Commit Graph

134176 Commits

Author SHA1 Message Date
Doug Barton
1c24b5458d 1. Move the disable-empty-zone stuff down below the first 25 lines so
that the listen-on stuff floats up to the first "page" of text. This
makes it very obvious what's going on so that someone trying to enable
a server for use on a network can easily see how to do that.

2. Change the default behavior back to using a hint zone for the root.

3. Leave the root slave zone config as a commented out example.

4. Remove the B and F root servers from the example at the request of
their operators.

Requested by:	he-who-must-not-be-named [1]
Requested by:	many [2]

Approved by:	re (rwatson)
2007-08-02 09:18:53 +00:00
Bjoern A. Zeeb
4ed3c2ad17 Remove fast_ipsec.4. Was merged in parts to ipsec.4.
Approved by:    re (bmah)
2007-08-02 08:05:56 +00:00
Bjoern A. Zeeb
e0c9263157 Remove the last entries to fast_ipsec.
Merge in parts of the old fast_ipsec.4 man page to ipsec.4 and
start updating ipsec.4 man page.

Reviewed by:	brueffer, sam (slightly earlier versions), bmah
Approved by:	re (bmah)
2007-08-02 08:04:48 +00:00
Bruce A. Mah
409b3a00aa New release note: SA-07:06.tcpdump, SA-07:07.bind.
Approved by:	re (implicitly)
2007-08-02 05:19:08 +00:00
Kevin Lo
0d45c918d2 Add the device ID for the VIA CX700 chipset.
Approved by: re (hrs)
2007-08-02 04:29:19 +00:00
Tai-hwa Liang
d28ab8736f MFP4(123686): Fixing various ancontrol(8) related panics by dropping locks
around copyin()/copyout().

Reviewed by:	sam, thompsa
Tested by:	dhw
Approved by:	re (kensmith)
2007-08-02 02:20:19 +00:00
Colin Percival
607fc5a213 When generating ports INDEX files from downloaded "describes" data, build
an index for FreeBSD 7.x too.

MFC After:	1 week
Approved by:	re (hrs)
2007-08-02 02:05:23 +00:00
Maksim Yevmenkin
acbfc85b17 Call ttyld_close() in nmdmclose() to ensure that nmdm(4)
closes line discipline installed onto /dev/nmdmX device.

Reviewed by:	julian
Approved by:	re (hrs)
MFC after:	3 days
2007-08-01 21:38:11 +00:00
Alexander Motin
d6fe462ac1 Add 64bit statistic counters to the ng_ppp node.
64bit counters are needed to simplify traffic accounting and
reduce system load at the big PPP concentrators.

Approved by:	re (rwatson), glebius (mentor)
2007-08-01 20:49:35 +00:00
Simon L. B. Nielsen
7613322fdb This commit was generated by cvs2svn to compensate for changes in r171682,
which included commits to RCS files with non-trunk default branches.
2007-08-01 20:40:44 +00:00
Simon L. B. Nielsen
faeb38d111 Correct buffer overflow in tcpdump(1).
Security:	FreeBSD-SA-07:06.tcpdump
Security:	CVE-2007-3798
Obtained from:	tcpdump.org
Approved by:	re (security blanket)
2007-08-01 20:40:44 +00:00
Alexander Motin
e89c150775 This patch improves fine-grained locking for the ng_ppp node.
Till now node's transmit path was completely unprotected
and so wasn't thread safe in multilink mode. It's receive path was
declared as WRITER as the simpliest protection method but it
reduces performance when compression or encryption enabled.

Approved by:	re (rwatson), glebius (mentor)
2007-08-01 20:38:37 +00:00
Bernd Walter
1b2d5599a5 declare struct tftphdr and embedded union as beeing packed, which is
required for arm.

Tested on:	arm, i386, amd64
Approved by:	re (rwatson)
MFC after:	1 week
2007-08-01 11:59:09 +00:00
Tim Kientzle
9b93c30d30 Fix for PR bin/115033. This corrects a crash when long options
are specified with the "-W option=arg" syntax and the '=' is omitted.

