Add regression tests for privileged and supposedly unprivileged
IP_IPSEC_POLICY,IPV6_IPSEC_POLICY setsockopt cases.
We may need to review the current 'good' results to make
sure they reflect what we really want.
Discussed with: rwatson
Reviewed by: rwatson
Before that non-su users were able to open pfkey sockets as well.
Add a regression test so we can detect such problems in an automated way
in the future.
changes:
01 - Enhanced LRO:
LRO feature is extended to support multi-buffer mode. Previously,
Ethernet frames received in contiguous buffers were offloaded.
Now, frames received in multiple non-contiguous buffers can be
offloaded, as well. The driver now supports LRO for jumbo frames.
02 - Locks Optimization:
The driver code was re-organized to limit the use of locks.
Moreover, lock contention was reduced by replacing wait locks
with try locks.
03 - Code Optimization:
The driver code was re-factored to eliminate some memcpy
operations. Fast path loops were optimized.
04 - Tag Creations:
Physical Buffer Tags are now optimized based upon frame size.
For better performance, Physical Memory Maps are now re-used.
05 - Configuration:
Features such as TSO, LRO, and Interrupt Mode can be configured
either at load or at run time. Rx buffer mode (mode 1 or mode 2)
can be configured at load time through kenv.
06 - Driver Statistics:
Run time statistics are enhanced to provide better visibility
into the driver performance.
07 - Bug Fixes:
The driver contains fixes for the problems discovered and
reported since last submission.
08 - MSI support:
Added Message Signaled Interrupt feature which currently uses 1
message.
09 Removed feature:
Rx 3 buffer mode feature has been removed. Driver now supports 1,
2 and 5 buffer modes of which 2 and 5 buffer modes can be used
for header separation.
10 Compiler warning:
Fixed compiler warning when compiled for 32 bit system.
11 Copyright notice:
Source files are updated with the proper copyright notice.
MFC after: 3 days
Submitted by: Alicia Pena <Alicia dot Pena at neterion dot com>,
Muhammad Shafiq <Muhammad dot Shafiq at neterion dot com>
support machines having multiple independently numbered PCI domains
and don't support reenumeration without ambiguity amongst the
devices as seen by the OS and represented by PCI location strings.
This includes introducing a function pci_find_dbsf(9) which works
like pci_find_bsf(9) but additionally takes a domain number argument
and limiting pci_find_bsf(9) to only search devices in domain 0 (the
only domain in single-domain systems). Bge(4) and ofw_pcibus(4) are
changed to use pci_find_dbsf(9) instead of pci_find_bsf(9) in order
to no longer report false positives when searching for siblings and
dupe devices in the same domain respectively.
Along with this change the sole host-PCI bridge driver converted to
actually make use of PCI domain support is uninorth(4), the others
continue to use domain 0 only for now and need to be converted as
appropriate later on.
Note that this means that the format of the location strings as used
by pciconf(8) has been changed and that consumers of <sys/pciio.h>
potentially need to be recompiled.
Suggested by: jhb
Reviewed by: grehan, jhb, marcel
Approved by: re (kensmith), jhb (PCI maintainer hat)
work present in FreeBSD 7.0 to refine the kernel privilege model:
- Introduce support for jail as a testing variable, in order to
confirm that privileges are properly restricted in the jail
environment.
- Restructure overall testing approach so that privilege and jail
conditions are set in the testing infrastructure before tests
are invoked, and done so in a custom-created process to isolate
the impact of tests from each other in a more consistent way.
- Tests now provide setup and cleanup hooks that occur before and
after the test runs.
- New privilege tests are now present for several audit
privileges, several credential management privileges, dmesg
buffer reading privilege, and netinet raw socket creation.
- Other existing tests are restructured and generally improved as
a result of better framework structure and jail as a variable.
For exampe, we now test that certain sysctls are writable only
outside jail, while others are writable within jail. On a
similar note, privileges relating to setting UFS file flags are
now better exercised, as with the right to chmod and utimes
files.
Approved by: re (bmah)
Obtained from: TrustedBSD Project
- Add the bind mtree to the TinyBSD build so that files
can be installed there (else the build fails)
- Change GEOM_GPT to GEOM_PART_GPT since that had been
renamed in current. The kernel configuration provided
by TinyBSD will not build without these changes.
