that includes significant features and SMP safety.
This commit includes a more or less complete rewrite of the *BSD USB
stack, including Host Controller and Device Controller drivers and
updating all existing USB drivers to use the new USB API:
1) A brief feature list:
- A new and mutex enabled USB API.
- Many USB drivers are now running Giant free.
- Linux USB kernel compatibility layer.
- New UGEN backend and libusb library, finally solves the "driver
unloading" problem. The new BSD licensed libusb20 library is fully
compatible with libusb-0.1.12 from sourceforge.
- New "usbconfig" utility, for easy configuration of USB.
- Full support for Split transactions, which means you can use your
full speed USB audio device on a high speed USB HUB.
- Full support for HS ISOC transactions, which makes writing drivers
for various HS webcams possible, for example.
- Full support for USB on embedded platforms, mostly cache flushing
and buffer invalidating stuff.
- Safer parsing of USB descriptors.
- Autodetect of annoying USB install disks.
- Support for USB device side mode, also called USB gadget mode,
using the same API like the USB host side. In other words the new
USB stack is symmetric with regard to host and device side.
- Support for USB transfers like I/O vectors, means more throughput
and less interrupts.
- ... see the FreeBSD quarterly status reports under "USB project"
2) To enable the driver in the default kernel build:
2.a) Remove all existing USB device options from your kernel config
file.
2.b) Add the following USB device options to your kernel configuration
file:
# USB core support
device usb2_core
# USB controller support
device usb2_controller
device usb2_controller_ehci
device usb2_controller_ohci
device usb2_controller_uhci
# USB mass storage support
device usb2_storage
device usb2_storage_mass
# USB ethernet support, requires miibus
device usb2_ethernet
device usb2_ethernet_aue
device usb2_ethernet_axe
device usb2_ethernet_cdce
device usb2_ethernet_cue
device usb2_ethernet_kue
device usb2_ethernet_rue
device usb2_ethernet_dav
# USB wireless LAN support
device usb2_wlan
device usb2_wlan_rum
device usb2_wlan_ral
device usb2_wlan_zyd
# USB serial device support
device usb2_serial
device usb2_serial_ark
device usb2_serial_bsa
device usb2_serial_bser
device usb2_serial_chcom
device usb2_serial_cycom
device usb2_serial_foma
device usb2_serial_ftdi
device usb2_serial_gensa
device usb2_serial_ipaq
device usb2_serial_lpt
device usb2_serial_mct
device usb2_serial_modem
device usb2_serial_moscom
device usb2_serial_plcom
device usb2_serial_visor
device usb2_serial_vscom
# USB bluetooth support
device usb2_bluetooth
device usb2_bluetooth_ng
# USB input device support
device usb2_input
device usb2_input_hid
device usb2_input_kbd
device usb2_input_ms
# USB sound and MIDI device support
device usb2_sound
2) To enable the driver at runtime:
2.a) Unload all existing USB modules. If USB is compiled into the
kernel then you might have to build a new kernel.
2.b) Load the "usb2_xxx.ko" modules under /boot/kernel having the same
base name like the kernel device option.
Submitted by: Hans Petter Selasky hselasky at c2i dot net
Reviewed by: imp, alfred
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
We often run into these very high column numbers when we run curses
applications, because they don't print any newlines. This messes up the
table output of `pstat -t'. If these numbers get really high, they
aren't of any use to the reader anyway. Convert them to `99999' when
they run out of bounds.
one zombie process because it does not do the cleanup. For a long running
NIS/YP server, it will have lots of zombie processes on it. Fix that by
ignoring the SIGCHLD signal since we don't really care about the exit
status in this case.
PR: bin/91980
Reported by: Arjan van der Velde <dj_noresult at hotmail.com>
Submitted by: Jui-Nan Lin" <jnlin at csie.nctu.edu.tw>
Reviewed by: delphij
MFC after: 1 month
selected from the "dists" are all on the current volume. Looks like
xorg won't fit on disc1 for 6.4-REL. Iterate through media volumes
for packages that wind up being selected from the dists section in
addition to the ones that get selected from the packages menu.
