This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.
Sponsored by: sentex.net
hostname rather than an IP. The code was copying the pointer to the
IP address instead of the IP address itself. The bug has existed
ever since ypset was first imported in 1994.
PR: bin/62550
Submitted by: aardvark@saintaardvarkthecarpeted.com
MFC after: 1 week
loading on a particular version of Windows. For example, a .INF file
for a Windows 2000 driver may have an empty [foo.NT.5.1] section which
will be ingored on Win2K (whose .INF parser won't look for sections
decorated with .NT.5.1) in favor of a [foo] section. Likewise, a
WinXP file will have an empty [foo] section which will be ignored in
favor of [foo.NT.5.1].
The problem is, we can handle both Win2K and WinXP drivers, and we
don't want to exclude either one.
As a workaround, we try to pretend we are WinXP by default and search
for sections decorated with .NT.5.1, but if we don't turn up any records,
we assume that maybe we're being fooled by a sabotaged .INF file and
make one more pass looking for undecorated sections instead.
This allows us to parse the .INF files for both the Win2K and the WinXP
Centrino wireless drivers.
I'd give anything for 5 minutes alone in a room with whoever wrote
Microsoft's .INF file parser. Just 5 minutes. That's all.
for storing the "diff -n" output. Some files (eg ports/INDEX,v) are too
big nowadays to fit on the stack.
Submitted by: Stephen Montgomery-Smith <stephen@math.missouri.edu>
if the line doesn't match ^<%d>, then treat it as a regular kernel
printf line. Previously if a kernel printf message started with "<"
it would be interpreted as a log message, often with LOG_EMERG
level. This was triggered by some printfs in sys/dev/aic7xxx/, and
can also happen with the partial lines that result if syslogd cannot
keep up with the rate of arrival of kernel messages.
Reviewed by: dwmalone
MFC after: 1 week
their lines.
Properly discard PCMCIA device declarations. I plan to support
PCMCIA cards, but they don't work yet, and it appears some .INF files
declare both PCI and PCMCIA device instances.
instead of creating them by hand and storing them in the CVS tree. Add
gensnmptree to the bootstrap tools (it is used to generated these files).
This simplifies the update procedure.
Submitted by: ru
return for getopt() and comparing to -1, ditto with fgetc() and EOF,
and using the kg_nice value from <sys/user.h>
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
Reviewed by: obrien, bde (a while back)
Tested lightly on: ppc, i386, make universe
life easier" patch: I doubt this will affect anyone else, but the FreeBSD
Update build code was getting very confused by this.
Approved by: rwatson (mentor)
PR: bin/61087
Extend libsdp(3) API to allow service registration and removal.
Fix uninitialized variable bug in sdpcontrol(8).
Reviewed by: imp (mentor)
No objection: ru
- Unify the conditional assignments section so that architectural
exclusions come first, then options and !options, sorted by the
option name, also in directory order, then architecture specific
sections, sorted by the architecture name, with i386 being a
traditional exception.
Prodded by: bde
keys, don't just do a substring match on "Ndi\Params". Instead, check
explicitly for strings that begin with "Ndi\Params". Why? Because it's
possible to create your own keys with different paths, like
"PROSetNdi\NdiExt\Params" which is what Intel does in their PRO/1000
driver's .INF file.
SRCS to teach make(1) that many .c sources are dependent on it.
This fixes parallel (-j) builds and makes it possible to build
individual .o files separately.
While here, removed PROG from CLEANFILES -- it's taken care of
already by bsd.prog.mk.
When an NFS server is port-scanned nfsd sometimes exits. This has
happened 3 times the last few weeks.
Nfsd has been written to exit when accept(2) fails. Unfortunately
accept can sometimes make a "normal" return with errno ECONNABORTED
and in this case nfsd exits prematurely.
Solution:
Check for ECONNABORTED (and also EINTR, since nfsd uses signals)
and continue.
Submitted by: Bjoern Groenvall <bg@sics.se>
PR: 61084
sequence when machine is started without attached USB mouse. Only do
repeated attempts to re-open device if the usb module has been actually
loaded. Also fix broken logic in doing delays between open attempts - do
delays between attempts, not after each attempt.