PR: misc/115484
PR: misc/115405
Submitted by: Richard Arends <richard at unixguru dot nl>
Approved by: re (bmah)
Approved by: imp (mentor)
or replace (i.e., zdump) the environment after a call to setenv(), putenv()
or unsetenv() has been made, a few changes were made.
- getenv() will return the value from the new environ array.
- setenv() was split into two functions: __setenv() which is most of the
previous setenv() without checks on the name and setenv() which
contains the checks before calling __setenv().
- setenv(), putenv() and unsetenv() will unset all previous values and
call __setenv() on all entries in the new environ array which in turn
adds them to the end of the envVars array. Calling __setenv() instead
of setenv() is done to avoid the temporary replacement of the '=' in a
string with a NUL byte. Some strings may be read-only data.
Added more regression checks for clearing the environment array.
Replaced gettimeofday() with getrusage() in timing regression check for
better accuracy.
Fixed an off-by-one bug in __remove_putenv() in the use of memmove(). This
went unnoticed due to the allocation of double the number of environ
entries when building envVars.
Fixed a few spelling mistakes in the comments.
Reviewed by: ache
Approved by: wes
Approved by: re (kensmith)
- Solaris' setgroups(2) doesn't change process' effective gid, so set it
explicitly.
- POSIX doesn't define O_NOFOLLOW. FreeBSD returns EMLINK when target is
a symbolic link, but Solaris returns ELOOP then.
- Solaris doesn't define O_SHLOCK and O_EXLOCK flags.
Approved by: re (rwatson)
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.
Convert all calls to POSIX from historic BSD API:
- unsetenv returns an int.
- putenv takes a char * instead of const char *.
- putenv no longer makes a copy of the input string.
- errno is set appropriately for POSIX. Exceptions involve bad environ
variable and internal initialization code. These both set errno to
EFAULT.
Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit. A few I re-wrote to use setenv()
instead of putenv().
New regression module for tools/regression/environ to test these
functions. It also can be used to test the performance.
Bump __FreeBSD_version to 700050 due to API change.
PR: kern/99826
Approved by: wes
Approved by: re (kensmith)
- Add and document the KVM and KVM_SUPPORT options that
are needed for the ifmcstats(3) makefile
- Garbage collect unused variables
- Add missing inclusion of bsd.own.mk where needed
Approved by: kan (mentor)
Reviewed by: ru
and protocol-independent host mode multicast. The code is written to
accomodate IPv6, IGMPv3 and MLDv2 with only a little additional work.
This change only pertains to FreeBSD's use as a multicast end-station and
does not concern multicast routing; for an IGMPv3/MLDv2 router
implementation, consider the XORP project.
The work is based on Wilbert de Graaf's IGMPv3 code drop for FreeBSD 4.6,
which is available at: http://www.kloosterhof.com/wilbert/igmpv3.html
Summary
* IPv4 multicast socket processing is now moved out of ip_output.c
into a new module, in_mcast.c.
* The in_mcast.c module implements the IPv4 legacy any-source API in
terms of the protocol-independent source-specific API.
* Source filters are lazy allocated as the common case does not use them.
They are part of per inpcb state and are covered by the inpcb lock.
* struct ip_mreqn is now supported to allow applications to specify
multicast joins by interface index in the legacy IPv4 any-source API.
* In UDP, an incoming multicast datagram only requires that the source
port matches the 4-tuple if the socket was already bound by source port.
An unbound socket SHOULD be able to receive multicasts sent from an
ephemeral source port.
* The UDP socket multicast filter mode defaults to exclusive, that is,
sources present in the per-socket list will be blocked from delivery.
* The RFC 3678 userland functions have been added to libc: setsourcefilter,
getsourcefilter, setipv4sourcefilter, getipv4sourcefilter.
* Definitions for IGMPv3 are merged but not yet used.
* struct sockaddr_storage is now referenced from <netinet/in.h>. It
is therefore defined there if not already declared in the same way
as for the C99 types.
* The RFC 1724 hack (specify 0.0.0.0/8 addresses to IP_MULTICAST_IF
which are then interpreted as interface indexes) is now deprecated.
