that it might be worth fixing a couple of bugs in wesside and making
it use the new cracking technique. I think this enhancement makes
the tool quite usable. It is possible to recover keys in only a
couple of minutes.
* Fix ACKs. Firmware will ACK data [just set the MAC addr correctly].
* Fix RX routines. Process all packets read().
* Use aircrack-ptw [built-in] rather than external aircrack.
* Log data in pcap format so that it may be used by others [e.g. aircrack-ng].
Submitted by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
- Close the new file objects created during socketpair() if the copyout of
the new file descriptors fails.
- Add a test to the socketpair regression test for this edge case.
and had no chance to match it by the 2nd address precisely.
Otherwise the unclosed range would bogusly extend to the end
of stream.
Add a basic regression test for the bug fixed. (This change
also fixes the more complex case 5.3 from `multitest.t'.)
Compared with: SUN and GNU seds
Tested by: regression tests
MFC after: 1 week
in a more reasonable way than BSD sed does: they properly
close the range even if we branched over its end. No doubt,
the range `1,5' should not match lines from 9 through 14.
them are related to the `c' function's need to know if we are at
the actual end of the address range. (It must print the text not
earlier than the whole pattern space was deleted.) It appears the
only sed function with this requirement.
There is `lastaddr' set by applies(), which is to notify the `c'
function, but it can't always help because it's false when we are
hitting the end of file early. There is also a bug in applies()
due to which `lastaddr' isn't set to true on degenerate ranges such
as `$,$' or `N,$' if N appears the last line number.
Handling early EOF condition in applies() could look more logical,
but it would effectively revert sed to the unreasonable behaviour
rev. 1.26 of main.c fought against, as it would require lastline()
be called for each line within each address range. So it's better
to call lastline() only if needed by the `c' function.
Together with this change to sed go regression tests for the bugs
fixed (c1-c3). A basic test of `c' (c0) is also added as it helped
me to spot my own error.
Discussed with: dds
Tested by: the regression tests
MFC after: 1 week
o make all crypto drivers have a device_t; pseudo drivers like the s/w
crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
for specifying which of several potential devices to use when doing
crypto operations
o add new ioctls that allow user apps to select a specific crypto device
to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
to specify a device to use for tests
These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.
These changes were instigated by the work of Michael Richardson.
Reviewed by: pjd
Approved by: re
I have verified these with GNU sed 4.1.5 (and in some cases with Solaris
sed) and they are identical, with the following exceptions:
5.3: The result is unspecified and BSD sed behaves differently.
6.3: GNU sed gets it wrong
7.1: GNU sed gets it wrong
7.8: BSD sed gets it wrong
According to IEEE Std 1003.1, 2004 "Whenever the pattern space is
written to standard output or a named file, sed shall immediately
follow it with a <newline>."
An attempt at the same correction might have been made with r1.3,
which is however identical with r1.2.
NetBSD version is a feature-to-feature re-implementation of GNU
gzip using the freely-redistributable zlib and this version is
expected to be mostly bug-to-bug compatible with the GNU
implementation.
- Because this is a piece of mature code and we want to make
changes so it is added directly rather than importing to
src/contrib.
- Connect newly added code to src/usr.bin/ and rescue/rescue
build.
- Disconnect the GNU gzip code from build for now, they will
be eventually removed completely.
- Provide two new src.conf(5) knobs, WITHOUT_BZIP2_SUPPORT and
WITHOUT_BZIP2.
Tested by: kris (full exp-7 pointyhat build)
Approved by: core (importing a 4-clause BSD licensed file)
Approved by: re (adding new utility during -HEAD code slush)
effective group ID or to group ID of its parent directory.
- Add some comments from POSIX.
- Verify that after successful O_TRUNC open, size is equal to 0.
he is the file's owner, he can't set set-gid bit.
POSIX requires to return 0 and clear the bit, but FreeBSD returns
EPERM for UFS in such case. For now do the same in ZFS.
