Commit Graph

99902 Commits

Author SHA1 Message Date
Max Laier
25a4adcec4 Bring eventhandler callbacks for pf.
This enables pf to track dynamic address changes on interfaces (dailup) with
the "on (<ifname>)"-syntax. This also brings hooks in anticipation of
tracking cloned interfaces, which will be in future versions of pf.

Approved by: bms(mentor)
2004-02-26 04:27:55 +00:00
Max Laier
cc5934f5af Tweak existing header and other build infrastructure to be able to build
pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile
(i.e. do not connect it to any (automatic) builds - yet).

Approved by: bms(mentor)
2004-02-26 03:53:54 +00:00
Robert Watson
c66b4d8d26 Move inet and inet6 related MAC Framework entry points from mac_net.c
to a new mac_inet.c.  This code is now conditionally compiled based
on inet support being compiled into the kernel.

Move socket related MAC Framework entry points from mac_net.c to a new
mac_socket.c.

To do this, some additional _enforce MIB variables are now non-static.
In addition, mbuf_to_label() is now mac_mbuf_to_label() and non-static.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-26 03:51:04 +00:00
Max Laier
2bbe8ffc9d Bring diff from the security/pf port. This has code been tested as a port
for a long time and is run in production use. This is the code present in
portversion 2.03 with some additional tweaks.

The rather extensive diff accounts for:
 - locking (to enable pf to work with a giant-free netstack)
 - byte order difference between OpenBSD and FreeBSD for ip_len/ip_off
 - conversion from pool(9) to zone(9)
 - api differences etc.

Approved by: bms(mentor) (in general)
2004-02-26 02:34:12 +00:00
Max Laier
3ef891af51 This commit was generated by cvs2svn to compensate for changes in r126258,
which included commits to RCS files with non-trunk default branches.
2004-02-26 02:04:28 +00:00
Max Laier
5c45a928b9 Vendor import of OpenBSD's packet filter (pf) as of OpenBSD 3.4
Approved by: bms(mentor), core (in general)
2004-02-26 02:04:28 +00:00
Eric Melville
5ee1d75f0a Test data before using it.
Of course, libdialog is still chock-full of similar bugs, but it's been
multiple years and no one has any better suggestions so the bugs will just
be dealt with case-by-case.

PR:	28221
2004-02-26 01:52:39 +00:00
Robert Watson
57792ded36 Update copyright on mac.9 for 2004. Use "-" for copyright year
ranges.

Add additional credits for contributions to the MAC Framework.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-26 01:18:46 +00:00
Robert Watson
1d3170aa53 Add a "-l" parameter to mdmfs so that memory file systems can be
created with the multilabel flag from inception.  This simply
passes the "-l" flag on to newfs(8).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-26 01:15:47 +00:00
Robert Watson
ce20d788fa Add a "-l" flag to newfs, which sets the FS_MULTILABEL flag. This
permits users of newfs to set the multilabel flag on UFS1 and UFS2
file systems from inception without using tunefs.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-26 01:14:27 +00:00
Don Lewis
47934cef8f Split the mlock() kernel code into two parts, mlock(), which unpacks
the syscall arguments and does the suser() permission check, and
kern_mlock(), which does the resource limit checking and calls
vm_map_wire().  Split munlock() in a similar way.

Enable the RLIMIT_MEMLOCK checking code in kern_mlock().

Replace calls to vslock() and vsunlock() in the sysctl code with
calls to kern_mlock() and kern_munlock() so that the sysctl code
will obey the wired memory limits.

Nuke the vslock() and vsunlock() implementations, which are no
longer used.

Add a member to struct sysctl_req to track the amount of memory
that is wired to handle the request.

Modify sysctl_wire_old_buffer() to return an error if its call to
kern_mlock() fails.  Only wire the minimum of the length specified
in the sysctl request and the length specified in its argument list.
It is recommended that sysctl handlers that use sysctl_wire_old_buffer()
should specify reasonable estimates for the amount of data they
want to return so that only the minimum amount of memory is wired
no matter what length has been specified by the request.

Modify the callers of sysctl_wire_old_buffer() to look for the
error return.

Modify sysctl_old_user to obey the wired buffer length and clean up
its implementation.

