Commit Graph

11143 Commits

Author SHA1 Message Date
wblock
8d4bcb774d Remove mention of minimum password length and upper/lower case checking,
patch supplied by Allan Jude <freebsd@allanjude.com>.  Add xref to
pam_passwdqc(8), where that testing is now done.

PR:		docs/184482
Submitted by:	Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
Reviewed by:	jilles, eadler
MFC after:	3 days
2014-02-14 15:46:06 +00:00
glebius
959dc042be Whenever flowtable lookup fails, we do route lookup and then try to
insert flow entry. During the route lookup the critical section is
exited. It may happen, that after route lookup we will be executed
on an other CPU that already has such flowentry. Before this change
we simply freed the flowentry and returned to ip_output() with
failure.

Actually there is nothing wrong with using previously allocated
flow entry, updating it properly. Thus, make flowentry_insert()
return the new either old fle, and make use of it.

Count reuses as "collisions" and real inserts as "inserts".

Reviewed by:	adrian
Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2014-02-14 10:56:26 +00:00
adrian
323112e764 Reword.
Suggestion:	glebius
2014-02-14 07:43:39 +00:00
adrian
98cb90e335 Don't insert a flowtable entry if the lle isn't yet valid.
Some of the collisions that are occuring are due to flowtable lookups
that succeed but have an invalid lle - typically because the L2 adjacency
lookup hasn't completed.  This would lead to a follow-up insert which
would then fail (ie, collision) and the code would fall through to doing
a slow-path L2/L3 lookup in the netinet/netinet6 code.

This patch simply aborts storing a new flowtable entry if the lle isn't
yet valid.

Whilst I'm here, add a new pcpu counter for the item so the number of
failures can be tracked separately from generic "collisions."

Reviewed by:	glebius
MFC after:	10 days
Sponsored by:	Netflix, Inc.
2014-02-14 00:05:09 +00:00
glebius
02cb746956 Fix world build WITHOUT_PF.
Sponsored by:	Nginx, Inc.
2014-02-12 09:59:48 +00:00
jhb
57d1391321 Expose OBJT_MGTDEVICE VM objects used for GEM/TTM with drm2 as an
explicit object type.

Reviewed by:	kib
MFC after:	1 week
2014-02-11 21:57:37 +00:00
trasz
681aea1f2d Make iscsictl(8) properly handle (optional) semicolons in iscsi.conf,
instead of ignoring them and echoing them to stdout.

Sponsored by:	The FreeBSD Foundation
2014-02-10 15:04:59 +00:00
trasz
5ac128b24d Simplify.
Sponsored by:	The FreeBSD Foundation
2014-02-10 15:03:08 +00:00
trasz
80d1527cef Remove unused variable.
Sponsored by:	The FreeBSD Foundation
2014-02-10 15:02:02 +00:00
trasz
68e8e16a48 Yacc cleanup; no functional changes.
Sponsored by:	The FreeBSD Foundation
2014-02-10 15:01:24 +00:00
joel
8abe91ebd2 mdoc: minor paragraph fixes. 2014-02-08 13:37:02 +00:00
joel
6300af606e Correct example.
Submitted by:    Jason McIntyre <jmc@kerhand.co.uk>
                 Thomas Klausner <wiz@netbsd.org>
2014-02-08 13:29:35 +00:00
glebius
9d7706f9f4 o Revamp API between flowtable and netinet, netinet6.
- ip_output() and ip_output6() simply call flowtable_lookup(),
    passing mbuf and address family. That's the only code under
    #ifdef FLOWTABLE in the protocols code now.
o Revamp statistics gathering and export.
  - Remove hand made pcpu stats, and utilize counter(9).
  - Snapshot of statistics is available via 'netstat -rs'.
  - All sysctls are moved into net.flowtable namespace, since
    spreading them over net.inet isn't correct.
o Properly separate at compile time INET and INET6 parts.
o General cleanup.
  - Remove chain of multiple flowtables. We simply have one for
    IPv4 and one for IPv6.
  - Flowtables are allocated in flowtable.c, symbols are static.
  - With proper argument to SYSINIT() we no longer need flowtable_ready.
  - Hash salt doesn't need to be per-VNET.
  - Removed rudimentary debugging, which use quite useless in dtrace era.

The runtime behavior of flowtable shouldn't be changed by this commit.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2014-02-07 15:18:23 +00:00
dwmalone
ba6351cb42 Let units deal with Gas Mark and Stufe. 2014-02-06 15:55:29 +00:00
bz
ba8b0edcbe Print the MD5 signature information introduced in r221023 in the
TCP statistics output.

MFC after:	3 weeks
2014-02-05 20:43:03 +00:00
jhb
f39931d6d5 Use the DELTA() macro to tidy the server-side interval stats code a bit.
MFC after:	2 weeks
2014-02-05 14:44:59 +00:00
jhb
1df1f0b354 Partially revert r52493 and change client side interval statistics to
report the actual number of RPCs issued, not the theoretical number
that would be issued if all caching was disabled.

Reviewed by:	rmacklem
MFC after:	2 weeks
2014-02-05 14:33:22 +00:00
uqs
0745c80c73 Merge mdocml v1.12.3 into head
MFC after:	2 weeks
2014-02-01 09:27:57 +00:00
brooks
f1b43045b3 Merge from CheriBSD:
commit c1acf022c533c5ae27e0cd556977eafe3f5959eb
Author: Brooks Davis <brooks@one-eyed-alien.net>
Date:   Fri Jan 17 21:46:44 2014 +0000

    Add an option WITHOUT_NCURSESW to suppress building and linking to
    libncursesw.  While wide character support it useful we'd like to
    only need one ncurses library on embedded systems.

MFC after:	4 weeks
Sponsored by:	DARPA, AFRL
2014-01-30 21:08:36 +00:00
imp
9d639789f0 Don't build BSDL dtc if the GPL dtc is enabled. 2014-01-29 05:00:04 +00:00
des
ec79512205 Increase the default (and minimum) buffer size from 4 kB to 16 kB. Also,
propagate the buffer size to libc, which uses a 1 kB buffer by default,
negating any hypothetical benefit of increasing fetch(1)'s buffer size.

MFC after:	3 days
2014-01-28 14:32:04 +00:00
des
2a7e8f70f5 whitespace and bump copyright 2014-01-28 14:29:24 +00:00
sjg
a327d8d253 Merge bmake-20140101 from vendor 2014-01-27 17:47:21 +00:00
jilles
631dcff585 login: Clean up PAM and audit, then exit, on SIGHUP and SIGTERM.
This avoids leaving stale entries in utmpx after the connection is closed on
an open login session. It also allows a clean way (SIGTERM) to forcibly
terminate a user's terminal session.