Due to previous behaviour being very annoying for notebook owners this
is a good 5.2 MFC candidate.
MFC after: 2 days
very useful .dot files of your netgraph(4) to quickly visualize the
nodes, hooks and edges. An example of this can be found here:
http://people.freebsd.org/~green/sample-netgraph-dot.ps
If anyone would like to refine the output further, please do so.
In fdformat.c a closing parenthesis is at the wrong place. Instead of
adding sizeof _PATH_DEV + 1 to the length of argv[optind], the length of the
string starting (sizeof _PATH_DEV + 1) characters after argv[optind]'s
beginning (accessing junk memory if we jump over the terminating null
character) is passed to malloc().
PR: bin/60026
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
the NTx86 section decoration).
subr_ndis.c: correct the behavior of ndis_query_resources(): if the
caller doesn't provide enough space to return the resources, tell it
how much it needs to provide and return an error.
subr_hal.c & subr_ntoskrnl.c: implement/stub a bunch of new routines;
ntoskrnl:
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
MmMapLockedPages
InterlockedDecrement
InterlockedIncrement
IoFreeMdl
KeInitializeSpinLock
HAL:
KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock
Lastly, correct spelling of "_aullshr" in the ntoskrnl functable.
copyrights to the inf parser files.
Add a -n flag to ndiscvt to allow the user to override the default
device name of NDIS devices. Instead of "ndis0, ndis1, etc..."
you can have "foo0, foo1, etc..." This allows you to have more than
one kind of NDIS device in the kernel at the same time.
Convert from printf() to device_printf() in if_ndis.c, kern_ndis.c
and subr_ndis.c.
Create UMA zones for ndis_packet and ndis_buffer structs allocated
on transmit. The zones are created and destroyed in the modevent
handler in kern_ndis.c.
printf() and UMA changes submitted by green@freebsd.org
and list_verbose(), so don't open /dev/pci read-write. This allows
pciconf -l[v] to work for non-root users, assuming the securelevel is
0 or -1.
Problem experienced by: William Michael Grim <wgrim@siue.edu>
case so that if devices need different initialization, we can key off
this in the rc scripts (currently unused). Also update the man page
which is a 100% duplicate of the rc scripts.
snprintf (buf, size, fmt, buf, etc). This only works by chance with our
libc, but fails (with a truncated string) on e.g. glibc.
Okayed by: sobomax
MFC after: 1 week
/libexec to /mnt2/libexec, and execute /mnt2/rescue/ldconfig to add
the /mnt2/lib and /mnt2/usr/lib library directories. Thanks to John Baldwin
for working to track this down.
Submitted by: jhb
than a char array. Emitting the data as a big char array works fine in
the typical case, where a .sys file may be ~50K in size. Unfortunately,
some .sys files can be several hundred Kbytes in size, or even several
megabytes in size. One extreme case is the Intel centrino wireless
driver, which is 2.4MB. This causes us to emit an ndis_driver_data.h
file that's on the order of 15MB in size, and gcc consumes enormous
amounts of virtual memory while trying to compile it. On my laptop,
with 128MB of RAM and 256MB of swap space, gcc consumed all available
VM and crashed without being able to compile if_ndis.o.
By emitting the array as assembler, we bypass the C compiler and consume
much less memory. I was able to easily test compile if_ndis.ko with the
centrino driver on my laptop after this change.
This is merely a convenience, and should not have any operational effect
on the NDISulator itself.
definitions for more than one device (usually differentiated by
the PCI subvendor/subdevice ID). Each device also has its own tree
of registry keys. In some cases, each device has the same keys, but
sometimes each device has a unique tree but with overlap. Originally,
I just had ndiscvt(8) dump out all the keys it could find, and we
would try to apply them to every device we could find. Now, each key
has an index number that matches it to a device in the device ID list.
This lets us create just the keys that apply to a particular device.
I also added an extra field to the device list to hold the subvendor
and subdevice ID.
Some devices are generic, i.e. there is no subsystem definition. If
we have a device that doesn't match a specific subsystem value and
we have a generic entry, we use the generic entry.
mostly used on 80x25 displays, and the actual window is about ten
characters narrower than that, resulting in the need for horizontal
scrolling. No functional change.
