power management. This will only work on newer firmware revisions; older
firmware will silently ignore the attempts to turn power management on.
Patches supplied by: Brad Karp <karp@eecs.harvard.edu>
WaveLAN's radio modem. The default is whatever the NIC uses since NICs
sold in different countries may default to different frequencies. (The
Lose95/LoseNT software doesn't let you select the channel so it's probably
not really meant to be changed.)
adapter (and some workalikes). Also add man pages and a wicontrol
utility to manipulate some of the card parameters.
This driver was written using information gleaned from the Lucent HCF Light
library, though it does not use any of the HCF Light code itself, mainly
because it's contaminated by the GPL (but also because it's pretty gross).
The HCF Light lacks certain featurs from the full (but proprietary) HCF
library, including 802.11 frame encapsulation support, however it has
just enough register information about the Hermes chip to allow someone
with enough spare time and energy to implement a proper driver. (I would
have prefered getting my hands on the Hermes manual, but that's proprietary
too. For those who are wondering, the Linux driver uses the proprietary
HCF library, but it's provided in object code form only.)
Note that I do not have access to a WavePOINT access point, so I have
only been able to test ad-hoc mode. The wicontrol utility can turn on
BSS mode, but I don't know for certain that the NIC will associate with
an access point correctly. Testers are encouraged to send their results
to me so that I can find out if I screwed up or not.
Obtained from: PAO (written in Japanese)
Reviewed by: bsd-nomads@clave.gr.jpfreebsd-mobile@freebsd.org
Randy Bush <randy@psg.com>
Bill Trost <trost@grey.cloud.rain.com>
Bruce Campbell <bc@apnic.net>
This really fixes the condition where a child creates children of its own.
I'm leaving the previous sanity tests in though, since they shouldn't hurt,
and will give an indication if this ever happens again.
try to fork() a child of its own, which could result in several children
ypservs running at once. I'm still not sure exactly what leads to this
condition, but these fixes should stop it from causing trouble. A new
function, yp_fork() checks to see if the current process is already a
child of the parent ypserv, and returns failure (and logs an error message)
rather than spawning another child.
Enable MS-CHAP support.
release/Makefile:
Build a separate NOCRYPT version of pppd, to keep This Great
Nation's top-secret cryptographic tools out of the filthy hands
of those evil furriners.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
feature of packages now so that no version info is embedded.
o Add a default X desktop menu offering afterstep, enlightenment, KDE, GNOME
and Windowmaker desktops instead of the boring twm(1) based one if the
user so chooses. This will require a little testing.
However, it doesn't check if the remote printer name it
is sending it to is the same as the local printer name,
and so chokes 'cos "laser" is not a real printer.
PR: 7081
Submitted by: David Malone <dwmalone@maths.tcd.ie>
device per argument rather than the old way of concatenating
everything then splitting the result at commas and whitespace.
Old syntax of ``set device /dev/cuaa0, /dev/cuaa1''
may no longer contain the comma, but syntax such as
``set device "!ssh host ppp -direct label"'' is now
possible.
- make this work: options FOO123=456 *without quotes*
- grumble (but accept) vector xxxintr, and tty/net/bio/cam flags.
- complain if a device is specified twice (eg: 2 x psm0)
- don't require quotes around: port IO_COM2
- recognize negative numbers. (ie: options CAM_DEBUG_UNIT=-1)
- GC some more unused stuff (we don't have composite disks from config(8)).
- various other nits (snprintf paranoia etc)
receiver and one for the sender. This allows two simultaneous
chap conversations - something that I *thought* I was already
doing on a daily basis myself until the existence of the
problem was
Beaten into me by: sos
I zapped the MACHINE_MIPS stuff, it isn't likely to be useful apart from
recognition of the machine name. It would be reasonable to expect new
ports would look something like the alpha/i386 from a config perspective.
only worked for configurations with "swap on generic".
usr.sbin/config/config.y:
- ignore all "swap [on] device ...' specifications except for
warning about them. They haven't done anything related to swap
for almost 4 years, and were previously silently ignored,
except for "swap on generic" which stopped swap${KERNEL}.c
from being generated. Code to support swapping is now deader
than before.
usr.sbin/config/mkswapconf.c:
- don't generate a dummy setconf() function in swap${KERNEL}.c.
sys/i386/conf/files.i386:
- swapgeneric.c is now standard. It should be merged into autoconf.c
so that it doesn't conflict with swap${KERNEL}.c for kernels named
"generic".
sys/i386/i386/autoconf.c:
- don't call setroot() for mfs roots. Since setroot() doesn't do anything
harmful, this was just a waste of time, except possibly for booting with
-a it may have helped prevent an undesireable call to setconf() by
finding a bogus rootdev.
- honor -a for ffs roots. -a now overrides all other ways of specifying
the root device. Previously, -r had precedence over -a, and the -a
handling was usually a no-op.