MFC after: 3 days
Approved by: re (rwatson)
2007-08-01 03:15:35 +00:00
Andrew Thompson
85ce729794 Add a bridge interface flag called PRIVATE where any private port can not
communicate with another private port.

All unicast/broadcast/multicast layer2 traffic is blocked so it works much the
same way as using firewall rules but scales better and is generally easier as
firewall packages usually do not allow ARP blocking.

An example usage would be having a number of customers on separate vlans
bridged with a server network. All the vlans are marked private, they can all
communicate with the server network unhindered, but can not exchange any
traffic whatsoever with each other.

Approved by:	re (rwatson)
2007-08-01 00:33:52 +00:00
Peter Wemm
c4a184bdc4 Change TCPTV_MIN to be independent of HZ. While it was documented to
be in ticks "for algorithm stability" when originally committed, it turns
out that it has a significant impact in timing out connections.  When we
changed HZ from 100 to 1000, this had a big effect on reducing the time
before dropping connections.

To demonstrate, boot with kern.hz=100.  ssh to a box on local ethernet
and establish a reliable round-trip-time (ie: type a few commands).
Then unplug the ethernet and press a key.  Time how long it takes to
drop the connection.

The old behavior (with hz=100) caused the connection to typically drop
between 90 and 110 seconds of getting no response.

Now boot with kern.hz=1000 (default).  The same test causes the ssh session
to drop after just 9-10 seconds.  This is a big deal on a wifi connection.

With kern.hz=1000, change sysctl net.inet.tcp.rexmit_min from 3 to 30.
Note how it behaves the same as when HZ was 100.  Also, note that when
booting with hz=100, net.inet.tcp.rexmit_min *used* to be 30.

This commit changes TCPTV_MIN to be scaled with hz.  rexmit_min should
always be about 30.  If you set hz to Really Slow(TM), there is a safety
feature to prevent a value of 0 being used.

This may be revised in the future, but for the time being, it restores the
old, pre-hz=1000 behavior, which is significantly less annoying.

As a workaround, to avoid rebooting or rebuilding a kernel, you can run
"sysctl net.inet.tcp.rexmit_min=30" and add "net.inet.tcp.rexmit_min=30"
to /etc/sysctl.conf.  This is safe to run from 6.0 onwards.

Approved by:  re (rwatson)
Reviewed by:  andre, silby
2007-07-31 22:11:55 +00:00
Scott Long
5878cbeccf Make the driver fully MPSAFE. This fixes some serious locking problems
that could cause panics and corruption under moderate load.  Many thanks
to Matt Reimer, Tom McDonald, and the rest of the guys at VPOP.net for
their help in identifying and testing this.

Approved by: re
2007-07-31 20:16:50 +00:00
Scott Long
9ab0fe8075 Fix locking mistakes in the error recovery paths of the AHC and AHD drivers.
Approved by: re
2007-07-31 20:11:03 +00:00
Warner Losh
e8b7ad8c05 Add in all the USB devices and all the wireless goo. The KB9202 has
only USB 1.1 speeds available, but this shouldn't hurt.  Now that we have
working usb support for this board, this is a natural followup.

Approved by: re (kensmith)
2007-07-31 17:45:54 +00:00
Warner Losh
3f0fd37320 Make USB work on the KB9202{,A,B} boards. This has been in p4 for about
7 months.  You must have JP6 in the 1-2 position to supply power to the
USB devices, but I've used uftdi, uplcom and umass successfully.  If you
have it in 2-3, then nothing will show up.  Also, if you have the FQPA
packaging for the AT91RM9200 (like the KN9202 boards have), you will get
the following message

uhub0: device problem (IOERROR), disabling port 2

due to a hardware erratum.  It is safe to ignore as it is about pins that
aren't brought out on the FQPA package and aren't proeprly terminated either.
Alas, there's no register to read to tell the FQPA from the BGA versions.