* A patch for the Rhyolite.com routed in the FreeBSD base system
is available in the -net archives. This only affects individuals
running RIPv1 or RIPv2 via point-to-point and/or unnumbered interfaces.
* Make IPv6 detach path similar to IPv4's in code flow; functionally same.
* Bump __FreeBSD_version to 700048; see UPDATING.
This work was financially supported by another FreeBSD committer.
Obtained from: p4://bms_netdev
Submitted by: Wilbert de Graaf (original work)
Reviewed by: rwatson (locking), silence from fenner,
net@ (but with encouragement)
Four tests currently fail:
test_ether_line_bad_1() and test_ether_line_bad_2() due to bugs in
ether_line(3).
test_ether_ntohost() and test_ether_hostton() due to not being fully
implemented tests.
on socket buffers is interruptible or not, which detacts the regression I
introduced recently in 7-CURRENT (spotted by alfred). This test passes
in older -CURRENT, and with the as-yet uncommitted sx_xlock_sig and
sblock fix patches.
o make some variables parameters (frequency of crack, and maximum channel)
o try to spoof mac if association fails
Submitted by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
each file independently from other files. The new semantics are
desired in the most of practical cases, e.g.: delete lines 5-9
from each file.
Keep the previous semantics of -i under a new option, -I, which
uses a single continuous address space covering all files to edit
in-place -- they are too cool to just drop them.
Add regression tests for -i and -I.
Approved by: dds
Compared with: GNU sed
Discussed on: -hackers
MFC after: 2 weeks
* Break out the boot0 loader selection into a variable - NANO_BOOTLOADER -
so people like me with VGA consoles can override the default (which is
to use boot0sio)
* Put the boot0 configuration options in NANO_BOOT0CFG in case you want
to override the defaults.
* Modify nanobsd.8 to reflect the changes and hint the console default is
serial.
MFC after: 2 weeks
[Since the change to strict refcounting for in_multi objects, this test
began to fail; formerly the refcount was a count of the number of requests
for a given address, NOT a count of pointers to the object.]
that it might be worth fixing a couple of bugs in wesside and making
it use the new cracking technique. I think this enhancement makes
the tool quite usable. It is possible to recover keys in only a
couple of minutes.
* Fix ACKs. Firmware will ACK data [just set the MAC addr correctly].
* Fix RX routines. Process all packets read().
* Use aircrack-ptw [built-in] rather than external aircrack.
* Log data in pcap format so that it may be used by others [e.g. aircrack-ng].
Submitted by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
- Close the new file objects created during socketpair() if the copyout of
the new file descriptors fails.
- Add a test to the socketpair regression test for this edge case.
and had no chance to match it by the 2nd address precisely.
Otherwise the unclosed range would bogusly extend to the end
of stream.
Add a basic regression test for the bug fixed. (This change
also fixes the more complex case 5.3 from `multitest.t'.)
Compared with: SUN and GNU seds
Tested by: regression tests
MFC after: 1 week
in a more reasonable way than BSD sed does: they properly
close the range even if we branched over its end. No doubt,
the range `1,5' should not match lines from 9 through 14.
them are related to the `c' function's need to know if we are at
the actual end of the address range. (It must print the text not
earlier than the whole pattern space was deleted.) It appears the
only sed function with this requirement.
There is `lastaddr' set by applies(), which is to notify the `c'
function, but it can't always help because it's false when we are
hitting the end of file early. There is also a bug in applies()
due to which `lastaddr' isn't set to true on degenerate ranges such
as `$,$' or `N,$' if N appears the last line number.
Handling early EOF condition in applies() could look more logical,
but it would effectively revert sed to the unreasonable behaviour
rev. 1.26 of main.c fought against, as it would require lastline()
be called for each line within each address range. So it's better
to call lastline() only if needed by the `c' function.
Together with this change to sed go regression tests for the bugs
fixed (c1-c3). A basic test of `c' (c0) is also added as it helped
me to spot my own error.
Discussed with: dds
Tested by: the regression tests
MFC after: 1 week
o make all crypto drivers have a device_t; pseudo drivers like the s/w
crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
for specifying which of several potential devices to use when doing
crypto operations
o add new ioctls that allow user apps to select a specific crypto device
to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
to specify a device to use for tests
These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.
