NAI.
Add cautionary notes on the experimental status of the MAC Framework
in FreeBSD 5.0.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.
Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.
This code has still not been stared at for 10 years by a gang of
hard-core cryptographers. Discretion advised.
NB: These changes result in the on-disk format changing: dump/restore needed.
Sponsored by: DARPA & NAI Labs.
largely submitted by bde. Return our exemption of the #ifdef lint
comments since the exemption is intended to handle a particularly
common current case without mandating change. Improve language and
spelling, and slightly clarify the notions associated specifically
with #elif.
Obtained from: bde
This is NOT YET CONVERTED TO -current.
This node is a source for preprogrammed packets at a known rate for testing.
I will convert it to -current "in place" but will MFC teh original
pre-conversion variant as that is what is originally submitted.
Man page my me, info from Dave's README.
Submitted by: Dave Chapeskie <dchapeskie@SANDVINE.com>
Obtained from: Sandvine inc.
MFC after: 1 week
The closing comment is required only for long conditionally defined
code sections, with the exception of lint cases. Attempt to document
also the logic for using '!' before the SOMETIMESSOMETHGINGHERE.
The goal of these comments is to make complex cases more
comprehensible, not to require them in all cases. The rules here are
derived from behavior used in 90+% of the kernel source code.
Reviewed by and discussed with: jhb, bde, mike
linking.
* Fix disorder in the SEE ALSO sections of aio_*(2).
* Remove unnecessary cross-references from the SEE ALSO sections of
aio_*(2); config(8), kldload(8) and kldunload(8) are cross-referenced
from aio(4).
* Remove the KERNEL OPTIONS sections from aio_*(2), now that these
pages cross-reference aio(4), which contains suitable kernel linking
reference material.
associated with the TrustedBSD MAC Framework, as well as some credits
to developers and contributors.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
a server process bound to a wildcard UDP socket to select the IP
address from which outgoing packets are sent on a per-datagram
basis. When combined with IP_RECVDSTADDR, such a server process can
guarantee to reply to an incoming request using the same source IP
address as the destination IP address of the request, without having
to open one socket per server IP address.
Discussed on: -net
Approved by: re
which may surprise developers coming from Solaris, or other platforms
which have a similar interface, but slightly different rules.
Reviewed by: jhb, ru
