Commit Graph

67567 Commits

Author SHA1 Message Date
markm
14227a41e2 Damn. The previous mega-commit was incomplete WRT ANSIfication. This
fixes that.
2001-11-30 22:28:07 +00:00
markm
57acab063b After running "make unifdef", commit the result. This code is now
a complete subset of the crypto (master) code.
2001-11-30 22:09:10 +00:00
markm
b72e252a01 After running a "make unifdef", commit the resultant diffs.
This code is now a complete sunset of the crypto (master) code.
2001-11-30 22:03:20 +00:00
rwatson
eb2bfb8b51 o Update sysctl.8 to reflect renaming of various security-related
sysctls, and to introduce new ones.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 21:55:22 +00:00
markm
33f349996f Invoke the new 'unifdef:' target, and make this lib a complete subset
of the crypto (master) code.
2001-11-30 21:55:10 +00:00
rwatson
aa8360c1cd o Introduce kern.security.bsd.unprivileged_read_msgbuf, which allows
the administrator to restrict access to the kernel message buffer.
  It defaults to '1', which permits access, but if set to '0', requires
  that the process making the sysctl() have appropriate privilege.
o Note that for this to be effective, access to this data via system
  logs derived from /dev/klog must also be limited.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 21:40:52 +00:00
bmah
368db57be1 New release note: send-pr(1) -a (+ MFC).
MFC noted:  Increased TCP sndspace/rcvspace defaults.
2001-11-30 21:37:25 +00:00
markm
3962485896 Diff-reduce WRT src/secure/*telnet*/Makefile.
Also, add an "unifdef:" target, so that the telnet sources can
be remade from the crypto sources in src/crypto/telnet.
2001-11-30 21:34:51 +00:00
dillon
cbc4eaa756 The transmit burst limit for newreno completely breaks TCP's performance
if the receive side is using delayed acks.  Temporarily remove it.

MFC after:	0 days
2001-11-30 21:33:39 +00:00
rwatson
68b9d3708b o Further sysctl name simplification, generally stripping 'permitted',
using '_'s more consistently.

Discussed with:	bde, jhb
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 21:33:16 +00:00
markm
a9aad3d379 Style clean-up, and diff-reduce WRT src/secure/*telnet*/Makefile
Lost in this commit - KerberosIV compatability. This will be
re-added later.
2001-11-30 21:14:44 +00:00
markm
a89901d81e Style clean-up, and diff-reduce WRT src/secure/*/telnet/Makefile 2001-11-30 21:12:31 +00:00
markm
7f33af3e59 Clean up makefiles, and turn on WARNS=2. Take into account the telnet
#if cleanup.
2001-11-30 21:10:58 +00:00
markm
4be6f18d14 Forced commit.
This file was taken from the Heimdal implementation of Kerberos 5, done
by KTH.
2001-11-30 21:09:11 +00:00
markm
19fd256fae Very large style makeover.
1) ANSIfy.
2) Clean up ifdefs so that
   a) ones that never/always apply are appropriately either
      fully removed, or just the #if junk is removed.
   b) change #if defined(FOO) for appropiate values of FOO.
      (currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff

This code can now be unifdef(1)ed to make non-crypto telnet.
2001-11-30 21:06:38 +00:00
rwatson
e92874bd10 o Move current inhabitants of kern.security to kern.security.bsd, so
that new models can inhabit kern.security.<modelname>.
o While I'm there, shorten somewhat excessive variable names, and clean
  things up a little.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 20:58:31 +00:00
rwatson
a0b8ba62fd o Improve consistency of style by fixing tabs around _PATH_AUTHCONF. 2001-11-30 16:25:09 +00:00
rwatson
e5f733cc4d o Introduce _PATH_CAPABILITY and _PATH_CAPABILITY_DB to the system
path set.  These files will hold per-user capability information.

