ifconfig, essentially stealing the lease until the user goes and changes
it. The alternative, sadly, is total dysfunction since bpf isn't in
GENERIC and network connectivity would otherwise fail completely on first
bootup when DHCP configuration was attempted again.
The ultimate answer here is to make either bpf a loadable kernel module
(which security conscious admins will be able to simply remove from /modules)
or come up with a lighter weight mechanism just for dhcp and other apps that
need to see broadcast packets but not otherwise sniff the wire in full
bpf glory.
Restore default SIGHUP, SIGCHLD and SIGALRM handlers in forked inetd
processes. This happens to work around the fact that hosts_access()
doesn't (but should) set SIG_IGN as the handler for SIGCHLD while it
handles the spawn option, but it would make sense even if that were
not true.
This does not address the leaking descriptors issue discussed on the
same PR.
PR: 12731
Reviewed by: des
Submitted by: David Malone <dwmalone@maths.tcd.ie>
in some code from C. Stone to parse the lease information. This is still
a WIP and this commit is largely intended to allow others to sync up; the
dhclient code still only works when doing dhcp configuration post-install
and requires a bit more work on the boot floppy before it will truly
work in the minimal bootstrapping role.
incarnated, it just matches other deficiencies related to crunchgen
and friends... and we already have similar code in ppp/Makefile.
RELEASE_CRUNCH should be axed, but for now let's be consistent.
Submitted by: Patrick Powell <papowell@astart.com>
track.
The Id line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;
.\" $Id$
.\"
If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.
Approved by: bde
userland code. Using apmd.conf, the apmd(8) configuration file, you
can select the APM events to be handled from userland and specify the
commands for a given event, allowing APM behaviour to be configured
flexibly.
Have Fun!
Submitted by: iwasaki, KOIE Hidetaka <hide@koie.org>
Reviewed by: -hackers, -mobile and bsd-nomads ML folks.
Contributed by: Warner Losh <imp@FreeBSD.org>,
Hiroshi Yamashita <bluemoon@msj.biglobe.ne.jp>,
Yoshihiko SARUMARU <mistral@imasy.or.jp>,
Norihiro Kumagai <kuma@nk.rim.or.jp>,
NAKAGAWA Yoshihisa <nakagawa@jp.FreeBSD.org>, and
Nick Hilliard <nick@foobar.org>.
service. Inetd already uses the process title to indicate that a request
for an internal service is being serviced, so this addition is fairly
orthogonal.
Submitted by: David Malone <dwmalone@maths.tcd.ie>
gigabit ethernet adapters. This includes two single port cards
(single mode and multimode fiber) and two dual port cards (also single
mode and multimode fiber). SysKonnect is currently the only
vendor with a dual port gigabit ethernet NIC.
The ports on dual port adapters are treated as separate network
interfaces. Thus, if you have an SK-9844 dual port SX card, you
should have both sk0 and sk1 interfaces attached. Dual port cards
are implemented using two XMAC II chips connected to a single
SysKonnect GEnesis controller. Hence, dual port cards are really
one PCI device, as opposed to two separate PCI devices connected
through a PCI to PCI bridge. Note that SysKonnect's drivers use
the two ports for failover purposes rather that as two separate
interfaces, plus they don't support jumbo frames. This applies to
their Linux driver too. :)
Support is provided for hardware multicast filtering, BPF and
jumbo frames. The SysKonnect cards support TCP checksum offload
however this feature is not currently enabled (hopefully it will
be once we get checksum offload support).
There are still a few things that need to be implemeted, like
the ability to communicate with the on-board LM80 voltage/temperature
monitor, but I wanted to get the driver under CVS control and into
-current so people could bang on it.
A big thanks for SysKonnect for making all their programming info
for these cards (and for their FDDI and token ring cards) available
without NDA (see www.syskonnect.com).
Grammar and Spelling Reviewed by: mpp
While mpp kindly checked grammar and spelling, any technical errors
remaining in the man pages are entirely of mine.
internal services in inetd.conf .
The inetd(8) manpage used to say that the official name of a service
_must_ be used, yet inetd itself was hardcoded to used a service alias for
the auth service, namely ident!
Rather than change inetd.conf and break existing configurations on next
upgrade, we now allow service aliases as well as official names. This
allows the software to work as expected and still support existing
configurations.