RELENG_5_2 candidate.
needed to be statically populated with device nodes. The first two are no
longer true, which makes the third pretty moot. In fact, we don't seem to
put device node bits into the distribution archives at all anymore.
So..... remove the god-aweful nasty hack that force unmounted devfs during
installation so that static device nodes could land in /dev. Now that the
vnode cleaner handles this case better this isn't strictly needed, but
axeing code in sysinstall is almost always benficial. Thanks to Don Lewis
for pointing out this attribute of sysinstall.
the case where there's an entry in the manufacturer's device list but
no corresponding installation section (and hence no AddReg assignments),
i.e. if dev = find_assign(sname, "AddReg"); returns NULL, then
don't try to dereference dev.
There is a fundamental problem with the handling of .INF files that
contain definitions for multiple devices: right now we dump all the
AddReg sections that we find, but don't distinguish what device they
belong to. This often results in duplicate keys.
Yes, it's what you think it is. Yes, you should run away now.
This is a special compatibility module for allowing Windows NDIS
miniport network drivers to be used with FreeBSD/x86. This provides
_binary_ NDIS compatibility (not source): you can run NDIS driver
code, but you can't build it. There are three main parts:
sys/compat/ndis: the NDIS compat API, which provides binary
compatibility functions for many routines in NDIS.SYS, HAL.dll
and ntoskrnl.exe in Windows (these are the three modules that
most NDIS miniport drivers use). The compat module also contains
a small PE relocator/dynalinker which relocates the Windows .SYS
image and then patches in our native routines.
sys/dev/if_ndis: the if_ndis driver wrapper. This module makes
use of the ndis compat API and can be compiled with a specially
prepared binary image file (ndis_driver_data.h) containing the
Windows .SYS image and registry key information parsed out of the
accompanying .INF file. Once if_ndis.ko is built, it can be loaded
and unloaded just like a native FreeBSD kenrel module.
usr.sbin/ndiscvt: a special utility that converts foo.sys and foo.inf
into an ndis_driver_data.h file that can be compiled into if_ndis.o.
Contains an .inf file parser graciously provided by Matt Dodd (and
mercilessly hacked upon by me) that strips out device ID info and
registry key info from a .INF file and packages it up with a binary
image array. The ndiscvt(8) utility also does some manipulation of
the segments within the .sys file to make life easier for the kernel
loader. (Doing the manipulation here saves the kernel code from having
to move things around later, which would waste memory.)
ndiscvt is only built for the i386 arch. Only files.i386 has been
updated, and none of this is turned on in GENERIC. It should probably
work on pc98. I have no idea about amd64 or ia64 at this point.
This is still a work in progress. I estimate it's about %85 done, but
I want it under CVS control so I can track subsequent changes. It has
been tested with exactly three drivers: the LinkSys LNE100TX v4 driver
(Lne100v4.sys), the sample Intel 82559 driver from the Windows DDK
(e100bex.sys) and the Broadcom BCM43xx wireless driver (bcmwl5.sys). It
still needs to have a net80211 stuff added to it. To use it, you would
do something like this:
# cd /sys/modules/ndis
# make; make load
# cd /sys/modules/if_ndis
# ndiscvt -i /path/to/foo.inf -s /path/to/foo.sys -o ndis_driver_data.h
# make; make load
# sysctl -a | grep ndis
All registry keys are mapped to sysctl nodes. Sometimes drivers refer
to registry keys that aren't mentioned in foo.inf. If this happens,
the NDIS API module creates sysctl nodes for these keys on the fly so
you can tweak them.