These changes were instigated by the work of Michael Richardson.
Reviewed by: pjd
Approved by: re
I have verified these with GNU sed 4.1.5 (and in some cases with Solaris
sed) and they are identical, with the following exceptions:
5.3: The result is unspecified and BSD sed behaves differently.
6.3: GNU sed gets it wrong
7.1: GNU sed gets it wrong
7.8: BSD sed gets it wrong
According to IEEE Std 1003.1, 2004 "Whenever the pattern space is
written to standard output or a named file, sed shall immediately
follow it with a <newline>."
An attempt at the same correction might have been made with r1.3,
which is however identical with r1.2.
NetBSD version is a feature-to-feature re-implementation of GNU
gzip using the freely-redistributable zlib and this version is
expected to be mostly bug-to-bug compatible with the GNU
implementation.
- Because this is a piece of mature code and we want to make
changes so it is added directly rather than importing to
src/contrib.
- Connect newly added code to src/usr.bin/ and rescue/rescue
build.
- Disconnect the GNU gzip code from build for now, they will
be eventually removed completely.
- Provide two new src.conf(5) knobs, WITHOUT_BZIP2_SUPPORT and
WITHOUT_BZIP2.
Tested by: kris (full exp-7 pointyhat build)
Approved by: core (importing a 4-clause BSD licensed file)
Approved by: re (adding new utility during -HEAD code slush)
effective group ID or to group ID of its parent directory.
- Add some comments from POSIX.
- Verify that after successful O_TRUNC open, size is equal to 0.
he is the file's owner, he can't set set-gid bit.
POSIX requires to return 0 and clear the bit, but FreeBSD returns
EPERM for UFS in such case. For now do the same in ZFS.
This only works if there is no significant drift and all processors are
running at the same frequency. Fortunately, schedgraph traces on MP
machines tend to cover less than a second so drift shouldn't be an issue.
- KTRFile::synchstamp() iterates once over the whole list to determine the
lowest tsc value and syncs adjusts all other values to match. We assume
that the first tick recorded on all cpus happened at the same instant to
start with.
- KTRFile::monostamp() iterates again over the whole file and checks for
a cpu agnostic monotonically increasing clock. If the time ever goes
backwards the cpu responsible is adjusted further to fit. This will
make the possible incorrect delta between cpus as small as the shortest
time between two events. This time can be fairly large due to sched_lock
essentially protecting all events.
- KTRFile::checkstamp() now returns an adjusted timestamp.
- StateEvent::draw() detects states that occur out of order in time and
draws them as 0 pixels after printing a warning.
from the tsc.
- Set skipnext = 1 for yielding and preempted events so we don't show the
event that adds us back to the run queue. It used to be 2 so we would
skip the ksegrp run queue addition and the system run queue addition
but the ksegrp run queue has gone away.
- Don't display down to nanosecond resolution for scheduling events right
now. This can sometimes cause a division by zero.
Almost all regression tests are based on very flexible fstest tool.
They verify correctness (POSIX conformance) of almost all file
system-related system calls.
The motivation behind this work is my ZFS port and POSIX, who doesn't
provide free test suites.
Runs on: FreeBSD/UFS, FreeBSD/ZFS, Solaris/UFS, Solaris/ZFS
To try it out:
# cd fstest
# make
# find tests/* -type d | xargs prove
various types, as well as pipes and fifos for good measure. RELENG_6
currently passes all of these tests, but 7-CURRENT fails 0-byte writes
and sends on all stream socket types (and fifos, as they are based on
stream sockets).
Bumped into by: peter
Diagnosed by: jhb
Problem of: andre
to floating-point, the result is a quiet NaN. The current implementation
may return a signaling NaN, and the vendor has no plans for changing this,
for reasons explained in the comment I added.
mbuf is dropped, to preserve the invariant in the PR_ADDR case.
Add a regression test to detect this condition, but do not hook it
up to the build for now.