This should not breaking existing wrapped configurations either and the
inetd(8) manpage already states that it is the service name specified in
inetd.conf that is used for calls to hosts_access(3).
PR: 11796
Reported by: Alex Charalabidis <alex@wnm.net>
Approved by: des
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.
Change etc/defaults/rc.conf so as to encourage wrapping on new systems.
Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.
Approved by: jkh
secure permissions in case the user attempts to save something to
a file of his own.
Move umask stuff out of pw_init() into main() for better visibility
of overall umask tweaking logic.
PR: misc/11797
expect-send-expect sequence, finish gracefully, don't core dump.
This bug has been there for over a year - I could never reproduce it !
Straw provided by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
o getopt returns -1 rather than EOF on errors
o getopt returns '?' for characters it doesn't know about, so
don't include them in the getopt options string.
1) Handle forking and non-forking internal services correctly.
Turn on wrapping for internal services because it works now.
2) Preserve server names for each service on HUP.
3) Honour hosts_options(5) severity option.
4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers
usage and limitations.
This change may cause previously allowed builtin services (e.g. daytime)
to be denied in existing configurations.
PR: 12097
Reviewed by: markm
1)
Reported by: Pierre Beyssac <pb@fasterix.freenix.org>
2)
Submitted by: Masachika ISHIZUKA <ishizuka@ish.org>
3)
Submitted by: David Malone <dwmalone@maths.tcd.ie>
mode by padding out the ``struct device'' to the maximum
device size.
Bump the ppp version number to indicate the transfer format
change.
This should make MP over tty and udp devices functional again.
sizeof(ifr->ifr_addr) for the variable length field ifr->ifr_addr.sa_len.
Otherwise the increment will be wrong in certain cases.
Obtained from: Whistle source tree
For the record: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> suggests
SIOCGIFCONF should be dropped in favor of a sysctl mechanism.
sizeof(ifr->ifr_addr) for the variable length field ifr->ifr_addr.sa_len.
Otherwise the increment will be wrong in certain cases.
Obtained from: Whistle source tree
For the record: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> suggests
SIOCGIFCONF should be dropped in favor of a sysctl mechanism.
having different speed links in a bundle. This would manifest itself
by having the link occasionally hang, but revive when a new connection
is made....
Make ``show mp'' a bit prettier.
o Show more information about missing MP fragments in ``show mp''.
o Do away with mbuf_Log(). It was showing mbuf stats twice on
receipt of LCP/CCP/IPCP packets.... ???!!?
o Pre-allocate a bit extra when creating LQR packets to avoid having
to allocate another mbuf in mbuf_Prepend().
- Mention that the 6Mbps turbo adapters are supported in HARDWARE.TXT
and RELNOTES.TXT and the wi.4 man page
- Mention turbo adapters in the wicontrol.8 man page and provide a
complete table of available transmit speed settings
ADMtek AL981 "Comet" chipset. The AL981 is yet another DEC tulip clone,
except with simpler receive filter options. The AL981 has a built-in
transceiver, power management support, wake on LAN and flow control.
This chip performs extremely well; it's on par with the ASIX chipset
in terms of speed, which is pretty good (it can do 11.5MB/sec with TCP
easily).
I would have committed this driver sooner, except I ran into one problem
with the AL981 that required a workaround. When the chip is transmitting
at full speed, it will sometimes wedge if you queue a series of packets
that wrap from the end of the transmit descriptor list back to the
beginning. I can't explain why this happens, and none of the other tulip
clones behave this way. The workaround this is to just watch for the end
of the transmit ring and make sure that al_start() breaks out of its
packet queuing loop and waiting until the current batch of transmissions
completes before wrapping back to the start of the ring. Fortunately, this
does not significantly impact transmit performance.
This is one of those things that takes weeks of analysis just to come
up with two or three lines of code changes.
on CDs and FTP sites.
o Collapse some redundant code.
o Fix typo'd menu.
o Restrict searches properly to packages rather than categories.
o Small tweaks to signal handling.
All RELENG_3 candidates.
being the same as the previous (still supported) ``host:port''
syntax for tcp socket devices.