This does not affect the situation for "hung" processes after the connection
is closed. The foreground process group receives SIGHUP and the tty becomes
inaccessible.

Also replace all use of the obsolete signal() function with sigaction() (not
only the part where it is actually required: SIGHUP and SIGTERM must mask
the other as well when caught).

PR:		misc/183495
Reviewed by:	ed
2014-01-26 22:49:24 +00:00
trociny
f2d92b6efc Bring back r226403, the fix for bin/161526, which was (accidentally?)
reverted in r238896.

PR:		bin/161526
Reported by:	Karli.Sjoberg slu.se
MFC after:	3 days
2014-01-17 21:45:25 +00:00
glebius
e516af2147 Print the ktr(4) format line that caused a failure.
Sponsored by:	Nginx, Inc.
2014-01-17 09:11:44 +00:00
csjp
d34702f4cf Re-work r260800 to include other signals which start with 'I'
such as ILL, INFO etc..

Submitted by:	delphij
MFC after:	2 weeks
2014-01-17 04:16:39 +00:00
csjp
0728e663d0 fix a regression introduced in r237618 that would result in
killall confusing killall -INT with killall -I (interactive
confirmation) which resulted in the wrong signal (TERM)
being delivered to the process(s).

Discussed with:	delphij
MFC after:	2 weeks
2014-01-17 03:30:24 +00:00
jhibbits
e72ca70a74 Add missing EM_PPC64 to e_machine header display.
MFC after:	1 week
2014-01-14 04:28:41 +00:00
jmmv
aae2faca3f Prevent misc_helpers from running as a test.
Do this by generating misc_helpers explicitly, without using the
ATF_TESTS_SH functionality.

While this script is technically an atf-sh test program, it is not intended
to be run as a test and therefore it mustn't end up in the Kyuafile.  Using
ATF_TESTS_SH means that misc_helpers ended up registered in the Kyuafile
and then failed to run as a test.

The alternative would be to supply an explicit Kyuafile from this directory
that lists the known test files, but doing it the way described above will
be easier to maintain.

MFC after:	3 days
2014-01-13 10:47:26 +00:00
jmmv
50adf2d217 Generate and install pkg-config files for atf.
These files are required to get packages in ports to build against atf and
also to get a couple of currently-failing tests to pass.

I'm following the approach already used by the libusb pkg-config files
installed by the system regarding the location and the install rules.

MFC after:	5 days
2014-01-12 21:56:26 +00:00
jilles
5886553bdc find: Allow -type d without statting everything.
fts(3) detects directories even in FTS_NOSTAT mode (so it can descend into
them).

No functional change is intended, but find commands that use -type d but no
primaries that still require stat/lstat calls make considerably fewer system
calls.
2014-01-11 21:12:27 +00:00
melifaro
436cff738f Bump dates in nestat(1) and route(8) man pages.
Fix several small errors introduced by r260524.

Suggested by:	glebius
MFC after:	2 weeks
2014-01-11 09:44:00 +00:00
melifaro
086c3b21c3 Add -4/-6 shorthand for -finet/-finet6 in route(8) and netstat(8).
MFC after:	2 weeks
2014-01-10 23:08:18 +00:00
jilles
e0cca1215b find: Fix two more problems with -lname and -ilname:
* Do not match symlinks that are followed because of -H or -L. This is
  explicitly documented in GNU find's info file and is like -type l.

* Fix matching symlinks in subdirectories when fts changes directories.

Also, avoid some readlink() calls on files that are obviously not symlinks
(because of fts(3) restrictions, not all of them).

MFC after:	1 week
2014-01-05 23:01:28 +00:00
jilles
6f9ebfa0c3 find: Fix -lname and -ilname.
The code did not take into account that readlink() does not add a
terminating '\0', and therefore did not work reliably.

As before, symlinks of length PATH_MAX or more are not handled correctly.
(These can only be created on other operating systems.)

PR:		bin/185393
Submitted by:	Ben Reser (original version)
MFC after:	1 week
2014-01-05 21:44:04 +00:00
kevlo
27b04cbc6f The whois() function is called in a loop so make sure we close the
socket to the whois server before returning.

Obtained from:	OpenBSD
2014-01-04 15:51:52 +00:00
trasz
4d89b7627d Properly document -u and -s.
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2014-01-04 09:57:23 +00:00
melifaro
6fa1852c17 Explicitly free rt_tables to please Coverity.
Reported by:	Coverity
Coverity CID:	1147174
MFC after:	2 weeks
2013-12-31 12:11:48 +00:00
trasz
96d9474866 The devd part never got implemented; remove for now, until someone actually
needs this feature and can talk to me about how it should look like.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2013-12-30 21:06:08 +00:00
trasz
423398bae8 Fix typo.
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2013-12-30 21:04:24 +00:00
glebius
a79cb7b61f Claim copyright since I've almost rewritten this file in r256512. 2013-12-29 19:31:49 +00:00
dfr
1bb9d2a8e0 Generate client sample code which compiles without warnings.
For 'rpcgen -a', generate a makefile where 'make clean all' works.
2013-12-26 11:38:33 +00:00
dim
35d70075c9 In usr.bin/sort/radixsort.c, pop_ls_mt() is only referenced if
SORT_THREADS is defined, so make the whole function conditional, instead
of just the pthread calls in it.

MFC after:	3 days
2013-12-22 20:46:31 +00:00
dim
b8e518528f To avoid having to explicitly test COMPILER_TYPE for setting
clang-specific or gcc-specific flags, introduce the following new
variables for use in Makefiles:

CFLAGS.clang
CFLAGS.gcc
CXXFLAGS.clang
CXXFLAGS.gcc

In bsd.sys.mk, these get appended to the regular CFLAGS or CXXFLAGS for
the right compiler.

MFC after:	1 week
2013-12-22 17:51:33 +00:00
melifaro
b8107b389e Further split kvm(3) and sysctl interfaces for route table printing.
MFC after:	4 weeks
Sponsored by:	Yandex LLC
2013-12-20 12:08:36 +00:00
melifaro
8bd5f6c17c Use more fine-grained kvm(3) symbol lookup: routing code retrieves only
necessary symbols needed per subsystem. Main kvm(3) init is now delayed
as much as possbile. This finally fixes performance issues reported in
kern/167204.
Some non-working code (ng_socket.ko symbol addresses calculation) removed.
Some global variables eliminated.

PR:		kern/167204
MFC after:	4 weeks
2013-12-20 00:17:26 +00:00
pjd
6eb6964b97 If we cannot connect to casperd we don't enter sandbox, but if we can connect
to casperd, but we cannot access the service we need we exit with an error.
This should not happen and just indicates some configuration error which
should be fixed, so we force the user to do it by failing.

