99885 Commits

Author SHA1 Message Date
jhb
b9e0b0f9af Replace the ktrace queue's semaphore with a condition variable instead as
it is slightly more efficient since we already have a mutex to protect the
queue.  Ktrace originally used a semaphore more as a proof of concept.
2004-02-26 19:30:22 +00:00
green
9facd5e1d4 Mention getaddrinfo(3)/resolver(3) ABI change.
Reminded by:	bmah
2004-02-26 16:44:31 +00:00
des
4a07336c65 Bump CTL_MAXNAME from 12 to 24. 2004-02-26 16:18:22 +00:00
rwatson
5dcb04ba23 Forward declare struct bpf_d, struct ifnet, struct image_params, and
struct vattr in mac_policy.h.  This permits policies not
implementing entry points using these types to compile without
including include files with these types.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Air Force Research Laboratory
2004-02-26 16:15:14 +00:00
bmah
923b6edcc0 New release notes: GNU regex import, routed 2.27.
Updated release notes:  OpenSSH 3.8p1 and default configuration
changes.
2004-02-26 16:05:25 +00:00
des
bf48bf1ef6 It's protocol version 1 I've disabled, not version 2. 2004-02-26 15:54:44 +00:00
nyan
8f0ca54fc2 Merged from sys/isa/fd.c revision 1.266. 2004-02-26 14:59:10 +00:00
mtm
6a77f4e518 o NetBSD rev. 1.60
Add "*,v" to the list of scratch files to skip.
  Suggested by Johnny Lam / Alistair Crooks

o Update NetBSD rcsid

Obtained From:	NetBSD
2004-02-26 12:43:43 +00:00
mtm
feba9882c4 NetBSD rev. 1.57
run_rc_command(): when checking if ${command} exists before executing it,
  be sure to check under ${name_chroot} (if set).
  Fix from Ed Ravin in [bin/18523]

Obtained From:	NetBSD
2004-02-26 12:35:58 +00:00
mtm
9ba5c8e1c5 NetBSD rev. 1.56
Use more concise shell syntax:
  1. for i in $* -> for i
  2. foo=$* -> foo="$@"

Obtained From:	NetBSD
2004-02-26 12:30:38 +00:00
mtm
c274def8fc NetBSD rev. 1.53, 1.54 and 1.55:
Change how internal boolean variables are used to:
	if ! ${_somevar:-false}; then
		_somevar=true
	fi
  (Consisent, slightly quicker, and slightly cleaner)

Obtained from:	NetBSD
2004-02-26 12:19:48 +00:00
des
4287fb4340 Mention the recent sshd configuration changes. 2004-02-26 12:00:41 +00:00
des
437b8c0fdd Update VersionAddendum in config files and man pages. 2004-02-26 11:54:03 +00:00
des
ac19f1d43e Update for 3.8p1, including workaround for a bug in gss-genr.c. 2004-02-26 11:26:46 +00:00
des
c05d4b9b43 Define HAVE_GSSAPI_H. 2004-02-26 11:06:29 +00:00
des
77d6d5a07e Regenerate. 2004-02-26 10:57:38 +00:00
des
c7ba229763 Document recently changed configuration defaults. 2004-02-26 10:57:28 +00:00
des
124c4a1415 Resolve conflicts. 2004-02-26 10:52:33 +00:00
des
1754c77e5e This commit was generated by cvs2svn to compensate for changes in r126274,
which included commits to RCS files with non-trunk default branches.
2004-02-26 10:38:49 +00:00
des
7d1750f1d6 Vendor import of OpenSSH 3.8p1. 2004-02-26 10:38:49 +00:00
des
b1ffd1f6ac Merge OpenSSH 3.8p1. 2004-02-26 10:38:38 +00:00
des
270e7d7140 Prepare for upcoming 3.8p1 import. 2004-02-26 10:37:34 +00:00
des
85717525b0 Pull asbesthos underpants on and disable protocol version 1 by default. 2004-02-26 10:24:07 +00:00
tjr
3dc2c6ac8e Merge from NetBSD rev. 1.3 (drochner): Use getifaddrs(3) instead of
SIOCGIFCONF.
2004-02-26 08:49:19 +00:00
bde
709b7c8073 Rremoved bogus -static from CFLAGS. Makeworld will add -static in the
correct place if needed and possible.  Self-hosted builds can just use
the system default.
2004-02-26 07:50:56 +00:00
bde
fd2c94bc06 Backed out rev.1.6 and subsequent copying of it (bogus addition of
-static to CFLAGS).  It just turned rev.1.5 into an obfuscated no-op.
As explained in the log for rev.1.5, testing should be done in the
host environment but there is a problem in cross-compilation environments.
As not explained in the log for rev.1.6, there was apparently a practical
problem with cross-compiling (makeworld should have set -static in
LDFLAGS but apparently didn't).  Cross-compilation was especially
complicated because the relevant programs are test programs that were
run at beforeinstall time -- dynamic libraries might or might not exist
depending on the build options.  The complications became moot in
rev.1.8 when beforeinstall was renamed "test".
2004-02-26 07:44:37 +00:00
bde
ff55724eab Backed out the residue of rev.1.13 (bogus addition of -static to CFLAGS).
Makeworld will add -static in the correct place if needed and possible.
Self-hosted builds can just use the system default.

