel bus support) from something that we count
(bogus) to something that we test for the presence of.
2001-01-29 11:57:27 +00:00