Commit Graph

127010 Commits

Author SHA1 Message Date
maxim
4fb407a148 o Grammar. 2006-09-18 11:04:08 +00:00
maxim
93ed40a8c9 o Don't fseek() on closed file.
Submitted by:	pgollucci@p6m7g8.com, Mark Costlow
MFC after:	3 weeks
2006-09-18 09:34:48 +00:00
marck
0585e0af5f Clean obsolete reference to the old NMBCLUSTERS kernel option.
It seems the last reference (modulo manual pages where such obsoleteness
clearly highlighted).

Approved by:	re (bmah - kinda)
MFC after:	3 days
2006-09-18 06:34:51 +00:00
ume
0f4b1054e7 Listen to a control socket on an IPv4 as well through
an IPv4-mapped IPv6 address.

Reported by:	Julian H. Stacey <jhs__at__flat.berklix.net>
Test by:	Julian H. Stacey <jhs__at__flat.berklix.net>
MFC after:	1 week
2006-09-18 03:50:30 +00:00
ru
46470485d3 Add -f option to program's usage(), fix manpage's SYNOPSIS. 2006-09-17 22:49:26 +00:00
ru
18a5062f98 Markup fixes. 2006-09-17 21:48:47 +00:00
phk
13a720a4b7 Too many good quotes flying by these days. 2006-09-17 21:36:16 +00:00
ru
f4eec08060 Markup fixes. 2006-09-17 21:27:35 +00:00
ru
b4db035948 Remove more traces of Alpha. 2006-09-17 20:53:30 +00:00
rwatson
8b3f7ca1ce Declare security and security.bsd sysctl hierarchies in sysctl.h along
with other commonly used sysctl name spaces, rather than declaring them
all over the place.

MFC after:	1 month
Sponsored by:	nCircle Network Security, Inc.
2006-09-17 20:00:36 +00:00
ru
42e50d33e6 Sort sections. 2006-09-17 18:52:28 +00:00
ru
1ad9315508 Update manpages for FILE 4.17. 2006-09-17 18:42:35 +00:00
csjp
d271a33920 Correct a slight regression which was introduced with the implementation of
audit pipes. If the kernel record was not selected for the trail or the pipe,
any user supplied record attached to it would be tossed away, resulting in
otherwise selected events being lost.

- Introduce two new masks: AR_PRESELECT_USER_TRAIL AR_PRESELECT_USER_PIPE,
  currently we have AR_PRESELECT_TRAIL and AR_PRESELECT_PIPE, which tells
  the audit worker that we are interested in the kernel record, with
  the additional masks we can determine if either the pipe or trail is
  interested in seeing the kernel or user record.

- In audit(2), we unconditionally set the AR_PRESELECT_USER_TRAIL and
  AR_PRESELECT_USER_PIPE masks under the assumption that userspace has
  done the preselection [1].

Currently, there is work being done that allows the kernel to parse and
preselect user supplied records, so in the future preselection could occur
in either layer. But there is still a few details to work out here.

[1] At some point we need to teach au_preselect(3) about the interests of
    all the individual audit pipes.

This is a RELENG_6 candidate.

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
MFC after:	1 week
2006-09-17 17:52:57 +00:00
ru
36d05684e7 Markup fixes. 2006-09-17 17:40:07 +00:00
davidxu
4254dacbf5 Make cpu_set_upcall_kse() and cpu_set_user_tls() work for 32bit process. 2006-09-17 14:54:14 +00:00
andre
710a642f7a Remove VLAN mtag UMA zones and initialize ether_vtag and tso_segsz packet
header fields to zero on mbuf allocation.

Sponsored by:	TCP/IP Optimization Fundraise 2005
2006-09-17 13:44:32 +00:00
andre
34f4a99b52 Make tcp_usr_send() free the passed mbufs on error in all cases as the
comment to it claims.

Sponsored by:	TCP/IP Optimization Fundraise 2005
2006-09-17 13:39:35 +00:00
andre
2d9e7e4a32 Move ethernet VLAN tags from mtags to its own mbuf packet header field
m_pkthdr.ether_vlan.  The presence of the M_VLANTAG flag on the mbuf
signifies the presence and validity of its content.

Drivers that support hardware VLAN tag stripping fill in the received
VLAN tag (containing both vlan and priority information) into the
ether_vtag mbuf packet header field:

	m->m_pkthdr.ether_vtag = vlan_id;	/* ntohs()? */
	m->m_flags |= M_VLANTAG;

to mark the packet m with the specified VLAN tag.