Submitted by: Daan Vreeken
Approved by: re (kensmith)
2007-07-31 17:43:18 +00:00
Olivier Houchard
6308183c5d MFppc:
revision 1.66
date: 2007/07/31 06:23:26;  author: marcel;  state: Exp;  lines: +2 -2
Fix backward compatibility of the "old" (i.e. FreeBSD6) lseek
syscall. It was broken when a new lseek syscall was introduced.
The problem is that we need to swap the 32-bit td_retval values
for the __syscall indirect syscall when the actual syscall has
a 32-bit return value. Hence, we need to exclude lseek(2). And
this means the "old" lseek(2) as well -- which we didn't.

Based on a patch from: grehan@

Approved by:	re (blanket)
2007-07-31 17:09:05 +00:00
Michael Bushkov
3e83e4a3f2 - Getipnodebyname() and getipnodebyaddr() reimplemented through
gethostbyname() and gethostbyaddr() accordingly

Approved by:	re (kensmith), brooks (mentor)
2007-07-31 16:09:41 +00:00
Marcel Moolenaar
8875aa6621 Fix backward compatibility of the "old" (i.e. FreeBSD6) lseek
syscall. It was broken when a new lseek syscall was introduced.
The problem is that we need to swap the 32-bit td_retval values
for the __syscall indirect syscall when the actual syscall has
a 32-bit return value. Hence, we need to exclude lseek(2). And
this means the "old" lseek(2) as well -- which we didn't.

Based on a patch from: grehan@
Approved by: re (rwatson)
2007-07-31 06:23:26 +00:00
Tim Kientzle
9e3fd30bac Two minor nits:
* Allow libarchive_test to compile on Interix again.
  * Track the test name (not just line number) when counting skipped tests.

Thanks to: Joerg Sonnenberger
Approved by: re (blanket; libarchive testing)
2007-07-31 05:03:27 +00:00
Marcel Moolenaar
789943cc81 Enable -Werror for ia64.
Approved by: re (blanket)
2007-07-31 03:15:32 +00:00
David Christensen
990a2aa530 - Fixed a problem that would cause kernel panics and "bce0: discard frame .."
errors (especially when jumbo frames are enabled or in low memory systems)
  because the RX chain was corrupted when an mbuf was mapped to an unexpected
  number of buffers.
- Fixed a problem that would cause kernel panics when an excessively
  fragmented TX mbuf couldn't be defragmented and was released by
  bce_tx_encap().

Approved by:	re(hrs)
MFC after:	7 days
2007-07-31 00:06:04 +00:00
Marcel Moolenaar
cf681ceef5 o Switch to physical addressing before dereferencing the VHPT
bucket pointer. The virtual mapping may not be present in the
  translation cache. This will result in a nested TLB fault at
  a place we don't handle (and don't want to handle).
o Make sure there's a stop after the rfi instruction, otherwise
  its behaviour is undefined.
o Make sure we switch back to virtual addressing before doing
  a rfi. Behaviour is undefined otherwise.

Approved by: re (blanket)
2007-07-30 22:52:52 +00:00
Marcel Moolenaar
ea5e2a02af Add option EXCEPTION_TRACING, which enables KTR-like functionality
for processor interruptions. This is especially useful to track
unexpected nested TLB faults.

Approved by: re (blanket)
2007-07-30 22:42:33 +00:00
Marcel Moolenaar
fe1c66b9d7 Rework the interrupt code and add support for interrupt filtering
(INTR_FILTER). This includes:
o  Save a pointer to the sapic structure and IRQ for every vector,
   so that we can quickly EOI, mask and unmask the interrupt.
o  Add locking to the sapic code now that we can reprogram a
   sapic on multiple CPUs at the same time.
o  Use u_int for the vector and IRQ. We only have 256 vectors, so
   using a 64-bit type for it is rather excessive.
o  Properly handle concurrent registration of a handler for the
   same vector.