MFC after: 2 days
keymap. You can learn some interesting things in the PR database!
PR: conf/124411
Submitted by: Doctor Modiford <freebsd -at- modiford.com>
MFC after: 3 days
the user selected and then recursively installing their dependencies, finally
installing the ones the user selected after the recursion unwinds. Since
users often select "high-level" packages that are on a higher numbered
disc for the multi-volume release CDROMS this resulted in excessive disc
swapping while installing things like kde, gnome, etc.
Cut down on disc swapping by iterating through the disc volumes one at a
time if we notice the package set is on multiple volumes. If a package
is on a higher volume don't install it yet, but still "process it" so we
get its dependencies installed. Because of the way the package sets for
releases get assembled we're guaranteed dependencies will be on the same
volume or lower.
Reviewed by: jhb
MFC after: 1 week
messages from the network. We already replace malformatted timestamps
and this option lets us replace timestamps that are correctly formatted
but wrong.
PR: 120891
Submitted by: Thomas Vogt <thomas@bsdunix.ch>
MFC after: 1 week
One of the features that prevented us from fixing some of the TTY
consumers to work once again, was an interface that allowed consumers to
do the following:
- `Sniff' incoming data, which is used by the snp(4) driver.
- Take direct control of the input and output paths of a TTY, which is
used by ng_tty(4), ppp(4), sl(4), etc.
There's no practical advantage in committing a hooks layer without
having any consumers. In P4 there is a preliminary port of snp(4) and
thompsa@ is busy porting ng_tty(4) to this interface. I already want to
have it in the tree, because this may stimulate others to work on the
remaining modules.
Discussed with: thompsa
Obtained from: //depot/projects/mpsafetty/...
control over the result of buildworld and installworld; this especially
helps packaging systems such as nanobsd
Reviewed by: various (posted to arch)
MFC after: 1 month
A very long time ago we had raw device nodes. quot(8) was supposed to
use these when running `quot -a'. For some reason the code got once
changed to strip the device name until it reaches the last slash. This
is not reliable, because this means /dev/mirror/foo will be stripped to
/dev/foo.
This bug also exists on RELENG_7 and RELENG_6, but I think I'll just
merge them back somewhere after the upcoming releases. There's no rush.
MFC after: 2 months
- When searching for the next system drive, return the next one instead
of always returning the first one.
- Plug fd lead and make sure that the MLX_NEXT_CHILD ioctl is called
on the controller fd, not the disk's one.
While there, fix a cut-n-pase error in a warning.
Reviewed by: jhb
Approved by: kan (mentor)
MFC after: 1 month
The old logic padded the device name out but assumed the unit number was one digit
long; this fails for things like SATA devices which (for me) begin at ad10.
Assemble the full device name in a temporary buffer and then calcluate padding
based on that string.
- Documentation of send_phy_config()
- cleanup of malloc's() and added error checking throughout
- new capability to iterate over multiple firewire buses
- update usage() display
- cleanup command line parsing to allow out of order switches
- cleanup command line parsing to allow multiple switches per invocation
- cleanup grammar of man page a bit
- add some ranges to the man page to indicate what values are valid
Since fwcontrol's code is the same across 6/7/head this can be
applied to all branches after the MFC period.
Reviewed by: Dieter freebsd@sopwith.solgatos.com
Approved by: mentor Scott scottl@samsco.org
MFC after: 60 days
duplication of code in fdisk and boot0cfg. Also make use of g_providername to
fix an issue with fdisk and boot0cfg not using the correct provider when
writing the MBR.
Reviewed by: phk
Approved by: pjd (mentor)
Should fix the current weirdness in ntpd/ntpdate where the current system
time is not read/updated.
Submitted by: naddy
MFC after: 2 weeks
Pointy hat to: me
sntp includes a copy of libopts in itself in vendor code, rewrite the
Makefile to compile and use only one copy. It is an internal library, not
installed.