This only works if there is no significant drift and all processors are
running at the same frequency. Fortunately, schedgraph traces on MP
machines tend to cover less than a second so drift shouldn't be an issue.
- KTRFile::synchstamp() iterates once over the whole list to determine the
lowest tsc value and syncs adjusts all other values to match. We assume
that the first tick recorded on all cpus happened at the same instant to
start with.
- KTRFile::monostamp() iterates again over the whole file and checks for
a cpu agnostic monotonically increasing clock. If the time ever goes
backwards the cpu responsible is adjusted further to fit. This will
make the possible incorrect delta between cpus as small as the shortest
time between two events. This time can be fairly large due to sched_lock
essentially protecting all events.
- KTRFile::checkstamp() now returns an adjusted timestamp.
- StateEvent::draw() detects states that occur out of order in time and
draws them as 0 pixels after printing a warning.
from the tsc.
- Set skipnext = 1 for yielding and preempted events so we don't show the
event that adds us back to the run queue. It used to be 2 so we would
skip the ksegrp run queue addition and the system run queue addition
but the ksegrp run queue has gone away.
- Don't display down to nanosecond resolution for scheduling events right
now. This can sometimes cause a division by zero.
Almost all regression tests are based on very flexible fstest tool.
They verify correctness (POSIX conformance) of almost all file
system-related system calls.
The motivation behind this work is my ZFS port and POSIX, who doesn't
provide free test suites.
Runs on: FreeBSD/UFS, FreeBSD/ZFS, Solaris/UFS, Solaris/ZFS
To try it out:
# cd fstest
# make
# find tests/* -type d | xargs prove
various types, as well as pipes and fifos for good measure. RELENG_6
currently passes all of these tests, but 7-CURRENT fails 0-byte writes
and sends on all stream socket types (and fifos, as they are based on
stream sockets).
Bumped into by: peter
Diagnosed by: jhb
Problem of: andre
to floating-point, the result is a quiet NaN. The current implementation
may return a signaling NaN, and the vendor has no plans for changing this,
for reasons explained in the comment I added.
mbuf is dropped, to preserve the invariant in the PR_ADDR case.
Add a regression test to detect this condition, but do not hook it
up to the build for now.
PR: kern/38495
Submitted by: James Juran
Reviewed by: sam, rwatson
Obtained from: NetBSD
MFC after: 2 weeks
wildcard specifications. Earlier the only wildcard syntax
was "-j 0" for "any jail". There were at least
two shortcomings in it: First, jail ID 0 was abused; it
meant "no jail" in other utils, e.g., ps(1). Second, it
was impossible to match processed not in jail, which could
be useful to rc.d developers. Therefore a new syntax is
introduced: "-j any" means any jail while "-j none" means
out of jail. The old syntax is preserved for compatibility,
but now it's deprecated because it's limited and confusing.
Update the respective regression tests. While I'm here,
make the tests more complex but sensitive: Start several
processes, some in jail and some out of jail, so we can
detect that only the right processes are killed by pkill
or matched by pgrep.
Reviewed by: gad, pjd
MFC after: 1 week
nature of implied connect via sendto(). Oddly, uipc_usrreq.c implements
this for stream sockets, but doesn't set the flag in its protocol
definition so that it can actually be used. As such, the stream test is
implemented but doesn't run for now.
prints out if bootverbose is set. This is to facilitate the code being
removed from the kernel at a later date.
While we're here, fix the __packed structures, and add some other
PCI interrupt router IDs.
Submitted by: jhb (with some tweaks)
MFC after: 3 weeks
KERNCONF after the file has been copied to the sys/${ARCH}/conf directory. This
allows the use of one kernel config file for multiple images. E.g.:
NANO_KERNEL=../../../../software/nanobsd/default/SOEKRIS
MFC: after 6.2
to WITH_CDDL.
This option enables building code that is licensed under Sun's CDDL.