PR: kern/38495
Submitted by: James Juran
Reviewed by: sam, rwatson
Obtained from: NetBSD
MFC after: 2 weeks
wildcard specifications. Earlier the only wildcard syntax
was "-j 0" for "any jail". There were at least
two shortcomings in it: First, jail ID 0 was abused; it
meant "no jail" in other utils, e.g., ps(1). Second, it
was impossible to match processed not in jail, which could
be useful to rc.d developers. Therefore a new syntax is
introduced: "-j any" means any jail while "-j none" means
out of jail. The old syntax is preserved for compatibility,
but now it's deprecated because it's limited and confusing.
Update the respective regression tests. While I'm here,
make the tests more complex but sensitive: Start several
processes, some in jail and some out of jail, so we can
detect that only the right processes are killed by pkill
or matched by pgrep.
Reviewed by: gad, pjd
MFC after: 1 week
nature of implied connect via sendto(). Oddly, uipc_usrreq.c implements
this for stream sockets, but doesn't set the flag in its protocol
definition so that it can actually be used. As such, the stream test is
implemented but doesn't run for now.
prints out if bootverbose is set. This is to facilitate the code being
removed from the kernel at a later date.
While we're here, fix the __packed structures, and add some other
PCI interrupt router IDs.
Submitted by: jhb (with some tweaks)
MFC after: 3 weeks
KERNCONF after the file has been copied to the sys/${ARCH}/conf directory. This
allows the use of one kernel config file for multiple images. E.g.:
NANO_KERNEL=../../../../software/nanobsd/default/SOEKRIS
MFC: after 6.2
to WITH_CDDL.
This option enables building code that is licensed under Sun's CDDL.
The DTrace code is licensed that way, so by default it will get built
unless the WITHOUT_CDDL option is used.
There is another build toggle, NO_CTF, which turns off execution of
ctfconvert and ctfmerge in sys.mk, but this can't be implemented as
WITH_/WITHOUT because bsd.own.mk isn't included in all Makefiles and
sys.mk is included automatically by make.
This allows the user to specify that the root filoesystem should be
an MFS or teh actual medium itself.
Also a new command syntax, along with an interactive mode by default,
with crossinvocation memory of the last used values as defaults for the
current invocation.
Submitted by:jmeloatfreebsdbrasil,com-br
implemented properly for a number of kernel subsystems. In general, they
try to exercise the privilege first as the root user, then as a test user,
in order to determine when privilege is being checked.
Currently, these tests do not compare inside/outside jail, and probably
should be enhanced to do that.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Add "-C <column>" and "-d <delims>" options to chop up input lines.
Make '#' a comment character, rest of line is ignored.
Submitted by: Dmitry Morozovsky <marck@rinet.ru>
separate function which is called right after install_etc(). This makes
it simpler to (ab)use nanobsd.sh as a framework to build more normal
FreeBSD images where a normal /etc is used, since setup_nanobsd_etc()
can just be redefined.
OK'ed in principle by: phk
MFC after: 1 week
It is by no means expected to perform a complete test of the library
for correctness, but is meant to test the API to make sure libmp (or
libcrypto) updates don't totally break the library.
instead of setup_nanobsd(), because this gives customize tasks a chance
to fiddle the details.
Inspired & tested by: Jordan Coleman <jordan@JordanColeman.com>
o If something is wrong with options, then output short usage help message.
o Output errstr returned from strtonum(3).
PR: bin/98141
Submitted by: Andrey Simonenko
It uses doxygen to generate the API documentation. For each subsystem
a very small (about 20 lines with comments) subsystem specific Doxyfile
has to be written (have a look at the README for more). All common doxygen
options are specified in a separate file.
The framework is configured to not only generate the HTML version, but also
a PDF version (the paper size is hardcoded to DIN A4 currently and depending
on the subsystem you have to increase some limits in the latex configuration
of your system, the README tells more about this).
It also allows cross-references between the subsystems (it generates doxygen
tag files).
Currently the docs are generated in OBJDIR, but this may change after
coordination with doc@. The makefile is prepared to generate/move various
parts of the generated docs to different destinations.
TARGET_ARCH is respected and some env-vars are set for architecture specific
handling of the source (the README tells more).
Subsystems for which docs are generated:
- cam - crypto - dev_pci
- dev_sound - dev_usb - geom
- i4b - kern - libkern
- linux - net80211 - netgraph
- netinet - netinet6 - netipsec
- opencrypto - vm
Requested by: gnn