MFC after: 2 weeks
tape have been broken for quite a while, and I'll be removing the rest
of sysinstall's knowledge of tapes shortly. I'm doing this piece now
because I want to switch from gnu's cpio to bsdcpio being integrated
into the installation environment and bsdcpio doesn't seem to handle
block sizes at all.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:
- Improved driver model:
The old TTY layer has a driver model that is not abstract enough to
make it friendly to use. A good example is the output path, where the
device drivers directly access the output buffers. This means that an
in-kernel PPP implementation must always convert network buffers into
TTY buffers.
If a PPP implementation would be built on top of the new TTY layer
(still needs a hooks layer, though), it would allow the PPP
implementation to directly hand the data to the TTY driver.
- Improved hotplugging:
With the old TTY layer, it isn't entirely safe to destroy TTY's from
the system. This implementation has a two-step destructing design,
where the driver first abandons the TTY. After all threads have left
the TTY, the TTY layer calls a routine in the driver, which can be
used to free resources (unit numbers, etc).
The pts(4) driver also implements this feature, which means
posix_openpt() will now return PTY's that are created on the fly.
- Improved performance:
One of the major improvements is the per-TTY mutex, which is expected
to improve scalability when compared to the old Giant locking.
Another change is the unbuffered copying to userspace, which is both
used on TTY device nodes and PTY masters.
Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.
Obtained from: //depot/projects/mpsafetty/...
Approved by: philip (ex-mentor)
Discussed: on the lists, at BSDCan, at the DevSummit
Sponsored by: Snow B.V., the Netherlands
dcons(4) fixed by: kan
Remove pw_getrand() unneded now: arc4random_uniform() is stronger then
pw_getrand()'s MD5 tricks (inactive) and its active version, mixing
arc4random() bytes in one, not make things better at all.
Now we have a single /dev/snp device node, which can be opened by
watch(8) multiple times. Even though snp(4) will be dead as of next
week, it's nice having this in SVN, because:
- We may want to MFC it to RELENG_7.
- By the time we fix snp(4) again, it's already there, existing watch(8)
binaries should already work.
Just like bpf(4), I'm adding a symlink from snp0 to snp to remain binary
compatible.
features of CPUs like reading/writing machine-specific registers,
retrieving cpuid data, and updating microcode.
- Add cpucontrol(8) utility, that provides userland access to
the features of cpuctl(4).
- Add subsequent manpages.
The cpuctl(4) device operates as follows. The pseudo-device node cpuctlX
is created for each cpu present in the systems. The pseudo-device minor
number corresponds to the cpu number in the system. The cpuctl(4) pseudo-
device allows a number of ioctl to be preformed, namely RDMSR/WRMSR/CPUID
and UPDATE. The first pair alows the caller to read/write machine-specific
registers from the correspondent CPU. cpuid data could be retrieved using
the CPUID call, and microcode updates are applied via UPDATE.
The permissions are inforced based on the pseudo-device file permissions.
RDMSR/CPUID will be allowed when the caller has read access to the device
node, while WRMSR/UPDATE will be granted only when the node is opened
for writing. There're also a number of priv(9) checks.
The cpucontrol(8) utility is intened to provide userland access to
the cpuctl(4) device features. The utility also allows one to apply
cpu microcode updates.
Currently only Intel and AMD cpus are supported and were tested.
Approved by: kib
Reviewed by: rpaulo, cokane, Peter Jeremy
MFC after: 1 month
non-matching index lines. This fixes a bug where bogus warnings would
be printed file has the wrong file flags AND has been updated by
FreeBSD Update.
Reported by: Royce Williams
dump or minidump). When the script is run, it generates a text file
containing the output of several commands run againt the core dump such
as kgdb (stack trace), ps, netstat, vmstat, iostat, dmesg, and fstat.
Obtained from: Yahoo!
MFC after: 2 weeks
version of freebsd-update, but I took it out when I rewrote everything
and added FreeBSD Update to the base system because I didn't think it
was useful. It turns out that quite a few people liked it and wanted
it back.
Requested by: Royce Williams + others
MFC after: 2 weeks
setting. When the scripts were converted to Bourne shell, this was
removed. The adduser script was changed to use an explicit path for
the pw(8) command so that /usr/sbin did not have to be in the user's
PATH. The rmuser script continued to assume that /usr/sbin was in the
user's path, however. This fixes the rmuser script to use an explicit
path for pw(8) similar to adduser.