Reviewed by:	bms
2004-02-26 00:27:04 +00:00
Robert Watson
049ffe98a8 Assert pipe mutex in pipeselwakeup(), as we manipulate pipe_state
in a non-atomic manner.  It appears to always be called with the
mutex (good).
2004-02-26 00:18:22 +00:00
Bruce M Simpson
714ae42a86 Add a note about the routed update breaking compatibility (for MD5
authentication only) with older versions of FreeBSD's routed.
2004-02-25 23:56:30 +00:00
Bruce M Simpson
c39ebb1dbb Sync HEAD sources to vendor branch import of routed v2.27 from rhyolite.com.
Update <protocols/routed.h> for the MD5 changes requested in bin/35843.
Preserve local changes.

Education by:	obrien, markm, pointy-stick
PR:		bin/35843 (and doubtless others)
2004-02-25 23:45:57 +00:00
Robert Watson
094bdd260c Update comment regarding MAC labels: we no longer pass endpoints
into the MAC Framework, just the pipe pair.

GC 'hadpeer' used in pipedestroy(), which is no longer needed as
we check pipe_present flags on the pair.
2004-02-25 23:30:56 +00:00
Bruce M Simpson
caa79e368e Virgin import of rhyolite.com routed v2.27 2004-02-25 23:20:22 +00:00
Peter Wemm
937f5a8e02 Since we don't use PG_NX yet, don't turn on EFER_NXE quite yet. This needs
to be done based on the cpuid bits.  AMD says that we should test the cpuid
features bits for certain things, such as this.
2004-02-25 23:12:39 +00:00
Maksim Yevmenkin
167bc3861d Fix endianes bug 2004-02-25 22:43:43 +00:00
Dag-Erling Smørgrav
e9c67f69d1 Use the -H option instead of the deprecated -follow predicate. 2004-02-25 21:45:41 +00:00
Brian Feldman
33dee81933 Make the resolver(3) and many associated interfaces much more reentrant.
The getaddrinfo(3), getipnodebyname(3) and resolver(3) can coincide now
with what should be totally reentrant, and h_errno values will now
be preserved correctly, but this does not affect interfaces such as
gethostbyname(3) which are still mostly non-reentrant.

In all of these relevant functions, the thread-safety has been pushed
down as far as it seems possible right now.  This means that operations
that are selected via nsdispatch(3) (i.e. files, yp, dns) are protected
still under global locks that getaddrinfo(3) defines, but where possible
the locking is greatly reduced.  The most noticeable improvement is
that multiple DNS lookups can now be run at the same time, and this
shows major improvement in performance of DNS-lookup threaded programs,
and solves the "Mozilla tab serialization" problem.

No single-threaded applications need to be recompiled.  Multi-threaded
applications that reference "_res" to change resolver(3) options will
need to be recompiled, and ones which reference "h_errno" will also
if they desire the correct h_errno values.  If the applications already
understood that _res and h_errno were not thread-safe and had their own
locking, they will see no performance improvement but will not
actually break in any way.

Please note that when NSS modules are used, or when nsdispatch(3)
defaults to adding any lookups of its own to the individual libc
_nsdispatch() calls, those MUST be reentrant as well.
2004-02-25 21:03:46 +00:00
Philippe Charnier
59b4f7f45e According to source code, under certain conditions, logging goes to the
"auth" facility not "daemon".
Submitted by: "Bill Richter (7X22KEY)" <richterb@binkley.foothill.net>
2004-02-25 20:31:00 +00:00
Max Laier
ac9d7e2618 Re-remove MT_TAGs. The problems with dummynet have been fixed now.
Tested by: -current, bms(mentor), me
Approved by: bms(mentor), sam
2004-02-25 19:55:29 +00:00
David E. O'Brien
e31a14418a Remove freebsd-update -- it breaks the Alpha, sparc64, ia64, and amd64
release bulds.
2004-02-25 19:05:47 +00:00
Alexander Kabaev
2627f3570d Do not depend on existence of _end symbol in obj_from_addr, use
obj->mapbase and obj->mapsize instead.

Prompted by: 	OpenOffice debugging session at last BSDCon.
2004-02-25 17:06:16 +00:00
Wolfram Schneider
c3c75c8376 Add FreeBSD 5.2.1 2004-02-25 15:58:14 +00:00
Poul-Henning Kamp
3531b6f13a Update manual page.
Give 8" example for the heck of it.
2004-02-25 13:55:56 +00:00
Christian Brueffer
ea2937efb8 Add SiI3512. 2004-02-25 13:48:48 +00:00
Poul-Henning Kamp
503799ea5c Make mode setting with fdcontrol(8) stick.
Recognize when configured for "auto".
2004-02-25 13:44:58 +00:00
Poul-Henning Kamp
9b28b5e64f Recognize "auto" format.
Be more verbose when asked to.
2004-02-25 13:43:39 +00:00
Poul-Henning Kamp
9cee00cf10 Set size field correctly, it is number of sectors on the device, not
number of 512 bytes sectors.