Fixed some nearby style bugs (code unrelated to its comment, and comment
formatting).
2004-02-26 07:08:33 +00:00
bde
aa2ff441f5 Backed out previous commit (bogus addition of -static to CFLAGS).
Sorted macros (in build order).
2004-02-26 06:33:18 +00:00
mlaier
d937176b34 Bring eventhandler callbacks for pf.
This enables pf to track dynamic address changes on interfaces (dailup) with
the "on (<ifname>)"-syntax. This also brings hooks in anticipation of
tracking cloned interfaces, which will be in future versions of pf.

Approved by: bms(mentor)
2004-02-26 04:27:55 +00:00
mlaier
428f1c9a0f Tweak existing header and other build infrastructure to be able to build
pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile
(i.e. do not connect it to any (automatic) builds - yet).

Approved by: bms(mentor)
2004-02-26 03:53:54 +00:00
rwatson
94f1c2c12e Move inet and inet6 related MAC Framework entry points from mac_net.c
to a new mac_inet.c.  This code is now conditionally compiled based
on inet support being compiled into the kernel.

Move socket related MAC Framework entry points from mac_net.c to a new
mac_socket.c.

To do this, some additional _enforce MIB variables are now non-static.
In addition, mbuf_to_label() is now mac_mbuf_to_label() and non-static.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-26 03:51:04 +00:00
mlaier
4733577ea0 Bring diff from the security/pf port. This has code been tested as a port
for a long time and is run in production use. This is the code present in
portversion 2.03 with some additional tweaks.

The rather extensive diff accounts for:
 - locking (to enable pf to work with a giant-free netstack)
 - byte order difference between OpenBSD and FreeBSD for ip_len/ip_off
 - conversion from pool(9) to zone(9)
 - api differences etc.

Approved by: bms(mentor) (in general)
2004-02-26 02:34:12 +00:00
mlaier
daa7c375df This commit was generated by cvs2svn to compensate for changes in r126258,
which included commits to RCS files with non-trunk default branches.
2004-02-26 02:04:28 +00:00
mlaier
d5e9ee3f6d Vendor import of OpenBSD's packet filter (pf) as of OpenBSD 3.4
Approved by: bms(mentor), core (in general)
2004-02-26 02:04:28 +00:00
eric
a6a3144367 Test data before using it.
Of course, libdialog is still chock-full of similar bugs, but it's been
multiple years and no one has any better suggestions so the bugs will just
be dealt with case-by-case.

PR:	28221
2004-02-26 01:52:39 +00:00
rwatson
765e9ab485 Update copyright on mac.9 for 2004. Use "-" for copyright year
ranges.

Add additional credits for contributions to the MAC Framework.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-26 01:18:46 +00:00
rwatson
2a43e75b09 Add a "-l" parameter to mdmfs so that memory file systems can be
created with the multilabel flag from inception.  This simply
passes the "-l" flag on to newfs(8).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-26 01:15:47 +00:00
rwatson
f0df387d84 Add a "-l" flag to newfs, which sets the FS_MULTILABEL flag. This
permits users of newfs to set the multilabel flag on UFS1 and UFS2
file systems from inception without using tunefs.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-26 01:14:27 +00:00
truckman
1de257deb3 Split the mlock() kernel code into two parts, mlock(), which unpacks
the syscall arguments and does the suser() permission check, and
kern_mlock(), which does the resource limit checking and calls
vm_map_wire().  Split munlock() in a similar way.

Enable the RLIMIT_MEMLOCK checking code in kern_mlock().