Discussed with:	emaste
2013-12-19 00:51:48 +00:00
melifaro
2f0743dad3 Restore corefiles handling via kvm(3).
Found by:	John-Mark Gurney <jmg at funkthat.com>
MFC after:	4 weeks
2013-12-18 20:04:04 +00:00
melifaro
7173e20510 Switch netstat -rn to use standard API for retrieving list of routes
instead of peeking inside in-kernel radix via kget.
This permits us to change kernel structures without breaking userland.
Additionally, this change provide more reliable and faster output.

`Refs` and `Use` fields available in IPv4 by default (and via -W
for other families) were removed. `Refs` is radix-specific thing
which is not informative for users. `Use` field value is handy sometimes,
but a) current API does not support it and b) I'm not sure we will
support per-rte pcpu counters in near future.

Old method of retrieving data is still supported (either by defining
NewTree=0 or running netstat with -A). However, Refs/Use fields are
hidden.

Sponsored by:	Yandex LLC
MFC after:	4 weeks
PR:		kern/167204
2013-12-18 18:25:27 +00:00
dim
e55c003490 Enable llvm's integrated assembler for PowerPC, since it should now be
good enough for typical usage.

Requested by:	rdivacky
MFC after:	1 week
2013-12-16 18:45:21 +00:00
pjd
77418d3b00 Include bsd.own.mk for MK_CASPER to work.
Reported by:	nwhitehorn
2013-12-15 23:49:42 +00:00
pjd
7ffc0434dc Make use of Casper's system.pwd and system.grp services when the -r option
is given to convert uids and gids to user names and group names even when
running in capability mode sandbox.

While here log on stderr when we successfully enter the sandbox.

Sponsored by:	The FreeBSD Foundation
2013-12-15 23:09:05 +00:00
theraven
ade78829a0 Some more cleanups and bug fixes in dtc for property printing / parsing.
Submitted by:	Patrick Wildt
2013-12-12 08:55:24 +00:00
theraven
b1e0fad8f8 Fix the version string in dts emission.
Reported by:	Patrick Wildt
MFC after:	1 week
2013-12-12 08:48:45 +00:00
eadler
7f81f43626 calendar(1): use strlcpy instead of strncpy
use strlcpy instead of strncpy which avoids non-null-termination if the string is MAXPATHLEN bytes or longer.
2013-12-11 14:54:58 +00:00
eadler
501a3fd7bc calendar(1): Add support for #include with absolute paths
Prior to the addition of cpp support into calendar itself
#include </usr/share/calendar/calendar.all>
was a legal construction in a calendar file.

Permit this again
2013-12-10 01:39:22 +00:00
eadler
3fc4115992 Per the resolution of POSIX bug 0000779 (note 0002050) add support for using 'i'
as a case insensitive flag.

PR:		standards/184641
Requested by:	David A. Wheeler <dwheeler@dwheeler.com>
MFC After:	1 week
2013-12-09 18:57:20 +00:00
delphij
c74f003bc6 Document -q and --quiet as discouraged compatibility option.
Suggested by:	eadler
MFC after:	2 weeks
2013-12-07 07:12:37 +00:00
delphij
464bd55c43 Remove mention of the compatibility option 'q', which is
intentionally undocumented and its only purpose is that
we do not bail out when used as a drop-in replacement of
a different implementation.

PR:		docs/184550
MFC after:	2 weeks
2013-12-07 06:27:54 +00:00
trhodes
0ff7fbf765 Add -F to flush output after each write. With this, I can
set up a pipe and allow a jr user to watch what I'm doing
by running 'script -F pipefile' on it.

While here, spell out the month in the .Dd tag like other
manual pages.
2013-12-05 01:44:24 +00:00
obrien
e0a6206e5d Add missing bits from the vendor's 2005-05-04 change to
contrib/byacc/makefile.in ("add YYPATCH here so it can be tested by
applications") so that applications have a hope of detecting newer
FreeBSD YACC output from an older one.

Submitted by: Juniper Networks
2013-12-04 19:15:56 +00:00
peter
1ccf3e1cc7 Import svn-1.8.5. This contains a user-visible fix for svn:externals
handling (there are no svn:externals in freebsd repo), and two security
fixes for modules that we don't build for the apache http server stack.
2013-11-25 17:52:16 +00:00
eadler
3669971047 Add static where appropriate.
Sync with some of DragonflyBSD's latest cleanups

Reviewed by:	mjg
2013-11-21 21:19:01 +00:00
peter
54b247cceb Change introduction history. 2013-11-20 17:48:38 +00:00
eadler
5e21fc1880 Bump .Dd for recent change 2013-11-18 23:11:42 +00:00
eadler
6d2e922ab9 Indicate which options are extensions to POSIX.
Inspired by:	DragonFlyBSD
2013-11-18 22:53:24 +00:00
pjd
6175f0915f Replace CAP_POLL_EVENT and CAP_POST_EVENT capability rights (which I had
a very hard time to fully understand) with much more intuitive rights:

	CAP_EVENT - when set on descriptor, the descriptor can be monitored
		with syscalls like select(2), poll(2), kevent(2).

	CAP_KQUEUE_EVENT - When set on a kqueue descriptor, the kevent(2)
		syscall can be called on this kqueue to with the eventlist
		argument set to non-NULL value; in other words the given
		kqueue descriptor can be used to monitor other descriptors.
	CAP_KQUEUE_CHANGE - When set on a kqueue descriptor, the kevent(2)
		syscall can be called on this kqueue to with the changelist
		argument set to non-NULL value; in other words it allows to
		modify events monitored with the given kqueue descriptor.

Add alias CAP_KQUEUE, which allows for both CAP_KQUEUE_EVENT and
CAP_KQUEUE_CHANGE.

Add backward compatibility define CAP_POLL_EVENT which is equal to CAP_EVENT.

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2013-11-15 19:55:35 +00:00
ed
97a4a8d823 Fix whitespace. 2013-11-13 20:35:10 +00:00
gjb
7a6ad5e133 Somewhat mimic how the devel/subversion port prepopulates
'Sponsored by:' in the FreeBSD commit template.

Support for this has already existed ^/head/contrib/subversion
but it was not enabled in usr.bin/svn/svn/Makefile.

To use the pre-populated 'Sponsored by:' entry, set ORGANIZATION
in make.conf(5), for example:

    ORGANIZATION=   "The FreeBSD Foundation"

Reviewed by:	peter
Sponsored by:	The FreeBSD Foundation
2013-11-13 05:25:49 +00:00
peter
44efc7cc33 Update svn from 1.8.1 to 1.8.4 - minor security fixes and client side
merge handling bug fixes (reintegrate, mergeinfo etc)
2013-11-11 01:14:58 +00:00
alexey
5922ff81ea - Add myself as port committer and my mentor's relationship.
- Add myself to calendar.freebsd.