On output the driver should check the mbuf for the M_VLANTAG flag to
see if a VLAN tag is present and valid:

	if (m->m_flags & M_VLANTAG) {
		... = m->m_pkthdr.ether_vtag;	/* htons()? */
		... pass tag to hardware ...
	}

VLAN tags are stored in host byte order.  Byte swapping may be necessary.

(Note: This driver conversion was mechanic and did not add or remove any
byte swapping in the drivers.)

Remove zone_mtag_vlan UMA zone and MTAG_VLAN definition.  No more tag
memory allocation have to be done.

Reviewed by:	thompsa, yar
Sponsored by:	TCP/IP Optimization Fundraise 2005
2006-09-17 13:33:30 +00:00
rwatson
9f40438221 Regenerate. 2006-09-17 13:29:36 +00:00
rwatson
f50a5f19fb AUE_SIGALTSTACK instead of AUE_SIGPENDING for sigaltstack().
Obtained from:	TrustedBSD Project
MFC after:	3 days
2006-09-17 13:28:11 +00:00
rwatson
517cd09f4a Add AUE_SYSARCH to the list of audit events during BSM conversion to prevent
a console warning.  Eventually, we will capture more arguments for sysarch.

Obtained from:	TrustedBSD Project
MFC after:	3 days
2006-09-17 11:42:40 +00:00
brueffer
87e4e476d6 Remove a contraction and add a missing article. 2006-09-17 11:30:44 +00:00
rwatson
cc2c7c1920 Expore kern.acct_configured, a sysctl that reflects the configured/
unconfigured state of the kernel accounting system.  This is used by
the accounting privilege regression test to determine whether
accounting is in use and will be disrupted by the regression test.

Sponsored by:	nCircle Network Security, Inc.
Obtained from:	TrustedBSD Project
MFC after:	1 month
2006-09-17 11:00:36 +00:00
thompsa
7bfa9047b1 Rearrange things so that ARP packets can be filtered or rate limited with IPFW.
Requested by:	Jon Otterholm
Tested by:	Jon Otterholm
2006-09-17 08:20:56 +00:00
mjacob
fa55c3d213 Don't allow attachment of disks that could cause GEOM to panic. 2006-09-16 21:21:07 +00:00
jhay
9e8a4daa6b Check the length of the ipv4 and ipv6 address lists. It must be less
than F_LEN_MASK.

MFC after:	5 days
2006-09-16 19:27:40 +00:00
mjacob
504b1f79b5 New Dell 1950/2950 SES backplane drops off the bus if you poke
at greater then lun 0.

MFC after:	1 week
2006-09-16 17:35:47 +00:00
rwatson
76eda1318a Add audit hooks for ppc, ia64 system call paths.
Reviewed by:	marcel (ia64)
Obtained from:	TrustedBSD Project
MFC after:	3 days
2006-09-16 17:03:02 +00:00
des
97a1b8f884 Merge vendor patch for BSM problem in protocol version 1.
MFC after:	1 week
2006-09-16 15:12:58 +00:00
netchild
0ccb71359d - don't reboot() when feed with wrong parameters (and enough permissions) [1]
- add support to power off the system [2]
- check the linux magic values [3]

Submitted by:	Marcin Cieslak <saper@SYSTEM.PL> [1,2]
Modelled after:	linux man page of the reboot() syscall [3]
Found by:	LTP testcase "reboot02" [1]
Tested with:	LTP testcase "reboot02" [1,3]
MFC after:	1 week
2006-09-16 14:12:04 +00:00
pjd
5b67d8da02 Fix detecting of UFS1 label when mediasize%fragsize != 0.
Submitted by:	Stanislav Sedov
PR:		kern/84637
MFC after:	1 week
2006-09-16 11:24:41 +00:00
pjd
1328564157 Fix copy&paste mistake.
Submitted by:	Matthias Lederhofer <matled@gmx.net>
2006-09-16 10:47:30 +00:00
pjd
57e3a9f406 Add regression tests for 'geli configure' subcommand.
MFC after:	1 week
2006-09-16 10:44:33 +00:00
pjd
2e387b9b85 Add 'configure' subcommand which for now only allows setting and removing
of the BOOT flag. It can be performed on both attached and detached
providers.