A udp device uses synchronous ppp rather than async, and avoids
the double-retransmit overhead that comes with ppp over tcp (it's
usually a bad idea to transport IP over a reliable transport that
itself is using an unreliable transport). PPP over UDP provides
througput of ** 1.5Mb per second ** with all compression disabled,
maxing out a PPro/200 when running ppp twice, back-to-back.
This proves that PPPoE is plausable in userland....
This change adds a few more handler functions to struct device and
allows derivations of struct device (which may contain their own
data etc) to pass themselves through the unix domain socket for MP.
** At last **, struct physical has lost all the tty crud !
iov2physical() is now smart enough to restore the correct stack of
layers so that MP servers will work again.
The version number has bumped as our MP link transfer contents have
changed (they now may contain a `struct device').
Don't extract the protocol twice in MP mode (resulting in protocol
rejects for every MP packet). This was broken with my original
layering changes.
Add ``Physical'' and ``Sync'' log levels for logging the relevent
raw packets and add protocol-tracking LogDEBUG stuff in various
LayerPush & LayerPull functions.
Assign our physical device name for incoming tcp connections by
calling getpeername().
Assign our physical device name for incoming udp connections from
the address retrieved by the first recvfrom().
I simply forgot that I'd already proven this to be a "really good idea that
unfortunately didn't work at all" the *last* time I tried it. Now
I remember. Hmmm. I WILL defeat this evil problem.
'makeoptions KERNEL=kernelname'. Warn about any trailing stuff as it's
not handled here. This is a simple bandaid, hopefully to head off some
complaints from certain people.
header in fsm_Input() we often end up with a NULL mbuf.
Deal with a possible NULL mbuf being passed into
mbuf_Prepend().
Adjust some spacing to make things more consistent.
the layering.
We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.
Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.
o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.
power management. This will only work on newer firmware revisions; older
firmware will silently ignore the attempts to turn power management on.
Patches supplied by: Brad Karp <karp@eecs.harvard.edu>
WaveLAN's radio modem. The default is whatever the NIC uses since NICs
sold in different countries may default to different frequencies. (The
Lose95/LoseNT software doesn't let you select the channel so it's probably
not really meant to be changed.)
adapter (and some workalikes). Also add man pages and a wicontrol
utility to manipulate some of the card parameters.
This driver was written using information gleaned from the Lucent HCF Light
library, though it does not use any of the HCF Light code itself, mainly
because it's contaminated by the GPL (but also because it's pretty gross).
The HCF Light lacks certain featurs from the full (but proprietary) HCF
library, including 802.11 frame encapsulation support, however it has
just enough register information about the Hermes chip to allow someone
with enough spare time and energy to implement a proper driver. (I would
have prefered getting my hands on the Hermes manual, but that's proprietary
too. For those who are wondering, the Linux driver uses the proprietary
HCF library, but it's provided in object code form only.)
Note that I do not have access to a WavePOINT access point, so I have
only been able to test ad-hoc mode. The wicontrol utility can turn on
BSS mode, but I don't know for certain that the NIC will associate with
an access point correctly. Testers are encouraged to send their results
to me so that I can find out if I screwed up or not.
Obtained from: PAO (written in Japanese)
Reviewed by: bsd-nomads@clave.gr.jpfreebsd-mobile@freebsd.org
Randy Bush <randy@psg.com>
Bill Trost <trost@grey.cloud.rain.com>
Bruce Campbell <bc@apnic.net>
This really fixes the condition where a child creates children of its own.
I'm leaving the previous sanity tests in though, since they shouldn't hurt,
and will give an indication if this ever happens again.
try to fork() a child of its own, which could result in several children
ypservs running at once. I'm still not sure exactly what leads to this
condition, but these fixes should stop it from causing trouble. A new
function, yp_fork() checks to see if the current process is already a
child of the parent ypserv, and returns failure (and logs an error message)
rather than spawning another child.
Enable MS-CHAP support.
release/Makefile:
Build a separate NOCRYPT version of pppd, to keep This Great
Nation's top-secret cryptographic tools out of the filthy hands
of those evil furriners.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
feature of packages now so that no version info is embedded.
o Add a default X desktop menu offering afterstep, enlightenment, KDE, GNOME
and Windowmaker desktops instead of the boring twm(1) based one if the
user so chooses. This will require a little testing.
However, it doesn't check if the remote printer name it
is sending it to is the same as the local printer name,
and so chokes 'cos "laser" is not a real printer.