Approved:   wg (mentor)
2013-11-10 20:24:41 +00:00
trasz
d6353d6a83 Fix typo in "iscsictl -v".
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2013-11-10 14:18:05 +00:00
eadler
c6b475170c Add missed DPADD
Reported by:	swildner@DragonflyBSD.org
2013-11-09 09:05:50 +00:00
eadler
c56ee6b0c2 Change manual string conversion to expand_number
Reviewed by:	adrian
2013-11-09 08:57:21 +00:00
jmmv
a1626fee63 Build and install the atf tests.
Reviewed by:	freebsd-testing
Approved by:	rpaulo (mentor)
2013-11-08 14:33:41 +00:00
jmmv
627bb4f0bd Subsume the functionality of MK_ATF into MK_TESTS.
There is no reason to keep the two knobs separate: if tests are
enabled, the ATF libraries are required; and if tests are disabled,
the ATF libraries are not necessary.  Keeping the two just serves
to complicate the build.

Reviewed by:	freebsd-testing
Approved by:	rpaulo (mentor)
2013-11-08 14:24:47 +00:00
theraven
9e5215dca2 When writing DTS to a file, don't write some of it to stderr.
Reported by:	ray
2013-11-05 14:07:30 +00:00
markj
81f6143498 Add myself to the calendar. 2013-11-05 03:25:10 +00:00
jmmv
7961c0d893 Add myself to the committers-src list and to the calendar.
Approved by:	rpaulo (mentor)
2013-11-04 11:59:44 +00:00
jilles
4cbf76c868 sh(1),limits(1): Document kqueues (-k) rlimit. 2013-11-01 13:57:30 +00:00
pluknet
1a402f5912 Remove the dependency on procfs.
Reviewed by:	kib
MFC after:	1 week
X-MFC with:	r257430
2013-11-01 10:42:32 +00:00
kib
a326275180 Remove the dependency on procfs. Use sysctl KERN_PROC_PATHNAME and
KERN_PROC_PID to obtain the parent process pathname and command, used
to determine the calling shell.

Submitted by:	Stefan Neudorf
PR:	bin/183484
MFC after:	1 week
2013-10-31 09:29:37 +00:00
kib
a85b22e30b Fix long line and record proper commit message for r257427:
Add the '-k' option for getopt() call and usage.

Submitted by:	Stefan Neudorf
PR:	bin/183494
MFC after:	1 week
2013-10-31 09:03:42 +00:00
kib
91349897a4 The limit for the swap space is spelled 'swapsize', at least since
tcsh 6.17.00 import.

Submitted by:	Stefan Neudorf
PR:	bin/183480
MFC after:	1 week
2013-10-31 08:58:32 +00:00
kib
aca88b700c The limit for the swap space is spelled 'swapsize', at least since
tcsh 6.17.00 import.

Submitted by:	Stefan Neudorf
PR:	bin/183480
MFC after:	1 week
2013-10-31 08:22:29 +00:00
sbruno
538d90d30d revert sign changes to buffers used in invocation of digest_update()
Instead, change arguments of internal function digest_update() to accept
signed char arguments.

Remove MAP_FAILED fallback definition and casts of MAP_FAILED.

Thanks to bde@ for looking over this and doing the code analysis.
2013-10-30 18:40:55 +00:00
trasz
99720b455b Bump .Dd after r257379.
MFC after:	3 days
2013-10-30 11:41:28 +00:00
trasz
b49e1028bf Rename '-h' option to '-p', and use "portal" instead of "host" or "address",
in order to be consistent with iSCSI terminology.  Besides, calling the
option '-h' was just wrong.

This changes usage for newly added iscsictl(8), and two newly added
subcommands to ctladm(8).  This breaks POLA between CURRENT and 10,
but since 10.0 has not been released yet, it's still ok to do.

MFC after:	3 days
Discussed with:	re (glebius)
Sponsored by:	FreeBSD Foundation
2013-10-30 11:38:46 +00:00
glebius
1d28936445 'netstat -i' no longer supports working on a vmcore. 2013-10-30 08:13:42 +00:00
sbruno
cdcf32ccc2 Queisce sign errors by using unsigned char * and casting MAP_FAILED as unsigned
char *

Reviewed by:	brooks@
2013-10-29 20:38:00 +00:00
glebius
b0bc7b1d54 Make userland tools honor WITHOUT_PF build option.
Tested by:	dt71@gmx.com
2013-10-29 17:38:13 +00:00
bapt
aff7767aff Setting WARNS=6 is useless, as it is already the default
Reported by:	Sascha Wildner
2013-10-29 08:55:09 +00:00
bapt
f3553f63ec Change warning level to 6 2013-10-29 08:22:38 +00:00
markj
9d47b50d92 With r247602, the "c" flag is no longer printed as a file descriptor flag.
Reviewed by:	pjd
MFC after:	3 days
2013-10-28 00:20:30 +00:00
kib
734382a525 Add a resource limit for the total number of kqueues available to the
user.  Kqueue now saves the ucred of the allocating thread, to
correctly decrement the counter on close.

Under some specific and not real-world use scenario for kqueue, it is
possible for the kqueues to consume memory proportional to the square
of the number of the filedescriptors available to the process.  Limit
allows administrator to prevent the abuse.

This is kernel-mode side of the change, with the user-mode enabling
commit following.

Reported and tested by:	pho
Discussed with:	jmg
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2013-10-21 16:46:12 +00:00
jilles
909eb57bd4 pathchk: Ensure bytes >= 128 are considered non-portable characters.
This was not broken on architectures such as ARM where char is unsigned.

Also, remove the first non-portable character from the output. POSIX does
not require this, and printing the first byte may yield an invalid byte
sequence with UTF-8.

PR:		bin/165988
Reported by:	Nicolas Rachinsky
2013-10-20 20:10:31 +00:00
peter
5532d94759 Add -K (__FreeBSD_version of kernel) and -U (__FreeBSD_version of userland).
Things like Makefile.inc1 resort to parsing /usr/include/osreldate.h with
awk because this isn't easily available by other means.  The separation
of user and kernel versions is important for jail/chroot environments.
2013-10-15 20:57:40 +00:00
glebius
4abf8ebc71 Rewrite netstat/if.c to use getifaddrs(3) and getifmaddrs(3) instead of
libkvm digging in kernel memory. This is possible since r231506 made
getifaddrs(3) to supply if_data for each ifaddr.

