35726 Commits

Author SHA1 Message Date
Jim Pirzyk
e22f9477f7 Updated the CPU_DISABLE_CMPXCHG notes to warn users not to also enable
SMP with it.

Requested by:	Lars Eggert <larse@ISI.EDU>
2002-10-16 15:59:07 +00:00
Yoshihiro Takahashi
6f035cebbc MFi386: revision 1.54. 2002-10-16 15:46:53 +00:00
John Baldwin
bf3e55aa2c Many style and whitespace fixes.
Submitted by:	bde (mostly)
2002-10-16 15:45:37 +00:00
Yoshihiro Takahashi
f0e3a2db93 MFi386: revision 1.130. 2002-10-16 15:44:41 +00:00
Mitsuru IWASAKI
93569b6b3a Fix a possible bug about freeing non-malloc'ed pointer.
Suggested by:	jhb (in -current ML)
2002-10-16 15:42:27 +00:00
Yoshihiro Takahashi
6c41dd0705 MFi386: revision 1.181. 2002-10-16 15:18:58 +00:00
John Baldwin
18d9bd8f65 Sort includes a bit.
Submitted by:	bde
2002-10-16 15:14:31 +00:00
Mark Murray
f544a52873 Module-ize the 'core' crypto stuff. This may still need to be compiled
into the kernel by default (if required), but other modules can now
depend() on this.

Fix inter-module dependancy.

Earlier version OK'ed by:	sam
2002-10-16 14:31:34 +00:00
Poul-Henning Kamp
b0a07322f5 Unbreak the PC98/wd(4) driver which I accidentally broke with a previous
commit.  I can fully understand why the PC98 crew desire ata(4) support.

Tested by:	nyan
2002-10-16 13:41:12 +00:00
Robert Drehmel
4bcea0f89c Cast the first argument to bzero() to `void *' after casting it to
`uintptr_t' to pass it as the type bzero() expects.
2002-10-16 11:15:35 +00:00
Poul-Henning Kamp
af045176d1 Properly put macro args in ().
Spotted by:	FlexeLint.
2002-10-16 10:52:15 +00:00
Poul-Henning Kamp
08b29601a0 Be consistent about functions being static.
Spotted by:	FlexeLint
2002-10-16 10:45:53 +00:00
Poul-Henning Kamp
c3053131ca Be consistent about funtions being static.
Spotted by:	FlexeLint
2002-10-16 10:42:13 +00:00
Poul-Henning Kamp
8b7f9bdcdf Put an XXX: comment here to point out a couple of free() issues on
pnp_read_bytes().

Spotted by:	FlexeLint
2002-10-16 10:40:43 +00:00
Poul-Henning Kamp
633eb1fc9e No need to declare M_ISADEV here.
Spotted by:	FlexeLint.
2002-10-16 10:38:48 +00:00
Poul-Henning Kamp
3412120f03 Be consistent about funtions being static.
Spotte by:	FlexeLint.
2002-10-16 10:16:17 +00:00
Poul-Henning Kamp
3899c8a38f Be consistent about functions being static.
Fix misindentation.

Spotted by:	DARPA & NAI Labs.
2002-10-16 10:14:34 +00:00
Poul-Henning Kamp
c7e1894e95 Be consistent about functions being static.
Spotted by:	FlexeLint.
2002-10-16 09:19:17 +00:00
Poul-Henning Kamp
88647b6de5 Be consistent about functions being static.
Properly put macro args in ().

Spotted by:	FlexeLint.
2002-10-16 09:14:59 +00:00
Poul-Henning Kamp
6dbb527e47 Properly put macro args in ().
Spotted by:	FlexeLint.
2002-10-16 09:07:30 +00:00
Poul-Henning Kamp
2c876e15c8 Be consistent about functions being static.
Spotted by:	FlexeLint.
2002-10-16 09:04:52 +00:00
Guido van Rooij
2f591ab8fe Get rid of checking for ip sec history. It is true that packets are not
supposed to be checked by the firewall rules twice. However, because the
various ipsec handlers never call ip_input(), this never happens anyway.

This fixes the situation where a gif tunnel is encrypted with IPsec. In
such a case, after IPsec processing, the unencrypted contents from the
GIF tunnel are fed back to the ipintrq and subsequently handeld by
ip_input(). Yet, since there still is IPSec history attached, the
packets coming out from the gif device are never fed into the filtering
code.
This fix was sent to Itojun, and he pointed towartds
    http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction.
This patch actually implements what is stated there (specifically:
Packet came from tunnel devices (gif(4) and ipip(4)) will still
go through ipf(4). You may need to identify these packets by
using interface name directive in ipf.conf(5).