- don't honor -a for non-ffs roots, since it would currently just get in
the way of a clean panic.
sys/i386/i386/swapgeneric.c:
- don't declare things that are now always declared in swap${KERNEL}.c.
Don't decide things that are now decided in autoconf.c. Code to
support the "generic" case is now dead instead of useless.
with our own if there are differing bits (last two revisions
of lcp.c). This change broke at least one negotiation
session.
Instead, we just use an OR of the two accmap values when
we're doing the ASYNC framing.
Requested-by: ache
bde
dg
Modify targets for debug kernels: when -g was specified, make will
now build a debug kernel called kernel.debug, and create a stripped
version called kernel at the same time. The two targets install and
install.debug are otherwise unchanged.
Requested-by: dillon
Update man page accordingly.
2. Config complains if you use -g:
Debugging is enabled by default, there is no ned to specify the -g option
3. Config warns you if you don't use -s:
Building kernel with full debugging symbols. Do
"config -s BSD" for historic partial symbolic support.
To install the debugging kernel, do make install.debug
(BSD was the name of the config file I used; I print out the same
name).
4. Modify Makefile.i386, Makefile.alpha, Makefile.pc98 and config to
work if a kernel name other than 'kernel' is specified. This is
not absolutely necessary, but useful, and it was relatively easy.
I now have a kernel called /crapshit :-)
5. Modify Makefile.i386, Makefile.alpha, Makefile.pc98 "clean" target
to remove both the debug and normal kernel.
6. Modify all to install the stripped kernel by default and the debug
kernel if you enter "make install.debug".
7. Update version number of Makefiles and config.
2. Config complains if you use -g:
Debugging is enabled by default, there is no ned to specify the -g option
3. Config warns you if you don't use -s:
Building kernel with full debugging symbols. Do
"config -s BSD" for historic partial symbolic support.
To install the debugging kernel, do make install.debug
(BSD was the name of the config file I used; I print out the same
name).
4. Modify Makefile.i386, Makefile.alpha, Makefile.pc98 and config to
work if a kernel name other than 'kernel' is specified. This is
not absolutely necessary, but useful, and it was relatively easy.
I now have a kernel called /crapshit :-)
5. Modify Makefile.i386, Makefile.alpha, Makefile.pc98 "clean" target
to remove both the debug and normal kernel.
6. Modify all to install the stripped kernel by default and the debug
kernel if you enter "make install.debug".
7. Update version number of Makefiles and config.
Networks Tigon 1 and Tigon 2 chipsets. There are a _lot_ of OEM'ed
gigabit ethernet adapters out there which use the Alteon chipset so
this driver covers a fair amount of hardware. I know that it works with
the Alteon AceNIC, 3Com 3c985 and Netgear GA620, however it should also
work with the DEC/Compaq EtherWORKS 1000, Silicon Graphics Gigabit
ethernet board, NEC Gigabit Ethernet board and maybe even the IBM and
and Sun boards. The Netgear board is the cheapest (~$350US) but still
yields fairly good performance.
Support is provided for jumbo frames with all adapters (just set the
MTU to something larger than 1500 bytes), as well as hardware multicast
filtering and vlan tagging (in conjunction with the vlan support in
-current, which I should merge into -stable soon). There are some hooks
for checksum offload support, but they're turned off for now since
FreeBSD doesn't have an officially sanctioned way to support checksum
offloading (yet).
I have not added the 'device ti0' entry to GENERIC since the driver
with all the firmware compiled in is quite large, and it doesn't really
fit into the category of generic hardware.
to now detect that CD you just remembered to put in the drive or that
pccard NIC that you've inserted (anybody can put pccardd in an mfsroot image
now you know.. :)
Requested by: Annelise Anderson <andrsn@andrsn.Stanford.EDU>
which init thoughtfully revoke()'s when starting a getty on ttyv0. This
Cron's popen() was passing these fd's through to cron children (ie:
sendmail, *not* normal cron jobs). The side effects were usually
not noticed, but it tripped up postfix which did a sanity check to see
that stdin/out/err were open, and got EBADF even thought the fd's were
in use. I seem to recall sendmail itself has hacks to work around
this problem, it had a checkfd012() function, possibly for this same
problem. (Postfix has a workaround too now though..)
This is a hack, not a fix. It's probably best to check and perhaps
close/reopen() /dev/console if needed each time around the event loop.
It would probably be useful to actually see any error messages from cron.
with more than one read(). When we detect one, don't
forget to pass it to async_Input() and drop our
terminal back into command mode.
Don't output an extraneous \r if we're passed \r\n
to prompt_vprintf in raw mode.
when recalculating the ip checksum. cp is not guaranteed to
be aligned. It now doesn't matter that cp isn't aligned as
the caller does another mbuf_Alloc() regardless.
need to process a signal (usually a SIGALRM). Check to see
if we need to process a signal both before *and* after calling
select() as older (pre-2.0) versions of ppp used to.
This handles the possibility that ppp may block at some
point (maybe due to an open() of a misconfigured device).