  The pros of this change is that now netstat(1) doesn't know about kernel
struct ifnet and struct ifaddr. And these structs are about to change
significantly in head soon. New netstat binary will work well with 10.0
and any future kernel.

  The cons is that now it isn't possible to obtain interface statistics
from a vmcore.

  Functions intpr() and sidewaysintpr() were rewritten from scratch.

  The output of netstat(1) has underwent the following changes:

1) The MTU is not printed for protocol addresses, since it has no notion.
   Dash is printed instead. If there would be a strong desire to return
   previous output, it is doable.
2) Output interface queue drops are not printed. Currently this data isn't
   available to userland via any API. We plan to drop 'struct ifqueue' from
   'struct ifnet' very soon, so old kvm(3) access to queue drops is soon
   to be broken, too. The plan is that drivers would handle their queues
   theirselves and a new field in if_data would be updated in case of drops.
3) In-kernel reference count for multicast addresses isn't printed. I doubt
   that anyone used it. Anyway, netstat(1) is sysadmin tool, not kernel
   debugger.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2013-10-15 09:55:07 +00:00
glebius
a6aad16bf1 Remove obtained, but never used data.
Found by:	gcc
2013-10-15 09:21:05 +00:00
kevlo
25842b5eb9 Use INADDR_NONE instead of -1 to check inet_addr() result.
Reviewed by:	glebius
2013-10-15 07:37:30 +00:00
rpaulo
650bab0fa9 Remove most of the ATF tools and the _atf user.
This is necessary because ATF is deprecated and it will be replaced by Kyua.

Submitted by:	jmmv@netbsd.org
Reviewed by:	Garrett Cooper
Approved by:	re
2013-10-12 06:06:53 +00:00
des
4ecb899fb0 When displaying a struct stat, if the -r option was not specified,
display the numeric rather than symbolic representation of st_mode.

Approved by:	re (glebius)
MFC after:	1 week
2013-10-07 11:23:01 +00:00
nwhitehorn
91400d13ad Disable use of compiler atomic builtins. For APR, this is limited to
architectures where they are known not to work. For SVN itself, use
the least common denominator and disable them across the board. This
allows svnlite to build and run on all FreeBSD architectures.

Approved by:	re (gjb)
2013-10-04 18:27:02 +00:00
joel
1906ec25d3 mdoc: remove EOL whitespace.
Approved by:	re (blanket)
2013-10-04 16:44:24 +00:00
des
122944f492 Odds and ends left over from BIND and unnoticed because they didn't
affect 'make universe'.

Approved by:	re (gjb)
2013-10-01 07:19:23 +00:00
rene
6f943e48c0 Update the Dutch calendar entries:
- prince Johan Friso passed away in 2013
- correct status of queen Maxima and crown princess Catharina-Amalia
- language fixes

Approved by:	remko (mentor)
Approved by:	re (gjb)
MFC after:	3 days
2013-09-30 20:49:10 +00:00
des
aa2e4b623c Remove BIND.
Approved by:	re (gjb)
2013-09-30 17:23:45 +00:00
delphij
ce5f424576 Improve bsdpatch usability:
- Ask only once for "Apply anyway". [1]
 - Tell user what file have failed patch rather than just how
   many hunks failed.

Reported by:	jmg via pfg [1]
Tested by:	pfg [1]
Approved by:	re (gjb)
2013-09-26 18:00:45 +00:00
danilo
9f82ff2278 - Add myself as port commiter and my mentors relationship.
- Add myself to calendar.freebsd.

Approved by:	re (gjb), wg (mentor)
2013-09-24 04:00:49 +00:00
des
819dbfe373 Build and install drill(1).
Approved by:	re (blanket)
2013-09-22 20:30:55 +00:00
jhb
e0705f6378 Correct stale comments.
Approved by:	re (joel)
2013-09-20 16:05:09 +00:00
emaste
51ba585f88 Add LLDB bmake infrastructure
This connects LLDB to the build, but it is disabled by default.  Add
WITH_LLDB= to src.conf to build it.

Note that LLDB requires a C++11 compiler so is disabled on platforms
using GCC.

Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
2013-09-20 01:52:02 +00:00
db
05645a7435 - calendar uses cpp internally, this diff removes this usage and
substitutes a limited subset cpp processor internally.

PR:		src/178463
Approved by:	re (gjb)
2013-09-19 20:17:50 +00:00
joel
bd6ef8adfa Minor mdoc improvements.
Approved by:	re (blanket)
2013-09-19 19:43:38 +00:00
jhb
d3ef75b6c7 Extend the support for exempting processes from being killed when swap is
exhausted.
- Add a new protect(1) command that can be used to set or revoke protection
  from arbitrary processes.  Similar to ktrace it can apply a change to all
  existing descendants of a process as well as future descendants.
- Add a new procctl(2) system call that provides a generic interface for
  control operations on processes (as opposed to the debugger-specific
  operations provided by ptrace(2)).  procctl(2) uses a combination of
  idtype_t and an id to identify the set of processes on which to operate
  similar to wait6().
- Add a PROC_SPROTECT control operation to manage the protection status
  of a set of processes.  MADV_PROTECT still works for backwards
  compatability.
- Add a p_flag2 to struct proc (and a corresponding ki_flag2 to kinfo_proc)
  the first bit of which is used to track if P_PROTECT should be inherited
  by new child processes.

Reviewed by:	kib, jilles (earlier version)
Approved by:	re (delphij)
MFC after:	1 month
2013-09-19 18:53:42 +00:00
bdrewery
9992c4312f cap_new(2) and cap_getrights2) were replaced with cap_rights_limit(2)
and cap_rights_get(2) in r247602

Reviewed by:	pjd
Approved by:	gjb
Approved by:	re (rodrigc)
2013-09-19 10:56:36 +00:00
dim
fcc4821fc1 Make svnlite (actually libapr) work correctly on big-endian arches.
Otherwise, you would get errors similar to:

$ svn co svn://svn.freebsd.org/base/head test
A    test/lib
A    test/lib/libutil
svn: E200014: Checksum mismatch for
'/home/dim/test/lib/libutil/kinfo_getproc.3':
   expected:  0882097a545210d88edff8f63b328602
     actual:  b378eb08a0f4d4c97c513c4b17207f59

Approved by:	re (gjb, marius)
2013-09-19 06:31:03 +00:00
trasz
2320759748 Make iscsictl(8) automatically try to load the iscsi module. While here,
improve module loading in iscsid(8) and ctld(8).