MFC after: 2 weeks
sanity check by invoking "pwd_mkdb -C". However, if this failed it
silently returned success. Fix this so it fails the update operation
instead.
MFC after: 1 week
When I ported most applications away from <sgtty.h>, I noticed none of
them were actually using these definitions. I kept them in place,
because I didn't want to touch tools like pstat(8) and stty(1).
In preparation for the MPSAFE TTY layer, remove these definitions. This
doesn't have any impact with respect to binary compatibility (see
tty_conf.c).
We couldn now add an #error to <sys/ioctl_compat.h> when included
outside the kernel. Unfortunately, kdump's mkioctls includes this file
unconditionally.
Approved by: philip (mentor)
The changes to make the option work are already in place, but I missed
the patch hunk that adds it to the getopt() option-handling loop.
Pointy hat: keramida
Approved by: flz
MFC after: 1 week
directory [1]
- add the FILES section to the wpa_supplicant.conf.5 file, so that people
will be able to detect the example configuration file easier. [2]
PR: docs/121821 [2]
Approved by: brooks [1]
MFC after: 3 days
unless explicitly provided by MAILTO= line in crontab. This feature can be
useful in massive hosting environment, where most users do not care about
autogenerated mails.
Setting recipient to null string disables default mails at all.
Approved by: yar
MFC after: 4 weeks
shell (which was the problem with the original implementation) and avoid
letting make see an empty definition (which was the problem with the current
implementation).
- advise to use rc script to SIGHUP mountd
- add information about possiblity of using /prefix network notation [1]
PR: docs/124373
Reviewed by: jhb
Obtained from: NetBSD [1]
MFC after: 3 days
provides the correct semantics for flock(2) style locks which are used by the
lockf(1) command line tool and the pidfile(3) library. It also implements
recovery from server restarts and ensures that dirty cache blocks are written
to the server before obtaining locks (allowing multiple clients to use file
locking to safely share data).
Sponsored by: Isilon Systems
PR: 94256
MFC after: 2 weeks
their [Manufacturer] sections and prevent a case that NDIS_PCI_DEV_TABLE
definition was always emitted that it's only emitted once if a .INF file
is for PCI.
- updating: terminating '\n' is not part of the package origin.
- bump PKG_INSTALL_VERSION to 20080612.
PR: bin/119368 [1], bin/124459 [2]
Submitted by: gcooper [1], Beat Gatzi <beat@chruetertee.ch> [2]
MFC after: 3 days
In the FreeBSD base system, there are only two utilities that use struct
tty, namely pstat and sicontrol. The sicontrol utility calls the
TCSI_TTY ioctl(), which copies struct tty back to userspace.
sicontrol should not have this functionality. The same data is already
provided by pstat. If we really want to be able to export these numbers
through a file descriptor to userspace, we can export struct xtty, which
should provide a better abstraction. The ttystat option was only used as
a debugging aid.
This makes sicontrol compile in the mpsafetty branch.
Reviewed by: peter
Approved by: philip (mentor)
ppp's physical.c is filled with calls to termios. For some reason, it
includes <sys/tty.h>, not <termios.h>. Even though this works with the
current version of FreeBSD, we'd better follow the standards.
Approved by: philip (mentor)
variable in an int to avoid casting to an unsigned value which causes
the comparison with -1 to fail.
PR: 123807
Submitted by: Matthew Luckie
Reviewed by: keramida@
MFC after: 1 week
filling the table of ALTQ queues retrieved from the kernel.
It is possible for the kernel to return the queues not by pa.altq.qid order.
When this happens, pf_snmp would only partially fill its table.
PR: bin/120974
Submitted by: Mykola Dzham <i -at- levsha.org.ua>
MFC after: 3 days
This makes blowfish password hashes look normal when set using
pw(8)/adduser(8). [1]
- Make it possible to have a '/' in the salt.