PR: 7081
Submitted by: David Malone <dwmalone@maths.tcd.ie>
device per argument rather than the old way of concatenating
everything then splitting the result at commas and whitespace.
Old syntax of ``set device /dev/cuaa0, /dev/cuaa1''
may no longer contain the comma, but syntax such as
``set device "!ssh host ppp -direct label"'' is now
possible.
- make this work: options FOO123=456 *without quotes*
- grumble (but accept) vector xxxintr, and tty/net/bio/cam flags.
- complain if a device is specified twice (eg: 2 x psm0)
- don't require quotes around: port IO_COM2
- recognize negative numbers. (ie: options CAM_DEBUG_UNIT=-1)
- GC some more unused stuff (we don't have composite disks from config(8)).
- various other nits (snprintf paranoia etc)
receiver and one for the sender. This allows two simultaneous
chap conversations - something that I *thought* I was already
doing on a daily basis myself until the existence of the
problem was
Beaten into me by: sos
I zapped the MACHINE_MIPS stuff, it isn't likely to be useful apart from
recognition of the machine name. It would be reasonable to expect new
ports would look something like the alpha/i386 from a config perspective.
only worked for configurations with "swap on generic".
usr.sbin/config/config.y:
- ignore all "swap [on] device ...' specifications except for
warning about them. They haven't done anything related to swap
for almost 4 years, and were previously silently ignored,
except for "swap on generic" which stopped swap${KERNEL}.c
from being generated. Code to support swapping is now deader
than before.
usr.sbin/config/mkswapconf.c:
- don't generate a dummy setconf() function in swap${KERNEL}.c.
sys/i386/conf/files.i386:
- swapgeneric.c is now standard. It should be merged into autoconf.c
so that it doesn't conflict with swap${KERNEL}.c for kernels named
"generic".
sys/i386/i386/autoconf.c:
- don't call setroot() for mfs roots. Since setroot() doesn't do anything
harmful, this was just a waste of time, except possibly for booting with
-a it may have helped prevent an undesireable call to setconf() by
finding a bogus rootdev.
- honor -a for ffs roots. -a now overrides all other ways of specifying
the root device. Previously, -r had precedence over -a, and the -a
handling was usually a no-op.
- don't honor -a for non-ffs roots, since it would currently just get in
the way of a clean panic.
sys/i386/i386/swapgeneric.c:
- don't declare things that are now always declared in swap${KERNEL}.c.
Don't decide things that are now decided in autoconf.c. Code to
support the "generic" case is now dead instead of useless.
with our own if there are differing bits (last two revisions
of lcp.c). This change broke at least one negotiation
session.
Instead, we just use an OR of the two accmap values when
we're doing the ASYNC framing.
Requested-by: ache
bde
dg
Modify targets for debug kernels: when -g was specified, make will
now build a debug kernel called kernel.debug, and create a stripped
version called kernel at the same time. The two targets install and
install.debug are otherwise unchanged.
Requested-by: dillon
Update man page accordingly.
2. Config complains if you use -g:
Debugging is enabled by default, there is no ned to specify the -g option
3. Config warns you if you don't use -s:
Building kernel with full debugging symbols. Do
"config -s BSD" for historic partial symbolic support.
To install the debugging kernel, do make install.debug
(BSD was the name of the config file I used; I print out the same
name).
4. Modify Makefile.i386, Makefile.alpha, Makefile.pc98 and config to
work if a kernel name other than 'kernel' is specified. This is
not absolutely necessary, but useful, and it was relatively easy.
I now have a kernel called /crapshit :-)
5. Modify Makefile.i386, Makefile.alpha, Makefile.pc98 "clean" target
to remove both the debug and normal kernel.
6. Modify all to install the stripped kernel by default and the debug
kernel if you enter "make install.debug".
7. Update version number of Makefiles and config.
2. Config complains if you use -g:
Debugging is enabled by default, there is no ned to specify the -g option
3. Config warns you if you don't use -s:
Building kernel with full debugging symbols. Do
"config -s BSD" for historic partial symbolic support.
To install the debugging kernel, do make install.debug
(BSD was the name of the config file I used; I print out the same
name).