Obtained from:	TrustedBSD Project
Submitted by:	tmm
2001-11-30 16:24:20 +00:00
iwasaki
77d826cd41 Add a couple of minor changes.
- set sc->acpi_s4bios to 1 by default for hibernation until
   OS-initiated S4 transition is implemented.
 - change the behavior of acpi_sleep_state_sysctl() if new value is
   the same as old one, do nothing instead of EINVAL.
2001-11-30 16:06:00 +00:00
rwatson
523aaa204d Use 'mkdir -p /.attribute/system' instead of breaking it into
two seperate mkdir targets.

Submitted by:	jedgar
2001-11-30 15:32:07 +00:00
rwatson
df873c5111 Use 'mkdir -p /.attribute/system' instead of breaking it into
two seperate mkdir targets.
2001-11-30 15:21:20 +00:00
rwatson
3014016ccd README.extattr incorrectly specified sample command lines for
UFS_EXTATTR_AUTOSTART.  Insert the missing 'initattr' arguments
to extattrctl.

Noticed by:	green
2001-11-30 15:15:27 +00:00
brian
bf75c90bd9 Pay attention to failures to SIOCAIFADDR and SIOCDIFFADDR. 2001-11-30 14:01:21 +00:00
brian
6423ccba92 Don't provide an RTA_GATEWAY sockaddr when we write RTM_CHANGE messages
to the routing socket.

The local address on a point-to-point interface is not actually a
gateway address - despite it appearing in the second column of
netstat -r's output.  Providing a gateway to an RTM_CHANGE will
currently change the route's interface so that it's using the
specified gateway - not what we want.

Patiently explained to me by:	ru
2001-11-30 14:01:20 +00:00
brian
496e7d9901 Add some DEBUG logging to tell us when interface addresses are being
added and removed
2001-11-30 14:01:18 +00:00
brian
0c6aed3bcb During SIOCAIFADDR, if in_ifinit() fails and we've already added an
interface address, blow the address away again before returning the
error.

In in_ifinit(), if we get an error from rtinit() and we've also got
a destination address, return the error rather than masking EEXISTS.
Failing to create a host route when configuring an interface should
be treated as an error.
2001-11-30 14:00:55 +00:00
phantom
c1418d2e44 Merge NetBSD's changes from netbsd_strtod.c in preparation of
removing it from our source tree in order to have one version
of strtod() for all arches. netbsd_strtod.c still left in source
tree until alpha folks make sure that our native strtod() works
as well as NetBSD's one.

Reviewed by: peter, bde (some time ago)
2001-11-30 12:48:30 +00:00
peter
fb393518f4 cpuid bit 30 is 'IA64', for when you're running in i386 mode on an ia64
cpu.  (This is for either userland apps running in i386 mode on an ia64
OS, or when the cpu is in i386 legacy mode running an i386 OS).
2001-11-30 11:57:23 +00:00
cjc
5b52488acf Make the error messaging more helpful.
PR:		31483
Approved by:	iwasaki, ru
MFC after:	4 days
2001-11-30 11:35:01 +00:00
ru
cfe5212a8b - Make ip_rtaddr() global, and use it to look up the correct source
address in icmp_reflect().
- Two new "struct icmpstat" members: icps_badaddr and icps_noroute.

PR:		kern/31575
Obtained from:	BSD/OS
MFC after:	1 week
2001-11-30 10:40:28 +00:00
dfr
dedc5f403f * Don't use critical_enter/critical_exit when accessing the VHPT - its
pointless and would be inadequate for SMP systems. We will rely on the
  VM system's locks to serialise this for now.
* Change pmap_remove() so that if the range being removed is larger than
  the number of pages mapped by the pmap, we iterate over the currently
  mapped pages instead of over the virtual address range. This should
  make a difference when removing large virtual address ranges from an
  address space.
2001-11-30 10:07:54 +00:00
ache
b75f309317 Properly classify 0x80 - 0xa0 range 2001-11-30 07:19:21 +00:00
logo
821a895012 Spelling error: dependant -> dependent
PR
2001-11-30 07:18:23 +00:00
ache
04591e7260 Add 0x98 to CONTROL section 2001-11-30 07:10:08 +00:00
alfred
5b71594d40 Back out my 'fix', resid is different for strategy than for write 2001-11-30 06:24:34 +00:00
fenner
5f34351719 Implement several of the c99 updates to printf(3):
- New length modifiers: hh, j, t, z.
 - New flag: '.  Note that %'f is not yet implemented.
 - Use "inf"/"nan" for efg formats, "INF"/"NAN" for EFG formats.
 - Implemented %q in terms of %ll; if "quad_t" is not "long long"
   %q will break.