PR: 121146 [1]
Submitted by: Jaakko Heinonen [1]
Approved by: rwatson (mentor)
MFC after: 1 month
When run without this option, multiple runs of `pkg_create -Rb' will
recreate common packages multiple times. This can take a lot of time
for large packages. With the -n option `pkg_create -b' checks with
stat(2) and skips packages that already exist.
Note that this may *not* be safe of the existing output file is not
really a package, or if it has been corrupted, modified or otherwise
tinkered with between subsequent pkg_create runs. For this and POLA
reasons, the default behavior is to *rebuild* the packages, and the -n
option can be used when we know it is `safe' to run in no-regenerate
mode.
Inspired by: A post to freebsd-questions
by Matthias Apitz < matthias.apitz at oclc.org >
Reviewed by: marcus, flz
Approved by: marcus
MFC after: 2 weeks
parts relied on the now removed NET_NEEDS_GIANT.
Most of I4B has been disconnected from the build
since July 2007 in HEAD/RELENG_7.
This is what was removed:
- configuration in /etc/isdn
- examples
- man pages
- kernel configuration
- sys/i4b (drivers, layers, include files)
- user space tools
- i4b support from ppp
- further documentation
Discussed with: rwatson, re
NET_NEEDS_GIANT. netatm has been disconnected from the build for ten
months in HEAD/RELENG_7. Specifics:
- netatm include files
- netatm command line management tools
- libatm
- ATM parts in rescue and sysinstall
- sample configuration files and documents
- kernel support as a module or in NOTES
- netgraph wrapper nodes for netatm
- ctags data for netatm.
- netatm-specific device drivers.
MFC after: 3 weeks
Reviewed by: bz
Discussed with: bms, bz, harti
Both sysinstall and sade still seem to use the TIOCGSIZE ioctl to obtain
the terminal dimensions. We'd better use TIOCGWINSZ to do this. The
TIOCGWINSZ interface is preferred, because it also allows sizes in pixels
to be passed to the application (though this is not used here).
Approved by: philip (mentor)
difficult. Add a -L option (yet another option, indeed!) which changes the
speed of scrolling and change -U to only affect the scroll threshold.
This should make middle-clicking a much more pleasant experience.
PR: bin/120186
Submitted by: Aragon Gouveia <aragon -at- phat.za.net>
MFC after: 3 days
incorrect and should have been poining to &tty, tp is a virtual
address from the coredump, while we should obtain the address through
the tty struct.
Approved by: imp (mentor, implicit trivial changes)
MFC after: 1 week
Submitted by: Ed Schouten (ed at 80836 dot nl)
This particular implementation is designed to be fully backwards compatible
and to be MFC-able to 7.x (and 6.x)
Currently the only protocol that can make use of the multiple tables is IPv4
Similar functionality exists in OpenBSD and Linux.
From my notes:
-----
One thing where FreeBSD has been falling behind, and which by chance I
have some time to work on is "policy based routing", which allows
different
packet streams to be routed by more than just the destination address.
Constraints:
------------
I want to make some form of this available in the 6.x tree
(and by extension 7.x) , but FreeBSD in general needs it so I might as
well do it in -current and back port the portions I need.
One of the ways that this can be done is to have the ability to
instantiate multiple kernel routing tables (which I will now
refer to as "Forwarding Information Bases" or "FIBs" for political
correctness reasons). Which FIB a particular packet uses to make
the next hop decision can be decided by a number of mechanisms.
The policies these mechanisms implement are the "Policies" referred
to in "Policy based routing".
One of the constraints I have if I try to back port this work to
6.x is that it must be implemented as a EXTENSION to the existing
ABIs in 6.x so that third party applications do not need to be
recompiled in timespan of the branch.
This first version will not have some of the bells and whistles that
will come with later versions. It will, for example, be limited to 16
tables in the first commit.
Implementation method, Compatible version. (part 1)
-------------------------------
For this reason I have implemented a "sufficient subset" of a
multiple routing table solution in Perforce, and back-ported it
to 6.x. (also in Perforce though not always caught up with what I
have done in -current/P4). The subset allows a number of FIBs
to be defined at compile time (8 is sufficient for my purposes in 6.x)
and implements the changes needed to allow IPV4 to use them. I have not
done the changes for ipv6 simply because I do not need it, and I do not
have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.