The DTrace code is licensed that way, so by default it will get built
unless the WITHOUT_CDDL option is used.
There is another build toggle, NO_CTF, which turns off execution of
ctfconvert and ctfmerge in sys.mk, but this can't be implemented as
WITH_/WITHOUT because bsd.own.mk isn't included in all Makefiles and
sys.mk is included automatically by make.
This allows the user to specify that the root filoesystem should be
an MFS or teh actual medium itself.
Also a new command syntax, along with an interactive mode by default,
with crossinvocation memory of the last used values as defaults for the
current invocation.
Submitted by:jmeloatfreebsdbrasil,com-br
implemented properly for a number of kernel subsystems. In general, they
try to exercise the privilege first as the root user, then as a test user,
in order to determine when privilege is being checked.
Currently, these tests do not compare inside/outside jail, and probably
should be enhanced to do that.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Add "-C <column>" and "-d <delims>" options to chop up input lines.
Make '#' a comment character, rest of line is ignored.
Submitted by: Dmitry Morozovsky <marck@rinet.ru>
separate function which is called right after install_etc(). This makes
it simpler to (ab)use nanobsd.sh as a framework to build more normal
FreeBSD images where a normal /etc is used, since setup_nanobsd_etc()
can just be redefined.
OK'ed in principle by: phk
MFC after: 1 week
It is by no means expected to perform a complete test of the library
for correctness, but is meant to test the API to make sure libmp (or
libcrypto) updates don't totally break the library.
instead of setup_nanobsd(), because this gives customize tasks a chance
to fiddle the details.
Inspired & tested by: Jordan Coleman <jordan@JordanColeman.com>
o If something is wrong with options, then output short usage help message.
o Output errstr returned from strtonum(3).
PR: bin/98141
Submitted by: Andrey Simonenko
It uses doxygen to generate the API documentation. For each subsystem
a very small (about 20 lines with comments) subsystem specific Doxyfile
has to be written (have a look at the README for more). All common doxygen
options are specified in a separate file.
The framework is configured to not only generate the HTML version, but also
a PDF version (the paper size is hardcoded to DIN A4 currently and depending
on the subsystem you have to increase some limits in the latex configuration
of your system, the README tells more about this).
It also allows cross-references between the subsystems (it generates doxygen
tag files).
Currently the docs are generated in OBJDIR, but this may change after
coordination with doc@. The makefile is prepared to generate/move various
parts of the generated docs to different destinations.
TARGET_ARCH is respected and some env-vars are set for architecture specific
handling of the source (the README tells more).
Subsystems for which docs are generated:
- cam - crypto - dev_pci
- dev_sound - dev_usb - geom
- i4b - kern - libkern
- linux - net80211 - netgraph
- netinet - netinet6 - netipsec
- opencrypto - vm
Requested by: gnn
o Introduce -r and -w keys which allow to load and save a worklist.
o Replace README by man page.
PR: bin/96677
Submitted by: Ulrich Spoerlein
Approved by: phk
MFC after: 1 month
case). Can be useful for recovering in some cases;
o use SBLOCK_UFS2 instead of SBLOCK_UFS1 to calculate likely start of the UFS2
partition from the beginning of disk.
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
o Add mount and umount actions so that partitions can be in use.
o Extend the testing of the add verb to include overlapping
partitions.
o Add tests for the remove verb. this includes tests to remove
a partition when in use (i.e. is mounted).
o Add a MD5 checksum to the output of the conf action so that
it can be tested. Make sure the MD5 doesn't vary based on
certain dynamic behaviour that is irrelevant to the output.
o Add MD5 checksums to the expected result of conf actions.
Add support for read-write parameters. Allow an optional initializer
for read-write parameters. Print the value of those parameters on
success following the PASS.
in the commit log) submitted support for some NO_* knobs for delete-old*
and check-old. I converted it to the new WITHOUT_* knobs (more correctly:
MK_*) and added some dummy ones so that people can see what's missing.