An example usage of the Broadcom wireless driver would be:
# sysctl hw.ndis0.EnableAutoConnect=1
# sysctl hw.ndis0.SSID="MY_SSID"
# sysctl hw.ndis0.NetworkType=0 (0 for bss, 1 for adhoc)
# ifconfig ndis0 <my ipaddr> netmask 0xffffff00 up
Things to be done:
- get rid of debug messages
- add in ndis80211 support
- defer transmissions until after a status update with
NDIS_STATUS_CONNECTED occurs
- Create smarter lookaside list support
- Split off if_ndis_pci.c and if_ndis_pccard.c attachments
- Make sure PCMCIA support works
- Fix ndiscvt to properly parse PCMCIA device IDs from INF files
- write ndisapi.9 man page
PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
such that 'ispcvt' can build. Unforunately 'ispcvt' is needed in order for
/etc/rc.d/syscons to run. This fixes the bug where I could not get my
keymap effective at boot.
it returns. This allows it to connect to the server side again, which
has been listening on IPv6 addresses exclusively for more than 2 years.
PR: 59369
(Lite Edition) respectively. These "lite" packages are streamlined to
provide users with the core essentials for each desktop and to fit on the
release disc 1.
Approved by: re (scottl)
permitting the administrator to select a securelevel top operate
at. Include a helpfile summarizing some of the information from
init(8). This allows for explicit configuration of securelevels,
which was previously implicit in Security Profile selection.
Currently, there are no checkboxes for the active securelevel,
because sysinstall's facilities for deriving "current settings"
from rc.conf may use only one variable, not two, and I opted for
the simplest approach at this point.
Approved by: re (scottl)
selection is used to drive two configuration parameters:
(1) Default enable/disable for sshd
(2) Default enable/disable for securelevels
Replace this with an explicit choice to enable/disable sshd. A
follow-up commit will add a configuration option to the Security
post-install configuration menu to set the securelevel in rc.conf
explicitly. This should reduce the level of foot-shooting associated
with accidental enabling of securelevels, make the nature and
implications of the securelevel configuration options more explicit,
as well as make the choice to enable/disable sshd more explicit.
Approved by: re (scottl)
(1) Document the notion of using jail(8) to run "virtual servers" or
just to constrain specific applications. If only running specific
applications, some configuration steps are unnecessary (such as
editing rc.conf).
(2) Add some more subsection headers to break up the bigger chunks of
text.
(3) Clarify the problems associated with applications binding all IP
addresses in the host, and attempt to be more specific about
potential application problems. Document how to force sshd to
bind the the right socket.
(4) Suggest that in a jailed application scenario, you might want to
have the host syslogd listen on the socket in the jail, rather
than running syslogd in the jail.
(5) Catch another reference to /stand/sysinstall.
Approved by: re (bmah implicitly)
check if it's already loaded or compiled into the kernel, and only try to
load it if it isn't.
PR: bin/59368
Submitted by: Jens Rehsack <rehsack@liwing.de>
is possible for an error to occur while trying to log an error, and
this can result in infinite recursion (or at least until we run out
of stack).
Rather than this, we ignore requests to log an error while logging an
error.
PR: 51253
MFC after: 2 weeks
Avoid implicit function calls by adding the proper include files.
Use const char copyright.
Fix some fprint formatting.
In the manual page:
Use the .Pa macro for filenames and locations.
Kill hard setence breaks.
Make use of the .Tn and .Dq macros.
Add some to text to the otherwise blank HISTORY section (taken from CVS).
constants NG_*SIZ that include the trailing NUL byte. This change
is mostly mechanical except for the replacement of a couple of snprintf()
and sprintf() calls with strlcpy.
- simplify by strdup.
- set ai_protocol in hints to TCP.
- g/c FAITH_NS (no description, not maintained for years)
- warn if connection from IPv4 mapped is reached.
- IPV6_V6ONLY if possible.
- unifdef -UFAITH4.
- drop rsh/rlogin support.
- deal with negative return value from wait3.
Obtained from: KAME
- realloc pedant.
- set sin6_scope_id before sending (link-local/multicast) packets
- removed an incorrect comment
- don't age non-gateway host routes.
- not remove global addresses on loopback interface from routing table
by route aging.
Obtained from: KAME
a SEMICOLON token (a newline or semicolon, or one of these preceded
by a comment and/or whitespace). The input stream was switched too
early and the parser was expecting a SEMICOLON in the included file
instead of after the filename in the include directive.