Other protocol families are left untouched and should there be
users with proprietary protocol families, they should continue to work
and be oblivious to the existence of the extra FIBs.
To understand how this is done, one must know that the current FIB
code starts everything off with a single dimensional array of
pointers to FIB head structures (One per protocol family), each of
which in turn points to the trie of routes available to that family.
The basic change in the ABI compatible version of the change is to
extent that array to be a 2 dimensional array, so that
instead of protocol family X looking at rt_tables[X] for the
table it needs, it looks at rt_tables[Y][X] when for all
protocol families except ipv4 Y is always 0.
Code that is unaware of the change always just sees the first row
of the table, which of course looks just like the one dimensional
array that existed before.
The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign()
are all maintained, but refer only to the first row of the array,
so that existing callers in proprietary protocols can continue to
do the "right thing".
Some new entry points are added, for the exclusive use of ipv4 code
called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(),
which have an extra argument which refers the code to the correct row.
In addition, there are some new entry points (currently called
rtalloc_fib() and friends) that check the Address family being
looked up and call either rtalloc() (and friends) if the protocol
is not IPv4 forcing the action to row 0 or to the appropriate row
if it IS IPv4 (and that info is available). These are for calling
from code that is not specific to any particular protocol. The way
these are implemented would change in the non ABI preserving code
to be added later.
One feature of the first version of the code is that for ipv4,
the interface routes show up automatically on all the FIBs, so
that no matter what FIB you select you always have the basic
direct attached hosts available to you. (rtinit() does this
automatically).
You CAN delete an interface route from one FIB should you want
to but by default it's there. ARP information is also available
in each FIB. It's assumed that the same machine would have the
same MAC address, regardless of which FIB you are using to get
to it.
This brings us as to how the correct FIB is selected for an outgoing
IPV4 packet.
Firstly, all packets have a FIB associated with them. if nothing
has been done to change it, it will be FIB 0. The FIB is changed
in the following ways.
Packets fall into one of a number of classes.
1/ locally generated packets, coming from a socket/PCB.
Such packets select a FIB from a number associated with the
socket/PCB. This in turn is inherited from the process,
but can be changed by a socket option. The process in turn
inherits it on fork. I have written a utility call setfib
that acts a bit like nice..
setfib -3 ping target.example.com # will use fib 3 for ping.
It is an obvious extension to make it a property of a jail
but I have not done so. It can be achieved by combining the setfib and
jail commands.
2/ packets received on an interface for forwarding.
By default these packets would use table 0,
(or possibly a number settable in a sysctl(not yet)).
but prior to routing the firewall can inspect them (see below).
(possibly in the future you may be able to associate a FIB
with packets received on an interface.. An ifconfig arg, but not yet.)
3/ packets inspected by a packet classifier, which can arbitrarily
associate a fib with it on a packet by packet basis.
A fib assigned to a packet by a packet classifier
(such as ipfw) would over-ride a fib associated by
a more default source. (such as cases 1 or 2).
4/ a tcp listen socket associated with a fib will generate
accept sockets that are associated with that same fib.
5/ Packets generated in response to some other packet (e.g. reset
or icmp packets). These should use the FIB associated with the
packet being reponded to.
6/ Packets generated during encapsulation.
gif, tun and other tunnel interfaces will encapsulate using the FIB
that was in effect withthe proces that set up the tunnel.
thus setfib 1 ifconfig gif0 [tunnel instructions]
will set the fib for the tunnel to use to be fib 1.
Routing messages would be associated with their
process, and thus select one FIB or another.
messages from the kernel would be associated with the fib they
refer to and would only be received by a routing socket associated
with that fib. (not yet implemented)
In addition Netstat has been edited to be able to cope with the
fact that the array is now 2 dimensional. (It looks in system
memory using libkvm (!)). Old versions of netstat see only the first FIB.
In addition two sysctls are added to give:
a) the number of FIBs compiled in (active)
b) the default FIB of the calling process.