Reviewed by:	rwatson
MFC after:	3 weeks
2002-10-16 09:01:48 +00:00
Poul-Henning Kamp
c694310048 FIx misindentation.
Spotted by:	FlexeLint.
2002-10-16 09:00:53 +00:00
Poul-Henning Kamp
1eaae5cbe8 Be consistent about functions being static.
Spotted by:	FlexeLint.
2002-10-16 08:57:14 +00:00
Poul-Henning Kamp
031fd299d7 Be consistent about functions being static.
Spotted by:	FlexeLint.
2002-10-16 08:48:39 +00:00
Poul-Henning Kamp
4d8d520f17 Fix misindentation.
Spotted by:	FlexeLint
2002-10-16 08:45:34 +00:00
Poul-Henning Kamp
a917a136ff Rename struct softc to struct mn_softc. 2002-10-16 08:41:38 +00:00
Poul-Henning Kamp
bc9d8a9a37 Fix comments and one resulting code confusion about the type of the
"command" argument to VOP_IOCTL.

Spotted by:	FlexeLint.
2002-10-16 08:04:11 +00:00
Poul-Henning Kamp
fcf549422d Be consistent about functions being static.
Spotted by:	FlexeLint
2002-10-16 08:00:32 +00:00
Poul-Henning Kamp
4cfe209335 A better solution to avoiding variable sized structs in DEVFS. 2002-10-16 07:51:18 +00:00
Poul-Henning Kamp
c122d758ca #include "opt_devfs.h" to protect against variable sized structures.
Spotted by:	FlexeLint
2002-10-16 07:16:47 +00:00
Justin T. Gibbs
ccbe423c8f Never allow memory mapped I/O in PCI-X mode on controllers that
do not support that configuration.  This should fix problems with
embedded 7902 controllers running in PCI-X mode.
2002-10-16 02:59:03 +00:00
Sam Leffler
9b65723081 correct PCB locking in broadcast/multicast case that was exposed by change
to use udp_append

Reviewed by:	hsu
2002-10-16 02:33:28 +00:00
Sam Leffler
b9234fafa0 Tie new "Fast IPsec" code into the build. This involves the usual
configuration stuff as well as conditional code in the IPv4 and IPv6
areas.  Everything is conditional on FAST_IPSEC which is mutually
exclusive with IPSEC (KAME IPsec implmentation).

As noted previously, don't use FAST_IPSEC with INET6 at the moment.

Reviewed by:	KAME, rwatson
Approved by:	silence
Supported by:	Vernier Networks
2002-10-16 02:25:05 +00:00
Sam Leffler
c919ec4b66 add definitions for RIPEMD-160 HMAC and Skipjack encryption algorithms,
for use by "Fast IPsec"
2002-10-16 02:18:56 +00:00
Sam Leffler
88768458d2 "Fast IPsec": this is an experimental IPsec implementation that is derived
from the KAME IPsec implementation, but with heavy borrowing and influence
of openbsd.  A key feature of this implementation is that it uses the kernel
crypto framework to do all crypto work so when h/w crypto support is present
IPsec operation is automatically accelerated.  Otherwise the protocol
implementations are rather differet while the SADB and policy management
code is very similar to KAME (for the moment).

Note that this implementation is enabled with a FAST_IPSEC option.  With this
you get all protocols; i.e. there is no FAST_IPSEC_ESP option.

FAST_IPSEC and IPSEC are mutually exclusive; you cannot build both into a
single system.

This software is well tested with IPv4 but should be considered very
experimental (i.e. do not deploy in production environments).  This software
does NOT currently support IPv6.  In fact do not configure FAST_IPSEC and
INET6 in the same system.