Since vectors have a corresponding priority, we should not map
IRQs to vectors in a linear fashion, but rather pick a vector
that has a priority in line with the interrupt type. This is left
for later. The vector/IRQ interchange has been untangled as much
as possible to make this easier.

Approved by: re (blacket)
2007-07-30 22:29:33 +00:00
Marcel Moolenaar
8a2a70cb02 Explicitly map the VHPT on all processors. Previously we were
merely lucky that the VHPT was mapped as a side-effect of
mapping the kernel, but when there's enough physical memory,
this may not at all be the case.

Approved by: re (blanket)
2007-07-30 22:12:53 +00:00
Marcel Moolenaar
c183b0f2c1 Add casts to some of the more commonly used pointer-type atomic
operations. We really should be able to make those inline functions,
but this would break its use for sx_locks.

Approved by: re (blanket)
2007-07-30 22:07:01 +00:00
Andrew Thompson
de75afe64f - Propagate the largest set of interface capabilities supported by all lagg
ports to the lagg interface.
- Use the MTU from the first interface as the lagg MTU, all extra interfaces
  must be the same.

This fixes using a lagg interface for a vlan or enabling jumbo frames, etc.

Approved by:	re (kensmith)
MFC After:	3 days
2007-07-30 20:17:22 +00:00
Nate Lawson
430eaa744e Dynamically choose the quality of the ACPI timer depending on whether
the fast or safe/slow method is in use.  Fast remains at 1000, slow is
now at 850 (always preferred to TSC).  Since the HPET has proven slower
than ACPI-fast on some systems, drop its quality to 900.  In the future,
it is hoped that HPET performance will improve as it is the main
timer Intel supports.  HPET may move back to 2000 in -current once RELENG_7
is branched to ensure that it gets tested.

Approved by:	re
2007-07-30 15:21:26 +00:00
Dag-Erling Smørgrav
218cbbea9a Make tcpstates[] static, and make sure TCPSTATES is defined before
<netinet/tcp_fsm.h> is included into any compilation unit that needs
tcpstates[].  Also remove incorrect extern declarations and TCPDEBUG
conditionals.  This allows kernels both with and without TCPDEBUG to
build, and unbreaks the tinderbox.

Approved by:	re (rwatson)
2007-07-30 11:06:42 +00:00
Bruce A. Mah
ef2c8992b5 Update the MPSAFE network stack note to reflect recent realities.
Approved by:	re (implicitly)
2007-07-29 23:07:12 +00:00
David Malone
c848e0de55 Mfi386 revision 1.239 of src/sys/i386/isa/clock.c. Seemingly some
pc98 motherboards do not provide us with the correct day of week
either. Ignore the day of week when setting the clock here too.

Approved by:	re (bmah)
Requested from:	nyan
MFC after:	3 weeks
2007-07-29 20:16:48 +00:00
Bruce A. Mah
e251d2f4f6 Fix a typo in a log message: s/Reveived/Received/.
Approved by:	re (rwatson)
2007-07-29 20:13:22 +00:00
Warner Losh
1dfb823e11 Add missing newline in printf.
Submitted by:  "R.Mahmatkhanov" cvs-src at yandex ru
Approved by: re (blanket)
2007-07-29 18:16:43 +00:00
Marcel Moolenaar
7f67bed625 In pci_alloc_map(), restore the original value of the BAR for
the duration of the function.  The device we would otherwise
have left in an useless state may just as well be the low-level
console. When booting verbose, we do need it addressable if we
want to avoid a MCA.

Approved by: re (kensmith)
2007-07-29 02:44:41 +00:00
Matt Jacob
24face5416 Fix compilation problems- tcpstates is only available if TCPDEBUG
is set.

Approved by:	re (in spirit)
2007-07-29 01:31:33 +00:00
Marcel Moolenaar
f235995090 Print integer-typed arguments as integers. This makes sure that
on 64-bit platforms the result is more reliable. For example,
-1 was previously printed as 0xffffffff.