Volunteers can have a look at http://phk.freebsd.dk/misc/build_options/
for a list of files.
The location looks a little bit odd to me, but I don't care about the
color of this bikeshed and follow the suggestion of our build
infrastructure guru to place it "somewhere under src/tools/ please". [1]
The build/mk/ directory looks more sane to me than the other ones there.
Submitted by: milosz.galazka@gmail.com
Suggested by: ru [1]
the first part before starting, or the TCP port we want to bind may be in
use still. Sleep for a short period between tests.
Use SIGTERM instead of SIGKILL.
pru_abort() by closing a listen socket while completed connections are
presenting in its listen queue. Unfortunately, it's difficult to
trigger the other two pru_abort() cases using user APIs, so they are
not covered by this test.
mode. Support both connection via connect() and sendto(), but don't
compile in sendto() for now, since netipx doesn't appear to actually
implement that (doh).
times, with variable length sleeps between socket() and close(). This
will help to ensure that IPX/SPX timers fire while the sockets are
open, and hence have PCB's on the IPX pcb list, so that if timers are
going to stumble over PCB types they don't expect, it will happen as
part of this test.
an empty addenda section.
Handle kernel configs that lack a "machine" line by guessing at the location
of GENERIC (assuming that it is in the same directory as the config file)
two reasons:
(1) juggle is now maintained in CVS, not P4, so the CVS revision number is
the authoritative one.
(2) Apparently $P4$ requires special handling and juggle was not marked
as needing it, resulting in problems for the P4 importer.
Requested by: gordon
# Size of the /etc ramdisk in 512 bytes sectors
NANO_RAM_ETCSIZE=10240
# Size of the /tmp+/var ramdisk in 512 bytes sectors
NANO_RAM_TMPVARSIZE=10240
And a last_orders() shell function which can be redefined to copy
finished images away, order peanuts or whatever else is appropriate
in the first place).
- Add some XXX lines as a TODO.
- Add a cvs diff command to the generated commit script.
- Add cdiff/colordiff to the list of optional dependencies.
- Fix a problem when giving the commit mail without the headers to
mfc.pl -f, it should now work correctly.
- Bump version.
Approved by: ssouhlal (implicit)
generates a patchset along with a commit message and a commit script if the user has
commit rights.
- Add a README file to give a quick description of each script's purpose.
Approved by: netchild
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
perform varying number of small IPC operations. It runs using a single
process and one thread, a single process and two threads, and using
multiple processes. Critical to its performance measure are the cost and
frequency of context switches, locking overhead, and threading
performance. The benchmark generates .csv output appropriate for reading
into a spreadsheet to generate summary statistics and perform statistical
tests easily.
of struct uma_zone. It is declared as an array of size [1], but then
sized at run-time by UMA to include room for mp_maxid+1 CPUs. We have to
copy the uma_zone first at the declared structure size, then check to make
sure it's not an internal zone before copying the larger size (UMA
internal zones don't use per-CPU caches). This fixes umastat for SMP.
the keg/zone lists, summarizing cache state, and walking bucket lists in
each zone. I seem to get inconsistent results on SMP, possibly due to
local header problems, but it seems to work quite well on UP. This tool
requires sufficient privilege to read /dev/mem (or a core dump), and is
for debugging purposes rather than administrative monitoring purposes
(use vmstat instead).
o Change the result of gctl(001) now that a bogus verb still requires
a valid geom,
o Insert gctl(024) to test for an appropriate error when a bogus verb
is given that does have a proper geom parameter.
whole name. This does not unnecessarily close the door that in some
future we want to test on something other than md(4) devices.
Also add a "conf" action so that we can check whether a gctl actually
did the right thing or not. It's one thing to check that the result
strings are as expected, but it doesn't tell us if the end result is
correct. This needs a bit more fleshing out, but for now a visual
(i.e. manual) check suffices.