Obtained from:	KAME + openbsd
Supported by:	Vernier Networks
2002-10-16 02:10:08 +00:00
Sam Leffler
5d84645305 Replace aux mbufs with packet tags:
o instead of a list of mbufs use a list of m_tag structures a la openbsd
o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit
  ABI/module number cookie
o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and
  use this in defining openbsd-compatible m_tag_find and m_tag_get routines
o rewrite KAME use of aux mbufs in terms of packet tags
o eliminate the most heavily used aux mbufs by adding an additional struct
  inpcb parameter to ip_output and ip6_output to allow the IPsec code to
  locate the security policy to apply to outbound packets
o bump __FreeBSD_version so code can be conditionalized
o fixup ipfilter's call to ip_output based on __FreeBSD_version

Reviewed by:	julian, luigi (silent), -arch, -net, darren
Approved by:	julian, silence from everyone else
Obtained from:	openbsd (mostly)
MFC after:	1 month
2002-10-16 01:54:46 +00:00
Kirk McKusick
86aeb27fa2 Change locking so that all snapshots on a particular filesystem share
a common lock. This change avoids a deadlock between snapshots when
separate requests cause them to deadlock checking each other for a
need to copy blocks that are close enough together that they fall
into the same indirect block. Although I had anticipated a slowdown
from contention for the single lock, my filesystem benchmarks show
no measurable change in throughput on a uniprocessor system with
three active snapshots. I conjecture that this result is because
every copy-on-write fault must check all the active snapshots, so
the process was inherently serial already. This change removes the
last of the deadlocks of which I am aware in snapshots.

Sponsored by:	DARPA & NAI Labs.
2002-10-16 00:19:23 +00:00
Sam Leffler
87cb581aa4 missed additional callout that can run w/o Giant locked 2002-10-15 23:25:56 +00:00
Poul-Henning Kamp
fb9da1ef43 Include "opt_kbd.h" since certain structures size depend on the value
of KBDIO_DEBUG which may be defined in the kernel config (as it is in NOTES).

This kind of bug is a _really_ horribly thing as we end up with one bit
of code thinking a particular structure is 136 bytes and another that it
is only 112 bytes.

Ideally all places would remember to #include the right "opt_foo.h" file,
but I think in practice file containing the variable sized struct should
#include it explicitly as a precaution.

Detected by:	FlexeLint
2002-10-15 21:35:01 +00:00
Nate Lawson
02fcfac0ad Return an error if the drive reports heads/sectors that do not make sense.
This fixes a divide by zero in fdisk(8)

Reviewed by:	phk
2002-10-15 21:28:50 +00:00
Robert Watson
9e3bf94fd7 Push most UFS ACL behavior behind a check for MNT_ACLS, permitting ACLs
to be administratively disabled as needed on UFS/UFS2 file systems.  This
also has the effect of preventing the slightly more expensive ACL code
from running on non-ACL file systems, avoiding storage allocation for
ACLs that may be read from disk.  MNT_ACLS may be set at mount-time
using mount -o acls, or implicitly by setting the FS_ACLS flag using
tunefs.  On UFS1, you may also have to configure ACL store.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-15 21:28:24 +00:00
David E. O'Brien
77e4f5d146 Bump __FreeBSD_version for the Binutils 2.13 upgrade, which includes the
new FreeBSD emulation, vec, and output format.
2002-10-15 21:26:53 +00:00
Hajimu UMEMOTO
3a3b49aaff Correct the definitions of SADB_* to be compatible with
RFC2407/IANA assignment.  This change breaks binary
compatibility.  So, you need to recompile IPsec related
applications.
2002-10-15 20:59:56 +00:00
Poul-Henning Kamp
32e8efbffd Don't show the command line when doing "make lint". 2002-10-15 20:49:58 +00:00
Poul-Henning Kamp
6df6552a3d Be consistent about marking functions static.
Found by:	FlexeLint.
2002-10-15 20:32:45 +00:00
Robert Watson
80830407c6 If the FS_MULTILABEL flag is set in a UFS or UFS2 superblock,
automatically set MNT_MULTILABEL in the mount flags.

If FS_ACLS is set in a UFS or UFS2 superblock, automatically
set MNT_ACLS in the mount flags.

If either of these flags is set, but the appropriate kernel option
to support the features associated with the flag isn't available,
then print a warning at mount-time.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-15 20:00:06 +00:00
Poul-Henning Kamp
7c61d7858c Plug a memory-leak.
"I think you're right" by:	jake
2002-10-15 18:58:38 +00:00
Poul-Henning Kamp
9736c8f03a Use ; not , as statement separator in PDEBUG() macro.
Ignoring a NULL dev in device_set_ivars() sounds wrong, KASSERT it to
non-NULL instead.

Do the same for device_get_ivars() for reasons of symmetry, though
it probably would have yielded a panic anyway, this gives more precise
diagnostics.

Absentmindedly nodded OK to by:	jhb
2002-10-15 18:56:13 +00:00
Poul-Henning Kamp
65a728a53b Plug an infrequent (I think) memory leak.
Spotted by:	FlexeLint
2002-10-15 18:51:02 +00:00