Early testing experience:
-------------------------
Basically our (IronPort's) appliance does this functionality already
using ipfw fwd but that method has some drawbacks.
For example,
It can't fully simulate a routing table because it can't influence the
socket's choice of local address when a connect() is done.
Testing during the generating of these changes has been
remarkably smooth so far. Multiple tables have co-existed
with no notable side effects, and packets have been routes
accordingly.
ipfw has grown 2 new keywords:
setfib N ip from anay to any
count ip from any to any fib N
In pf there seems to be a requirement to be able to give symbolic names to the
fibs but I do not have that capacity. I am not sure if it is required.
SCTP has interestingly enough built in support for this, called VRFs
in Cisco parlance. it will be interesting to see how that handles it
when it suddenly actually does something.
Where to next:
--------------------
After committing the ABI compatible version and MFCing it, I'd
like to proceed in a forward direction in -current. this will
result in some roto-tilling in the routing code.
Firstly: the current code's idea of having a separate tree per
protocol family, all of the same format, and pointed to by the
1 dimensional array is a bit silly. Especially when one considers that
there is code that makes assumptions about every protocol having the
same internal structures there. Some protocols don't WANT that
sort of structure. (for example the whole idea of a netmask is foreign
to appletalk). This needs to be made opaque to the external code.
My suggested first change is to add routing method pointers to the
'domain' structure, along with information pointing the data.
instead of having an array of pointers to uniform structures,
there would be an array pointing to the 'domain' structures
for each protocol address domain (protocol family),
and the methods this reached would be called. The methods would have
an argument that gives FIB number, but the protocol would be free
to ignore it.
When the ABI can be changed it raises the possibilty of the
addition of a fib entry into the "struct route". Currently,
the structure contains the sockaddr of the desination, and the resulting
fib entry. To make this work fully, one could add a fib number
so that given an address and a fib, one can find the third element, the
fib entry.
Interaction with the ARP layer/ LL layer would need to be
revisited as well. Qing Li has been working on this already.
This work was sponsored by Ironport Systems/Cisco
Reviewed by: several including rwatson, bz and mlair (parts each)
Obtained from: Ironport systems/Cisco
and partition editors to reflect the fact that this is a stand-alone
application, not sysinstall(8).
o Change an instance of sade(8) refering to itself as sysinstall(8) in
a confirmation dialog.
MFC after: 1 week
package name for the origin of a dependency, all entries in /var/db/pkg were
traversed for each dependency of added/removed package. Now, gather all the
origins first, then do the lookup in a single pass over /var/db/pkg.
This should provide a major speedup for packages with hundreds of dependencies.
Submitted by: rdivacky (earlier version)
MFC after: 1 month
doesn't exist, we make a directory and then say "oops, that file isn't
there" leaving the directory behind. Add a stat for the config file
so that we detect this before making the directory. This is
semi-lame, but less lame than having this bug.
I tested this as well as the submitter and couldn't resolve this either,
since I dont want to "announce" dead mirrors, I'll remove it from the
list.
PR: 122567
Submitted by: vs
Approved by: imp (mentor, implicit for trivial changes)
MFC after: 1 week
to detect (or load) kernel NLM support in rpc.lockd. Remove the '-k'
option to rpc.lockd and make kernel NLM the default. A user can still
force the use of the old user NLM by building a kernel without NFSLOCKD
and/or removing the nfslockd.ko module.
user-mode lock manager, build a kernel with the NFSLOCKD option and
add '-k' to 'rpc_lockd_flags' in rc.conf.
Highlights include:
* Thread-safe kernel RPC client - many threads can use the same RPC
client handle safely with replies being de-multiplexed at the socket
upcall (typically driven directly by the NIC interrupt) and handed
off to whichever thread matches the reply. For UDP sockets, many RPC
clients can share the same socket. This allows the use of a single
privileged UDP port number to talk to an arbitrary number of remote
hosts.
* Single-threaded kernel RPC server. Adding support for multi-threaded
server would be relatively straightforward and would follow
approximately the Solaris KPI. A single thread should be sufficient
for the NLM since it should rarely block in normal operation.