Still to do:
 - %C, %S, %lc, %ls (wide character support)
 - %'f (thousands in integer portion of %f)
 - %a/%A (exact hex representation of floating-point numbers)

Garrett Wollman wrote the first version of the vfprintf.c update;
Mike Barcroft wrote the first version of the printf.3 changes.
2001-11-30 06:12:15 +00:00
alfred
5dc107c993 Make the same fix for writes to RAW objects. 2001-11-30 05:59:47 +00:00
alfred
5ff0e015df write should return the number of bytes written, not 0 on success.
Submitted by: Jonathan Mini <mini@haikugeek.com>
PR: kern/32350
2001-11-30 05:54:30 +00:00
ache
2ed59f2ae6 Clarify isblank range 2001-11-30 05:39:08 +00:00
ache
711ce9931d Start every data line with keyword 2001-11-30 05:24:09 +00:00
ache
4d94472f05 Cleanup: cosmetique, standards conformance, BLANK/SPACE/GRAPH relation 2001-11-30 05:05:53 +00:00
ache
cf42fb123c Clarify valid isspace() range 2001-11-30 02:01:32 +00:00
ache
674e803e5c Clean DIGIT/XDIGIT sections 2001-11-30 01:22:01 +00:00
bsd
04a3a965ed killall operates on all processes owned by the real uid, not the
effective uid.

MFC after:	3 days
2001-11-30 00:30:28 +00:00
luigi
b77de76e8d Per jlemon request, reintroduce some printf() when an
mbuf allocation fails, and fix (i hope) a couple of style bugs.

I believe these printf() are extremely dangerous because now they can
occur on every incoming packet and are not rate limited. They were
meant to warn the sysadmin about lack of resources, but now they
can become a nice way to panic your system under load.

Other drivers (e.g. the fxp driver) have nothing like this.

There is a pending discussion on putting this kind of warnings
elsewhere, and I hope we can fix this soon.
2001-11-29 23:47:47 +00:00
bmah
0d492b7392 Reword pciconf(8) -v release to be a little more useful (now that I
understand what it does), move it to the userland section, and note MFC.
2001-11-29 23:41:14 +00:00
bmah
73cff1f173 New release notes: ciss driver, sbni driver.
(Hardware list updated accordingly.)
2001-11-29 23:24:41 +00:00
luigi
21d95a8778 For i386 architecture, remove an expensive m_devget() (and the
underlying unaligned bcopy) on incoming packets that are already
available (albeit unaligned) in a buffer.
The performance improvement varies, depending on CPU and memory
speed, but can be quite large especially on slow CPUs. I have seen
over 50% increase on forwarding speed on the sis driver for the
486/133 (embedded systems), which does exactly the same thing.

The behaviour is controlled by a sysctl variable, hw.dc_quick which
defaults to 1. Set it to 0 to restore the old behaviour.

After running a few experiments (in userland, though) I am convinced
that doing the m_devget() is detrimental to performance in almost
all cases.

Even if your CPU has degraded performance with misaligned data,
the bcopy() in the driver has the same overhead due to misaligment
as the one that you save in the uiomove(), plus you do one extra
copy and pollute the cache.

But more often than not, you do not even have to touch the payload,
e.g. when you are forwarding packets, and even in the often-cited
case of NFS, you often end up passing a pointer to the payload to
the disk controller.

In any case, you can play with the sysctl variable to toggle between
the two behaviours, and see if it makes a difference.

MFC-after: 3 days
2001-11-29 22:46:48 +00:00
green
09990be998 Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last
OpenSSH import) declaration and strdup(3)ing a value which is later
free(3)d, rather than letting the system try to free it invalidly.
2001-11-29 21:16:11 +00:00
bmah
209e871ee0 Bring release note on /dev/net into line with reality. 2001-11-29 19:00:16 +00:00