Replace calls to vslock() and vsunlock() in the sysctl code with
calls to kern_mlock() and kern_munlock() so that the sysctl code
will obey the wired memory limits.

Nuke the vslock() and vsunlock() implementations, which are no
longer used.

Add a member to struct sysctl_req to track the amount of memory
that is wired to handle the request.

Modify sysctl_wire_old_buffer() to return an error if its call to
kern_mlock() fails.  Only wire the minimum of the length specified
in the sysctl request and the length specified in its argument list.
It is recommended that sysctl handlers that use sysctl_wire_old_buffer()
should specify reasonable estimates for the amount of data they
want to return so that only the minimum amount of memory is wired
no matter what length has been specified by the request.

Modify the callers of sysctl_wire_old_buffer() to look for the
error return.

Modify sysctl_old_user to obey the wired buffer length and clean up
its implementation.

Reviewed by:	bms
2004-02-26 00:27:04 +00:00
rwatson
50cda16803 Assert pipe mutex in pipeselwakeup(), as we manipulate pipe_state
in a non-atomic manner.  It appears to always be called with the
mutex (good).
2004-02-26 00:18:22 +00:00
bms
c305cc0659 Add a note about the routed update breaking compatibility (for MD5
authentication only) with older versions of FreeBSD's routed.
2004-02-25 23:56:30 +00:00
bms
d21d623f8e Sync HEAD sources to vendor branch import of routed v2.27 from rhyolite.com.
Update <protocols/routed.h> for the MD5 changes requested in bin/35843.
Preserve local changes.

Education by:	obrien, markm, pointy-stick
PR:		bin/35843 (and doubtless others)
2004-02-25 23:45:57 +00:00
rwatson
3bcc63994d Update comment regarding MAC labels: we no longer pass endpoints
into the MAC Framework, just the pipe pair.

GC 'hadpeer' used in pipedestroy(), which is no longer needed as
we check pipe_present flags on the pair.
2004-02-25 23:30:56 +00:00
peter
8b23ea5630 Since we don't use PG_NX yet, don't turn on EFER_NXE quite yet. This needs
to be done based on the cpuid bits.  AMD says that we should test the cpuid
features bits for certain things, such as this.
2004-02-25 23:12:39 +00:00
emax
79ae057bef Fix endianes bug 2004-02-25 22:43:43 +00:00
des
33fda27b84 Use the -H option instead of the deprecated -follow predicate. 2004-02-25 21:45:41 +00:00
green
40452493ee Make the resolver(3) and many associated interfaces much more reentrant.
The getaddrinfo(3), getipnodebyname(3) and resolver(3) can coincide now
with what should be totally reentrant, and h_errno values will now
be preserved correctly, but this does not affect interfaces such as
gethostbyname(3) which are still mostly non-reentrant.

In all of these relevant functions, the thread-safety has been pushed
down as far as it seems possible right now.  This means that operations
that are selected via nsdispatch(3) (i.e. files, yp, dns) are protected
still under global locks that getaddrinfo(3) defines, but where possible
the locking is greatly reduced.  The most noticeable improvement is
that multiple DNS lookups can now be run at the same time, and this
shows major improvement in performance of DNS-lookup threaded programs,
and solves the "Mozilla tab serialization" problem.

No single-threaded applications need to be recompiled.  Multi-threaded
applications that reference "_res" to change resolver(3) options will
need to be recompiled, and ones which reference "h_errno" will also
if they desire the correct h_errno values.  If the applications already
understood that _res and h_errno were not thread-safe and had their own
locking, they will see no performance improvement but will not
actually break in any way.

Please note that when NSS modules are used, or when nsdispatch(3)
defaults to adding any lookups of its own to the individual libc
_nsdispatch() calls, those MUST be reentrant as well.
2004-02-25 21:03:46 +00:00
charnier
821b77eba3 According to source code, under certain conditions, logging goes to the
"auth" facility not "daemon".
Submitted by: "Bill Richter (7X22KEY)" <richterb@binkley.foothill.net>
2004-02-25 20:31:00 +00:00
mlaier
1504165dce Re-remove MT_TAGs. The problems with dummynet have been fixed now.
Tested by: -current, bms(mentor), me
Approved by: bms(mentor), sam
2004-02-25 19:55:29 +00:00
obrien
333bc770a3 Remove freebsd-update -- it breaks the Alpha, sparc64, ia64, and amd64
release bulds.
2004-02-25 19:05:47 +00:00