* Kernel mode NLM server supporting cancel requests and granted
callbacks. I've tested the NLM server reasonably extensively - it
passes both my own tests and the NFS Connectathon locking tests
running on Solaris, Mac OS X and Ubuntu Linux.
* Userland NLM client supported. While the NLM server doesn't have
support for the local NFS client's locking needs, it does have to
field async replies and granted callbacks from remote NLMs that the
local client has contacted. We relay these replies to the userland
rpc.lockd over a local domain RPC socket.
* Robust deadlock detection for the local lock manager. In particular
it will detect deadlocks caused by a lock request that covers more
than one blocking request. As required by the NLM protocol, all
deadlock detection happens synchronously - a user is guaranteed that
if a lock request isn't rejected immediately, the lock will
eventually be granted. The old system allowed for a 'deferred
deadlock' condition where a blocked lock request could wake up and
find that some other deadlock-causing lock owner had beaten them to
the lock.
* Since both local and remote locks are managed by the same kernel
locking code, local and remote processes can safely use file locks
for mutual exclusion. Local processes have no fairness advantage
compared to remote processes when contending to lock a region that
has just been unlocked - the local lock manager enforces a strict
first-come first-served model for both local and remote lockers.
Sponsored by: Isilon Systems
PR: 95247 107555 115524 116679
MFC after: 2 weeks
shared libraries.
This fixes a problem which resulted in 6.x->7.x upgrades having the
/usr/lib/libpthread.so -> libthr.so symlink missing; what happened was
that the old libpthread.so symlink pointed to /lib/libpthread.so.2 --
which matched the "/lib/*\.so\.[0-9]+" regex -- but the new symlink
didn't, so FreeBSD Update got confused and deleted the symlink as part
of its "remove old shared libraries" step.
To recreate the symlink (which I understand is necessary for ports like
KDE to build) on a 7.x system which FreeBSD Update upgraded from 6.x:
# ln -s libthr.so /usr/lib/libpthread.so
Reported by: Dmitry RCL Rekman
Help diagnosing bug from: kris
MFC after: 7 days
(NAP, GN and PANU). No reason to not to support them.
Separate SDP parameters data structures for the BNEP based profiles.
Generalize Service Availability SDP parameter creation.
Requested by: Iain Hibbert < plunky at rya-online dot net >
MFC after: 3 days
not exist. /etc/rc.d/mixer tried to restore non-existent recording
source because /var/var/db/mixer*-state contains '=rec' for example.
- Remove hardcoded mixer2 and mixer3 and do the right thing.
- Replace getopt(3) with hand-rolled option parser. It was not able
to handle 'mixer -rec mic' although it is a valid command.
- Make '-s' and '-S' mutualy exclusive as mixer(8) says.
- Do not re-read recording source unless it has been modified.
Quoth the man-page:
Fifologs provide a compact round-robin circular storage for recording
text and binary information to permanent storage in a bounded and pre-
dictable fashion, time and space wise.
Not yet connected to the build, but feel free to test & review.
RFCOMM channel if needed. There is really no good reason to not to support
this. AT-command exchange can be faked with chat script in ppp.conf.
MFC after: 1 week
from a group without the need to perform the same operation by replacing
the existing list via the '-M' option. The '-M' option requires someone
to fetch the existing members with pw, deleting the undesired members from
the list and sending the altered list back to pw.
Approved by: wes (mentor)
MFC after: 5 days
find the corresponding AS for that IP (-a switch).
We can also choose a different whois server with the -A switch. The
default is whois.radb.net.
Obtained from: NetBSD
Reviewed by: bms, njl (mentor)
Approved by: njl (mentor)
1) Use [AP]F_LOCAL rather than [AP]F_UNIX.
2) When copying a pipe's name, use f->f_un.f_pipe.f_pname, not f->f_un.f_fname.
PR: 20889
Submitted by: Damieon Stark
PR: 116642
Submitted by: Jim Pirzyk
Reviewed by: md5
for rpcbind(8) to crash.
The crash was due to a boolean variable initialized
improperly. Besides fixing the initialization, pick
a better name for the variable so that its meaning is
clear and no more coding errors appear around it.