Requested by:	Matthias Lederhofer <matled@gmx.net>
MFC after:	1 week
2006-09-16 10:43:17 +00:00
pjd
f5e129df20 Add __printflike() to gctl_error().
Approved by:	phk
MFC after:	1 week
2006-09-16 10:39:07 +00:00
jhay
7748ccf222 Handle a list of IPv6 src and dst addresses correctly, eg.
ipfw add allow ip6 from any to 2000::/16,2002::/16

PR:		102422 (part 3)
Submitted by:	Andrey V. Elsukov <bu7cher at yandex dot ru>
MFC after:	5 days
2006-09-16 10:27:05 +00:00
pjd
4f982725d1 Small fixes after adding __printflike() to gctl_error().
Approved by:	phk
MFC after:	3 days
2006-09-16 09:48:29 +00:00
pjd
7eae1b3fd5 Regression tests for read-only option (attach -r).
MFC after:	1 week
2006-09-16 09:30:24 +00:00
pjd
43d315f0a2 Note that we don't destroy keys on read-only attached providers.
MFC after:	1 week
2006-09-16 09:27:54 +00:00
pjd
034bd1e695 First kill detached providers, because of two reasons:
- after killing all attached providers, all providers are then detached
  and operation is repeated for those who were attached,
- we don't want to remove keys for read-only attached providers, we only
  want to detach them.

MFC after:	1 week
2006-09-16 09:26:57 +00:00
ru
c1cc0912e1 This is not needed since src/gnu/usr.bin/cc/cc_int/Makefile,v 1.34. 2006-09-16 09:09:44 +00:00
pjd
5d795537ae Remove extra arguments.
MFC after:	3 days
2006-09-16 07:47:57 +00:00
jhay
3f597283a3 Use bzero() to clear the whole ipfw_insn_icmp6 structure in fill_icmp6types(),
otherwise this command

ipfw add allow ipv6-icmp from any to 2002::1 icmp6types 1,2,128,129

turns into icmp6types 1,2,32,33,34,...94,95,128,129

PR:		102422 (part 1)
Submitted by:	Andrey V. Elsukov <bu7cher at yandex.ru>
MFC after:	5 days
2006-09-16 06:34:30 +00:00
jhay
ac9152509c Make it possible to add an IPv6 host route to a host directly connected.
Use something like this:
route add -inet6 <dest_addr> <my_addr_on_that_interface> -interface -llinfo

This is usefull for wireless adhoc mesh networks.

MFC after:	5 days
2006-09-16 06:24:28 +00:00
bmah
099d2911f1 MFCs noted: geli(8) data authentication, mount(8) "late" filesystems. 2006-09-16 03:58:07 +00:00
brueffer
c6e7e5518b - Instead of listing which ships support Rx/Tx checksum offload and Jumbo
Frames, mention the one chip that does not support them (obtained from
  the driver README)
- Mention TSO and the chips that do not support it (provided by pdeuskar)
- Do not refer to the README for VLAN support, building and installing
  the driver
2006-09-15 20:52:51 +00:00
ru
8fdde09645 Fix input byte counting. Now the sum of the ipackets/ibytes counters
of individual interfaces should match the ipackets/ibytes counter of
the aggregate (FEC) interface.

PR:		kern/82189
Submitted by:	Stikheev Andrew <sand AT zunet DOT ru>
MFC after:	3 days
2006-09-15 20:17:45 +00:00
brueffer
fadf27a4e8 Mention TSO support. 2006-09-15 19:33:15 +00:00
gallatin
746d287f83 - Updated to the latest myri10ge firmware
- Added support for multicast filtering, now that the firmware
  supports it.  Note that this is not yet tested, as multicast
  seems to panic -current (even w/o mxge loaded)
- Added workaround to cope with different irq data struct size on
  pre-multicast firmware which can found running on nics.
- Added Intel E5000 PCIe chipsets to list providing aligned completions.
- Replaced various magic constants with #defines, now that they are
  defined in the firmware headers.
2006-09-15 19:24:45 +00:00
emax
01d5e88001 Make op parameter to mux_keyboard() u_int instead of int.
This should fix sparc64 messages like

Sep 15 11:17:39 peahi kernel: WARNING pid 5477 (kbdcontrol): ioctl sign-extension ioctl ffffffff80244b45

PR:		sparc64/96798
MFC after:	1 week
2006-09-15 18:41:12 +00:00