Approved by:	re (delphij)
2013-09-18 08:37:14 +00:00
joel
44f767ab70 Minor mdoc fixes.
Approved by:	re (blanket)
2013-09-14 21:43:18 +00:00
trasz
a992abf041 Bring in the new iSCSI target and initiator.
Reviewed by:	ken (parts)
Approved by:	re (delphij)
Sponsored by:	FreeBSD Foundation
2013-09-14 15:29:06 +00:00
jhb
e4d9007c2c - Decode the idtype argument passed to wait6() in kdump and truss.
- Don't treat an options argument of 0 to wait4() as an error in
  kdump.
- Decode the wait options passed to wait4() and wait6() in truss
  and decode the returned rusage and exit status.

Approved by:	re (kib)
MFC after:	1 week
2013-09-12 18:08:25 +00:00
sjg
e9b1b9b12c Stick to traditional DEFAULT_SYS_PATH (/usr/share/mk)
Reviewed by:	obrien
Approved by:	re
2013-09-10 23:31:38 +00:00
jhb
04bb6e10cd Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use
an address in the first 2GB of the process's address space.  This flag should
have the same semantics as the same flag on Linux.

To facilitate this, add a new parameter to vm_map_find() that specifies an
optional maximum virtual address.  While here, fix several callers of
vm_map_find() to use a VMFS_* constant for the findspace argument instead of
TRUE and FALSE.

Reviewed by:	alc
Approved by:	re (kib)
2013-09-09 18:11:59 +00:00
des
1120f28cb0 Hook host(1) up to the build in the LDNS case.
Approved by:	re (blanket)
2013-09-08 20:48:23 +00:00
des
ff13bc56dc Import Magerya Vitaly's ldns-host, and build it instead of the BIND version
in the WITH_LDNS_UTILS case.

Approved by:	re (blanket)
2013-09-08 19:40:32 +00:00
sjg
61d13f6983 Merge bmake-20130904 2013-09-05 15:57:26 +00:00
se
f83bb7c481 Fix file selection logic for the RCS/SCCS case, as was done for the simple
file case before. Bump version because of the changed behavior, which now
matches the documentation.

Reviewed by:	pfg
2013-09-05 05:51:15 +00:00
pjd
029a6f5d92 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
erwin
e0b55fed21 Reduce WARNS to 0 for dig, host, and nslookup to make them
compile with the optional WITH_BIND_SIGCHASE.

Submitted by:	Andre Albsmeier <Andre.Albsmeier@siemens.com>
Approved by:	delphij (mentor, implicit)
MFC after:	3 days
Sponsored by:	DK Hostmaster A/S
2013-08-30 06:21:00 +00:00
pfg
a90a8d62c1 Drop build option switch for the older GNU patch.
As promised, drop the option to make the older GNU patch
the default.

GNU patch is still being built but something drastic may
happen to it to it before Release.
2013-08-29 00:38:24 +00:00
jmg
a1c1d2c61c fix up my copyright and remove third clause.. 2013-08-26 18:51:48 +00:00
jilles
24cd181d1e kdump: Decode SOCK_CLOEXEC and SOCK_NONBLOCK in socket() and socketpair(). 2013-08-26 17:22:51 +00:00
joel
28f43d3ba0 Remove EOL whitespace. 2013-08-22 16:01:20 +00:00
erwin
6a288ef517 Update Bind to 9.9.3-P2
Notable new features:

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

*  Introduces a new tool "dnssec-verify" that validates a signed zone,
   checking for the correctness of signatures and NSEC/NSEC3 chains.
   [RT #23673]

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

*  The new "inline-signing" option, in combination with the
   "auto-dnssec" option that was introduced in BIND 9.7, allows
   named to sign zones completely transparently.

Approved by:	delphij (mentor)
MFC after:	3 days
Sponsored by:	DK Hostmaster A/S
2013-08-22 08:15:03 +00:00
andrew
bf6a516fa3 Subversion requires atomic functions we only support on arm with clang. 2013-08-19 17:44:19 +00:00
jhb
fb96ed57d0 Remove incorrect 'const' qualifier from pointers to dynamic string
buffers I added in the previous commit.

Pointy hat to:	jhb
MFC after:	1 month
2013-08-19 17:09:14 +00:00
theraven
a84c641767 Add support for parameterised device tree sources to the device tree compiler.
Reviewed by:	brooks
Sponsored by:	DARPA, AFRL
2013-08-19 12:37:13 +00:00
pjd
5696218306 Make the "FD" column one character wider, so that "trace" can also align
properly.
2013-08-18 10:44:37 +00:00
hrs
17f8b7cb0b - Use getnameinfo(3) instead of gethostbyaddr(3) or inet_ntop(3).
- Fill sin6_scope_id from in6p.sin6_addr.s6_addr[2].  struct inpcb has
  struct in6_addr for the endpoint addresses, so sin6_scope_id must be filled.
2013-08-17 17:23:42 +00:00
jhb
3bfcb89de4 Add new mmap(2) flags to permit applications to request specific virtual
address alignment of mappings.
- MAP_ALIGNED(n) requests a mapping aligned on a boundary of (1 << n).
  Requests for n >= number of bits in a pointer or less than the size of
  a page fail with EINVAL.  This matches the API provided by NetBSD.
- MAP_ALIGNED_SUPER is a special case of MAP_ALIGNED.  It can be used
  to optimize the chances of using large pages.  By default it will align
  the mapping on a large page boundary (the system is free to choose any
  large page size to align to that seems best for the mapping request).
  However, if the object being mapped is already using large pages, then
  it will align the virtual mapping to match the existing large pages in
  the object instead.
- Internally, VMFS_ALIGNED_SPACE is now renamed to VMFS_SUPER_SPACE, and
  VMFS_ALIGNED_SPACE(n) is repurposed for specifying a specific alignment.
  MAP_ALIGNED(n) maps to using VMFS_ALIGNED_SPACE(n), while
  MAP_ALIGNED_SUPER maps to VMFS_SUPER_SPACE.
- mmap() of a device object now uses VMFS_OPTIMAL_SPACE rather than
  explicitly using VMFS_SUPER_SPACE.  All device objects are forced to
  use a specific color on creation, so VMFS_OPTIMAL_SPACE is effectively
  equivalent.