4. Modify Makefile.i386, Makefile.alpha, Makefile.pc98 and config to
work if a kernel name other than 'kernel' is specified. This is
not absolutely necessary, but useful, and it was relatively easy.
I now have a kernel called /crapshit :-)
5. Modify Makefile.i386, Makefile.alpha, Makefile.pc98 "clean" target
to remove both the debug and normal kernel.
6. Modify all to install the stripped kernel by default and the debug
kernel if you enter "make install.debug".
7. Update version number of Makefiles and config.
Networks Tigon 1 and Tigon 2 chipsets. There are a _lot_ of OEM'ed
gigabit ethernet adapters out there which use the Alteon chipset so
this driver covers a fair amount of hardware. I know that it works with
the Alteon AceNIC, 3Com 3c985 and Netgear GA620, however it should also
work with the DEC/Compaq EtherWORKS 1000, Silicon Graphics Gigabit
ethernet board, NEC Gigabit Ethernet board and maybe even the IBM and
and Sun boards. The Netgear board is the cheapest (~$350US) but still
yields fairly good performance.
Support is provided for jumbo frames with all adapters (just set the
MTU to something larger than 1500 bytes), as well as hardware multicast
filtering and vlan tagging (in conjunction with the vlan support in
-current, which I should merge into -stable soon). There are some hooks
for checksum offload support, but they're turned off for now since
FreeBSD doesn't have an officially sanctioned way to support checksum
offloading (yet).
I have not added the 'device ti0' entry to GENERIC since the driver
with all the firmware compiled in is quite large, and it doesn't really
fit into the category of generic hardware.
to now detect that CD you just remembered to put in the drive or that
pccard NIC that you've inserted (anybody can put pccardd in an mfsroot image
now you know.. :)
Requested by: Annelise Anderson <andrsn@andrsn.Stanford.EDU>
which init thoughtfully revoke()'s when starting a getty on ttyv0. This
Cron's popen() was passing these fd's through to cron children (ie:
sendmail, *not* normal cron jobs). The side effects were usually
not noticed, but it tripped up postfix which did a sanity check to see
that stdin/out/err were open, and got EBADF even thought the fd's were
in use. I seem to recall sendmail itself has hacks to work around
this problem, it had a checkfd012() function, possibly for this same
problem. (Postfix has a workaround too now though..)
This is a hack, not a fix. It's probably best to check and perhaps
close/reopen() /dev/console if needed each time around the event loop.
It would probably be useful to actually see any error messages from cron.
with more than one read(). When we detect one, don't
forget to pass it to async_Input() and drop our
terminal back into command mode.
Don't output an extraneous \r if we're passed \r\n
to prompt_vprintf in raw mode.
when recalculating the ip checksum. cp is not guaranteed to
be aligned. It now doesn't matter that cp isn't aligned as
the caller does another mbuf_Alloc() regardless.
need to process a signal (usually a SIGALRM). Check to see
if we need to process a signal both before *and* after calling
select() as older (pre-2.0) versions of ppp used to.
This handles the possibility that ppp may block at some
point (maybe due to an open() of a misconfigured device).
Previously, we'd potentially lock up in select().
The `necessary' marker reduces the increased signal checking
overhead so that at full speed with no compression transferring
an 83Mb file via a ``!ppp -direct'' device, we get a 1%
throughput gain.
ACCMAP being REQuested by the peer, also increment our FSM
id so that we don't end up sending out a new REQ with the
same ID and different data (the changed ACCMAP).
orthogonal to the other entries).
Clean up X selection code a bit.
Choose proper architecture subdirectories on mirror sites now that we've
gone fully to the new multi-arch directory scheme.
The old VN device broke in -4.x when the definition of B_PAGING
changed. This patch fixes this plus implements additional capabilities.
The new VN device can be backed by a file ( as per normal ), or it can
be directly backed by swap.
Due to dependencies in VM include files (on opt_xxx options) the new
vn device cannot be a module yet. This will be fixed in a later commit.
This commit delimitted by tags {PRE,POST}_MATT_VNDEV
before printing it. Terminate when we come to a 0xff byte. This
allows there to be zero or more additional info fields printed
correctly. Before, the old code would print bogons or dump core when
presented with this case.
I don't know what the spec says about this, exactly, but this allows
me to do a dumpcis of my non-ATA AMP 4M FLASH cards w/o pccardc
dumping core.