Approved by: re (kensmith)
2007-07-28 23:18:39 +00:00
Marcel Moolenaar
2c02627ff8 Fix handling of Quad-type arguments. Previously, syscalls
containing 64-bit arguments would have explicit padding.
On 64-bit platforms there was no padding, so the dummy
argument was not covering anything. On 32-bit platforms
with weak alignment (i.e. i386) the 64-bit argument did
not need to be aligned, so there too an aditional argument
was introduced. On 32-bit platforms with strong alignment
(i.e. PowerPC) the dummy argument in fact cover the padding.
By elimininating the dummy argument, 64-bit platforms now
have 1 argument less. This also applies to 32-bit platforms
with weak alignment. On PowerPC this doesn't matter, because
the padding is still there. We just don't "name" it.
Deal with those 3 cases.

Approved by: re (kensmith)
2007-07-28 23:15:04 +00:00
Marcel Moolenaar
3e1b607837 Syscalls have at most 6 argument, not 5. See mmap(2) for example.
Previously the offset argument to mmap(2) would be bogus as we
weren't reading it in.

Approved by: re (kensmith)
2007-07-28 23:00:42 +00:00
Mike Silbersack
e3020cfd3c Fix a panic introduced in rev 1.126.
Approved by: re (rwatson)
2007-07-28 20:13:40 +00:00
Marcel Moolenaar
c44b9f1811 Fix acpidump(8) on ia64. Revision 1.13 introduced an uninitialized
variable bug that's hidden by the precense of the hint_acpi_0_rsdp
hint on 386 and amd64. There's never a need for such hint on ia64.

Approved by: re (kensmith)
2007-07-28 17:46:04 +00:00
Joseph Koshy
c73743b6ce Cross-reference the correct manual page.
Approved by:	re (bmah)
2007-07-28 15:35:03 +00:00
Andre Oppermann
773673c133 Provide a sysctl to toggle reporting of TCP debug logging:
sys.net.inet.tcp.log_debug = 1

It defaults to enabled for the moment and is to be turned off for
the next release like other diagnostics from development branches.

It is important to note that sysctl sys.net.inet.tcp.log_in_vain
uses the same logging function as log_debug.  Enabling of the former
also causes the latter to engage, but not vice versa.

Use consistent terminology in tcp log messages:

 "ignored" means a segment contains invalid flags/information and
   is dropped without changing state or issuing a reply.

 "rejected" means a segments contains invalid flags/information but
   is causing a reply (usually RST) and may cause a state change.

Approved by:	re (rwatson)
2007-07-28 12:20:39 +00:00
Andre Oppermann
cdaf208d09 o Move setting/resetting logic of syncache timer from macro
SYNCACHE_TIMEOUT to new function syncache_timeout().
o Fix inverted timeout callout engagement logic to actually
  enable the timer for the bucket row.  Before SYN|ACK was
  not retransmitted.
o Simplify SYN|ACK retransmit timeout backoff calculation.
o Improve logging of retransmit and timeout events.
o Reset timeout when duplicate SYN arrives.
o Add comments.
o Rearrange SYN cookie statistics counting.

Bug found by:	silby
Submitted by:	silby (different version)
Approved by:	re (rwatson)
2007-07-28 12:02:05 +00:00
Andre Oppermann
19bc77c549 o Move all detailed checks for RST in LISTEN state from tcp_input() to
syncache_rst().
o Fix tests for flag combinations of RST and SYN, ACK, FIN.  Before
  a RST for a connection in syncache did not properly free the entry.
o Add more detailed logging.

Approved by:	re (rwatson)
2007-07-28 11:51:44 +00:00
Robert Watson
c6b2899785 Replace references to NET_CALLOUT_MPSAFE with CALLOUT_MPSAFE, and remove
definition of NET_CALLOUT_MPSAFE, which is no longer required now that
debug.mpsafenet has been removed.

The once over:	bz
Approved by:	re (kensmith)
2007-07-28 07:31:30 +00:00