Reviewed by:	alc
MFC after:	1 month
2013-08-16 21:13:55 +00:00
glebius
5cec20bb2b Provide UTF-8 version of russian calendars. 2013-08-16 07:02:17 +00:00
theraven
70c59fcff4 Make carets line up in dtc diagnostics if the line starts with a tab. 2013-08-14 14:34:02 +00:00
uqs
8eeca12329 Belatedly add my birthday and fix a typo. 2013-08-14 08:10:54 +00:00
jilles
90af9dfe1e kdump: Decode AT_FDCWD in first argument of bindat() and connectat(). 2013-08-13 20:33:50 +00:00
jilles
7817797d29 kdump: Improve decoding of various *at calls:
* Write AT_FDCWD where appropriate.
* Decode the remaining arguments of openat() etc like open() etc.
2013-08-13 19:57:35 +00:00
trasz
3eef1145fb Make check for unknown login class actually work. Previously, using the "-c" option
with login class not defined in login.conf(5) would silently fail, resulting in using
the default login class.
2013-08-12 21:01:01 +00:00
peter
1930f97c40 Give up on using iconv to convert to UTF-8 at build time. I don't see any
practical way to make iconv(1) as a build tool.  Instead pre-convert.
This gives us UTF-8 nvi catalogs even on systems without iconv enabled.
2013-08-12 09:56:52 +00:00
peter
2d178f0d11 Don't build the UTF-8 version of the catalogs without iconv enabled.
Pointy-hat to:	peter (don't do things at 4am!)
2013-08-11 21:46:06 +00:00
peter
4ad6d22609 Don't install a ru_SU.KOI8-R symlink, 'make delete-old' will just remove
it again.
2013-08-11 20:46:05 +00:00
peter
5f2a1d6536 Update nvi-1.79 to 2.1.1-4334a8297f
This is the gsoc-2011 project to clean up and backport multibyte support
from other nvi forks in a form we can use.

USE_WIDECHAR is on unless building for the rescue crunchgen. This should
allow editing in the native locale encoding.

USE_ICONV depends on make.conf having 'WITH_ICONV=YES' for now.  This
adds the ability to do things like edit a KOI8-R file while having $LANG
set to (say) en_US.UTF-8.  iconv is used to transcode the characters for
display.

Other points:
* It uses gencat and catopen/etc instead of homegrown msg catalog stuff.
* A lot of stuff has been trimmed out, eg: the perl and tcl bindings which
  we could never use in base anyway.
* It uses ncursesw when in widechar mode.  This could be interesting.

GSoC info: http://www.google-melange.com/gsoc/proposal/review/google/gsoc2011/zy/1
Repo at: https://github.com/lichray/nvi2

Obtained from:  Zhihao Yuan <lichray@gmail.com>
2013-08-11 20:03:12 +00:00
trasz
68b7f99701 In su(1), fix option ordering and clarify that the login class specified
must be defined in login.conf.

MFC after:	1 month
2013-08-11 11:06:49 +00:00
sjg
0e7402e046 ParseGetLine: don't treat a zero byte as end of buffer if P_end says it isn't.
Consume up to next newline, and issue a parse warning.
If no newline found before P_end, carry on as before.
2013-08-10 21:31:35 +00:00
markj
a11192f9a0 Pass variables prefixed with both LD_ and LD_32_ to the run-time linker.
This prevents unintentional execution of programs when running ldd(1) on
32-bit Linux binaries.

PR:		175339, 127276
Suggested by:	kib, rstone
Reviewed by:	kib
MFC after:	2 weeks
2013-08-07 00:28:17 +00:00
peter
bce4a8587d Update serf 1.2.1 -> 1.3.0 for svn 2013-08-02 19:21:46 +00:00
jilles
713e53c6b9 find: Allow -delete to delete files given as arguments.
Formerly, a command like find dir1/dir2 -delete would delete everything
under dir1/dir2 but not dir1/dir2 itself.

When -L is not specified and "." can be opened, the fts(3) code underlying
find(1) is careful to avoid following symlinks or being dropped in different
locations by moving the directory fts is currently traversing. If a
problematic concurrent modification is detected, fts will not enter the
directory or abort. Files found in the search are returned via the current
working directory and a pathname not containing a slash.

For paranoia, find(1) verifies this when -delete is used. However, it is too
paranoid about the root of the traversal. It is already assumed that the
initial pathname does not refer to directories or symlinks that might be
replaced by untrusted users; otherwise, the whole traversal would be unsafe.
Therefore, it is not necessary to do the check for fts_level ==
FTS_ROOTLEVEL.

Deleting the pathnames given as arguments can be prevented without error
messages using -mindepth 1 or by changing directory and passing "." as
argument to find. This works in the old as well as the new version of find.

Tested by:	Kurt Lidl
Reviewed by:	jhb
2013-08-02 14:14:23 +00:00
sjg
ff765cb371 Merge bmake-20130730
Main feature of interest is .MAKE.JOB.PREFIX=
to suppress --- job --- tokens.
2013-08-02 06:25:28 +00:00
markj
5d2ce17ff0 Properly print arguments to vfork(2) and rfork(2).
PR:		180976
Submitted by:	Yuri <yuri@tsoft.com> (original patch)
MFC after:	1 week
2013-08-01 02:57:04 +00:00
obrien
d74088447c MFC'ing to 9.2. 2013-07-30 19:21:36 +00:00
ache
d6abb7bc66 grep -i does not work for simple patterns and single byte locales, like
LANG=ru_RU.KOI8-R grep -i <some single KOI8-R letter>
Fix it.

MFC after:      3 days
2013-07-30 18:16:43 +00:00
des
0b1a1b2338 Include an Accept header in requests.
PR:		kern/180917
MFC after:	1 week
2013-07-30 13:07:55 +00:00
des
b0032aebc5 Add Michael Gmelin's name to the copyright statement. 2013-07-30 13:05:51 +00:00
avg
4e6c4b2a36 Revert r253748,253749
This WIP should not have been committed yet.

Pointyhat to:	avg
2013-07-28 18:44:17 +00:00
avg
c8737cbf1c remove needless inclusion of machine/cpu.h in userland
MFC after:	21 days
2013-07-28 18:35:43 +00:00
joel
441173b6cc Remove EOL whitespace. 2013-07-28 06:16:12 +00:00
peter
0aadc82afb Update subversion-1.8.0 -> 1.8.1. Update supporting
components: apr-1.4.6 -> 1.4.8 and apr-util-1.4.1 -> 1.5.2.

This is a post point-zero bug-fix / fix-sharp-edges release, including
some workarounds for UTF-8 for people who haven't yet turned on WITH_ICONV.
2013-07-28 06:02:40 +00:00
pfg
97ac613107 Make the BSD-licensed patch the default.
The BSD-licensed patch(1) command has matured and it's behaviour
can be considered equivalent to the older version of GNU patch
in the tree.

The switch has been extensively tested [1] and only two ports
presented regressions, which have since been fixed.

For convenience a new WITH_GNU_PATCH option is available,
but it will likely be removed in the near future.

PR:		176313
Approved by:	portmgr
2013-07-26 21:25:18 +00:00
des
29d3efe0a8 Implement certificate verification, and many other SSL-related
imrovements; complete details in the PR.