Recognize size == -1 as meaning "auto".
2004-02-25 13:43:17 +00:00
Bruce Evans
7501cdc8e5 Demangled vendor ids. Fixed misplaced FreeBSD id. 2004-02-25 13:26:53 +00:00
Johan Karlsson
ca9c567178 Fix style bug in last commit,
add a tab after WARNS?=.

While I'm here fix other style bugs.

Submitted by:	bde (libbdf/Makefile)
2004-02-25 13:12:51 +00:00
Bruce Evans
5dfef63412 Backed out rev.1.6. A bogus include was added to work around breakage of
<netinet/tcp_var.h>'s prerequisites.  Prerequistes should not grow for
userland headers, and <netinet/tcp_var.h> is unfortunately still needed
in userland.
2004-02-25 13:11:48 +00:00
Bruce Evans
0613995bd0 Fixed namespace pollution in rev.1.74. Implementation of the syncache
increased <netinet/tcp_var>'s already large set of prerequisites, and
this was handled badly.  Just don't declare the complete syncache struct
unless <netinet/pcb.h> is included before <netinet/tcp_var.h>.

Approved by:	jlemon (years ago, for a more invasive fix)
2004-02-25 13:03:01 +00:00
Bruce Evans
a545b1dc4d Don't use the negatively-opaque type uma_zone_t or be chummy with
<vm/uma.h>'s idempotency indentifier or its misspelling.
2004-02-25 11:53:19 +00:00
Andrey A. Chernov
609991e87e Change warning hint to be more useful 2004-02-25 10:56:54 +00:00
Søren Schmidt
1c342d89ce Add support for the sii3512 SATA chip. 2004-02-25 09:55:49 +00:00
Bruce Evans
d01cde0480 Fixed some insertion sort errors. 2004-02-25 09:35:35 +00:00
Bruce Evans
bfdd261e68 Fixed some style bugs in previous commit (unsorting of the DDB_* options,
misofrmatting, and English usage errors).
2004-02-25 08:57:33 +00:00
Jeffrey Hsu
89c02376fc Relax a KASSERT condition to allow for a valid corner case where
the FIN on the last segment consumes an extra sequence number.

Spurious panic reported by Mike Silbersack <silby@silby.com>.
2004-02-25 08:53:17 +00:00
Scott Long
75fba44b93 Revert the last commit. I don't know what I was thinking, but this change
definitely doesn't help any thing.
2004-02-25 05:41:44 +00:00
Robert Watson
ae5fbd9b53 Add an 'add' command to ugidfw(8), which permits specifying a new
rule without explicitly specifying a new rule number.

Update copyrights, remove license clause three.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-25 03:59:56 +00:00
Robert Watson
47ab23aa82 Add bsde_add_rule(), which is similar to bsde_set_rule() except that
the caller does not specify the rule number -- instead, the kernel
module is probed for the next available rule, which is then used.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-25 03:24:39 +00:00
Andrey A. Chernov
b3ab6e504b Back out getopt* adding here per maintainer request 2004-02-25 03:10:14 +00:00
Andrey A. Chernov
ddde411742 Add upgrade instructions 2004-02-25 02:59:26 +00:00
Andrey A. Chernov
9d7197a177 Add "posix" subdir to "gnu" 2004-02-25 02:51:37 +00:00
Andrey A. Chernov
a3625ac84d Upgrade to regex from grep 2.4.2 2004-02-25 02:41:15 +00:00
Andrey A. Chernov
f88175ccbf Merge conflicts 2004-02-25 02:39:10 +00:00
Andrey A. Chernov
9102b423ca This commit was generated by cvs2svn to compensate for changes in r126209,
which included commits to RCS files with non-trunk default branches.
2004-02-25 02:27:50 +00:00
Andrey A. Chernov
6238c8eac7 Virgin import (trimmed) of GNU regex, from GNU grep 2.4.2 2004-02-25 02:27:50 +00:00