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
Kept alive by: Adam C. Migus <adam@migus.org>
ums module, and allow for up to five attempts to open the device, with
two-second pauses in between, to allow time for USB controllers and
devices to probe and attach. My Gigabyte P4 Titan 848P motherboard has
a total of 15 ports on four hubs hanging off four controllers, and needs
at least half of that ten-second allowance to get ready.
MFC after: 7 days
deraadt NOTE: -I needs to take an arg (there's no way we can take no
arg/an arg with a single option)
- sscanf overrun
- no variable name on prototype.
- u_int32_t may not be u_long.
- skipped non-host route when printing neighbor cache entries.
- valid and preferred lifetimes are unsigned.
- wording.
Obtained from: KAME
- be more picky about argument parsing - like ERANGE.
- use u_long for args, not to lose accuracy/prevent overflow.
- socklen_t audit.
- Add -I (use icmp) option.
- warn if multiple addresses are present for dest.
- no need to pass tz.
- type pedant. check -p range.
- grab hlim from sysctl.
- typo in port number setting.
Obtained from: KAME
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
is specified.
- changed the syntax how to define a policy of a ICMPv6 type and/or a
code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none;
- random cleanup in parser.
- use yyfatal, or return -1 after yyerror.
- deal with strdup() failure.
- permit scope notation in policy string (-P
esp/tunnel/foo%scope-bar%scope/use)
- simplify /prefix and [port].
- g/c some unused symbols.
Obtained from: KAME
no matter where in the directory structure it may be. Use this and the "-k"
flag in the generated gdbinit files so that the "getsyms" function in gdb
requires no user intervention to run and will find every module if they're
in the kernel build's module directory. This is still quite useful for
cases where gdb knows that the path for some modules is /boot/kernel and
others are in the object directory for /usr/src/sys/$ARCH/compile/kernel.
Approved by: grog
a partition size on ia64. It's not true.
o Ask for a mountpoint for EFI partitions as well and check that it
isn't "/".
o On ia64 we may need to add EFI partitions. Make sure we pass the
right arguments to Create_Chunk_DWIM() in that case.
to better deal with the fact that we need an EFI partition and
that we need to have a mountpoint for it.
o When creating a new partition, add EFI to the list of types
the user can select from. This makes it easy to create an EFI.
o Do not include wizard.c on ia64.
o The user cannot create a partition on ia64 that's a multiple of
the cylinder size. We don't have a notion of cyclinders.
o Also allow swap and filesystem partitions outside a freebsd slice.
This is typically the case for GPT.
o Allow chunks of type "whole" to be displayed at the top. This is
to allow a GPT disk to be labeled. We need a slice out of which we
can make partitions, but a GPT disk doesn't have slices. For GPT
disks a chunk of type "whole" can then be used as a placeholder.
depending on namespace pollution in <sys/stat.h> for the declarations of
struct timeval and utimes().
Fixed some style bugs in rev.1.30 and some nearby style bugs (mainly
unsorting and missing or extra blank lines).
Removed a wrong comment that was obtained from NetBSD in rev.1.14. It said
that chflags() reset the times that were set "above" by utimes(), but
utimes wasn't "above" in FreeBSD until rev.1.30, and chflags() does't
actually reset the times.
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.
This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.
Approved By: re (in principle)
Reviewed By: njl, imp
Tested On: i386, amd64, sparc64
Obtained From: NetBSD (if_xname)
names containing glob(3) expressions would appear verbatim in the
output.
If such an mtree file were used by mtree in update mode, wrong things
would happen.
(aka RFC2292bis). Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.
Obtained from: KAME
dcons(4): very simple console and gdb port driver
dcons_crom(4): FireWire attachment
dconschat(8): User interface to dcons
Tested with: i386, i386-PAE, and sparc64.
stdin and stdout instead of relaying the data. Now it is possible
to say:
nghook -e path: hook /usr/local/bin/foo arg1 arg2
and foo will have the hook to path: at file descriptors 0 and 1.
Add an option to specify control messages to be send to the node before
either executing the program or entering the data relay loop.
character 1 byte past the end of cmdline[] when libedit is being used for
input, and avoid writing a null pointer 1 element past the end of margv[].
Reviewed by: gad