PR:		kern/175514
Submitted by:	Michael Gmelin <freebsd@grem.de>
MFC after:	1 week
2013-07-26 15:53:43 +00:00
pfg
e34a7fd471 patch: style fix
Submitted by:	gogolok
2013-07-24 15:46:49 +00:00
ae
afd48faca0 Remove the large part of struct ipsecstat. Only few fields of this
structure is used, but they already have equal fields in the struct
newipsecstat, that was introduced with FAST_IPSEC and then was merged
together with old ipsecstat structure.

This fixes kernel stack overflow on some architectures after migration
ipsecstat to PCPU counters.

Reported by:	Taku YAMAMOTO, Maciej Milewski
2013-07-23 14:14:24 +00:00
des
2cf5ec44f0 mdoc nit 2013-07-21 07:24:25 +00:00
pjd
f2d723e2cd Close uniq(1) in the capability mode sandbox and limit descriptors using
capability rights.
2013-07-18 22:11:27 +00:00
pjd
1018d5b890 - Make localtime(3) to work in sandbox.
- Move strerror(3) initialization to its own function.
2013-07-18 21:56:10 +00:00
glebius
06ff98bcf1 Sweep unused nlist entries.
Sponsored by:	Nginx, Inc.
2013-07-16 12:22:36 +00:00
glebius
270169f28a Nuke "systat -mbuf". It was broken since FreeBSD 5, and since there
haven't been any complaints, no one used it.
2013-07-15 12:15:14 +00:00
ae
6f8e41d6cb Introduce new structure sfstat for collecting sendfile's statistics
and remove corresponding fields from struct mbstat. Use PCPU counters
and SFSTAT_INC() macro for update these statistics.

Discussed with:	glebius
2013-07-15 06:16:57 +00:00
hrs
459d12c7d5 Add -F fibnum option to specify an FIB number for -r flag. 2013-07-12 17:11:30 +00:00
theraven
e42a32794c Report error for out-of-range numerical inputs. Requested by brooks. 2013-07-10 10:57:09 +00:00
ae
d467a4169a Migrate structs ahstat, espstat, ipcompstat, ipipstat, pfkeystat,
ipsec4stat, ipsec6stat to PCPU counters.
2013-07-09 10:08:13 +00:00
ae
430162610d Migrate struct carpstats to PCPU counters. 2013-07-09 10:02:51 +00:00
ae
e5b002a3b8 Migrate structs ip6stat, icmp6stat and rip6stat to PCPU counters. 2013-07-09 09:54:54 +00:00
ae
705a50a053 Migrate structs arpstat, icmpstat, mrtstat, pimstat and udpstat to PCPU
counters.
2013-07-09 09:50:15 +00:00
ae
1b1e1de2b2 Use new macros to implement ipstat and tcpstat using PCPU counters.
Change interface of kread_counters() similar ot kread() in the netstat(1).
2013-07-09 09:43:03 +00:00
ae
1a36dfcc87 Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.

Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.

Discussed with:	arch@
2013-07-09 09:32:06 +00:00
kevlo
67f40d0cd3 Remove unnecessary cast to pid_t. 2013-07-04 03:24:58 +00:00
obrien
441e4b8972 Merge r252513 from src/gnu/usr.bin/patch into src/usr.bin/patch:
Properly handle input lines containing NUL characters such that pgets()
accurately fills the read buffer.

Callers of pgets() still mis-process the buffer contents if the read line
contains NUL characters, but this at least makes pgets() accurate.
2013-07-03 22:46:30 +00:00
obrien
d45f18e9d7 Merge r252512 from src/gnu/usr.bin/patch into src/usr.bin/patch:
Make it so that 'patch < FUBAR' and 'patch -i FUBAR' operate the same.

The former makes a copy of stdin, but was not accurately putting the
content of stdin into a temp file.  This lead to the undercounting
the number of lines in hunks containing NUL characters when reading
from stdin.  Thus resulting in "unexpected end of file in patch" errors.
2013-07-03 22:44:26 +00:00
pjd
2389e2e0a5 Few more style nits.
MFC after:	1 month
2013-07-03 20:44:47 +00:00
pjd
716e644161 Sandbox rwho(1) using capability mode and Capsicum capabilities.
rwho(1) gets only read-only access to /var/rwho/ directory.

Submitted by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
Sponsored by:	Google Summer of Code 2013
Reviewed by:	pjd
MFC after:	1 month
2013-07-03 20:42:10 +00:00
pjd
09921b0dcb Style cleanups.
Submitted by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
Sponsored by:	Google Summer of Code 2013
Reviewed by:	pjd
MFC after:	1 month
2013-07-03 20:28:33 +00:00
peter
7adacbf288 As a followup to r252547, propate const down the call stack. 2013-07-03 18:27:45 +00:00
peter
1b75ab8af0 Attempt to deal with a compile failure that shows up with gcc, which
has -Werror on.  Without this, yylex() is inconsistently or redundantly
defined.
2013-07-03 18:25:27 +00:00
peter
75dee8bb5a If you've compiled your base system with WITH_ICONV, then use it for svn
alongside the other consumers (bsdtar, csh etc).

The svnlite build gets upset when it hits non-ascii characters in
inconvenient places.
2013-07-01 07:07:35 +00:00
peter
db19956e7f Update to current configuration. 2013-07-01 07:00:12 +00:00
mjg
fdd0a4cf93 killall: add -q flag to suppress error message when no processes are matched
Man-page text provided by wblock.

PR:		bin/30542
Submitted by:	Tony Finch <dot@dotat.at> (original version)
MFC after:	1 week
2013-06-30 20:27:31 +00:00
mjg
be743fe502 truss: recognize O_DIRECTORY, O_EXEC, O_TTY_INIT and O_CLOEXEC
MFC after:	3 days
2013-06-30 13:14:46 +00:00
hiren
35a5efef32 Adding myself to the calendar!
Approved by:	sbruno (mentor)
2013-06-30 01:20:59 +00:00
kientzle
07510fdf7a Enable svnlite on armv6. 2013-06-29 15:31:23 +00:00
davide
0dd1d9c578 - Trim an unused and bogus Makefile for mount_smbfs.
- Reconnect with some minor modifications, in particular now selsocket()
internals are adapted to use sbintime units after recent'ish calloutng
switch.
2013-06-28 21:00:08 +00:00
pfg
4772ec77e6 sed: use getline() instead of fgetln().
In BSD, fgetln() available in libc but in Illumos the Solaris port had to
include it internally. It also seems to have caused problems [1].

Aid portability by using getline() instead.

Reference:
https://www.illumos.org/issues/3820 [1]

Submitted by:	Johann 'Myrkraverk' Oskarsson <johann@myrkraverk.com>
Reviewed by:	dds
MFC after:	2 weeks
2013-06-26 04:14:19 +00:00