Previously, we'd potentially lock up in select().
The `necessary' marker reduces the increased signal checking
overhead so that at full speed with no compression transferring
an 83Mb file via a ``!ppp -direct'' device, we get a 1%
throughput gain.
ACCMAP being REQuested by the peer, also increment our FSM
id so that we don't end up sending out a new REQ with the
same ID and different data (the changed ACCMAP).
orthogonal to the other entries).
Clean up X selection code a bit.
Choose proper architecture subdirectories on mirror sites now that we've
gone fully to the new multi-arch directory scheme.
The old VN device broke in -4.x when the definition of B_PAGING
changed. This patch fixes this plus implements additional capabilities.
The new VN device can be backed by a file ( as per normal ), or it can
be directly backed by swap.
Due to dependencies in VM include files (on opt_xxx options) the new
vn device cannot be a module yet. This will be fixed in a later commit.
This commit delimitted by tags {PRE,POST}_MATT_VNDEV
before printing it. Terminate when we come to a 0xff byte. This
allows there to be zero or more additional info fields printed
correctly. Before, the old code would print bogons or dump core when
presented with this case.
I don't know what the spec says about this, exactly, but this allows
me to do a dumpcis of my non-ATA AMP 4M FLASH cards w/o pccardc
dumping core.
when we've simply missed a packet.
When our Predictor1 CRC is wrong (implying we've dropped
a packet), don't send a ResetReq(). Instead, send another
CCP ConfigReq(). *shrug* My tests show this as being far
worse than the ResetReq as we may have further Nak/Rejs etc
and we're basically resetting both our incoming and outgoing
compression dictionaries, but rfc1978 says the ConfigReq is
correct, so we'd better go along...
- Refined internal interface in keyboard drivers so that:
1. the side effect of device probe is kept minimal,
2. polling mode function is added,
3. and new ioctl and configuration options are added (see below).
- Added new ioctl: KDSETREPEAT
Set keyboard typematic rate. There has existed an ioctl command,
KDSETRAD, for the same purpose. However, KDSETRAD is dependent on
the AT keyboard. KDSETREPEAT provides more generic interface.
KDSETRAD will still be supported in the atkbd driver.
- Added new configuration options:
ATKBD_DFLT_KEYMAP
Specify a keymap to be used as the default, built-in keymap.
(There has been undocumented options, DKKEYMAP, UKKEYMAP, GRKEYMAP,
SWKEYMAP, RUKEYMAP, ESKEYMAP, and ISKEYMAP to set the default keymap.
These options are now gone for good. The new option is more general.)
KBD_DISABLE_KEYMAP_LOADING
Don't allow the user to change the keymap.
Move the Olicom token ring driver to the officially sanctionned location of
/sys/contrib. Also fix some brokenness in the generic token ring support.
Be warned that if_dl.h has been changed and SOME programs might
like recompilation.
- Transparent proxy support.
- PERMANENT_LINK IS NOW OBSOLETE, use redirect_port instead.
- Drop support for early FreeBSD 2.2 versions
- If separate input & output sockets are being used
use them to find out packet direction instead of
normal mechanism. This can be handy in complex environments
with multiple interfaces.
- PPTP redirect support by Dru Nelson <dnelson@redwoodsoft.com> added.
- Logging enhancements from Martin Machacek <mm@i.cz> added.
Obtained from: Ari Suutari <ari@suutari.iki.fi>
This was pretty harmless as netmasks on a POINTOPOINT
interface are pretty much ignored, but it looked funny.
Mention the configured netmask in ``show ipcp''.
Describe in more detail what a proxy arp entry is.
peers by ORing the two together and NAKing or REQing
the result rather than allowing seperate local/peer
values.
If the peer REJs our ACCMAP and our ACCMAP isn't 0,
warn about it and ignore the rejection.
``closing''.
Pointed out by: archie
Don't do a TLF when we get a ``Catastrphic Protocol Reject'' event
in state ``closed'' or ``stopped''.
Pointed out but not suggested by: archie
This makes no difference in the current implementation as
LcpLayerFinish() does nothing but log the event, but I disagree
in principle because it unbalances the TLF/TLS calls which
(IMHO) doesn't fit with the intentions of the RFC.
Maybe the RFC author had a reason for this. It can only happen
in two circumstances:
- if LCP has already been negotiated then stopped or closed and we
receive a protocol reject, then we must already have done a TLF.
Why do one again and stay in the same state ?
- if LCP hasn't yet been started and we receive an unsolicted
protocol reject, why should we TLF when we haven't done a TLS ?
we're already in network phase and our autoload values
are set with no minimum threshold (the default).
Tell the autoload timer that it's ``coming up'' *before*
calling AutoLoadTimeout() directly... not after. This
prevents the very first demand-dial connection from
immediately disconnecting when there are other auto links.
Problem diagnosis: Ted Mittelstaedt <tedm@toybox.placo.com>
that are made in each of the FSMs (LCP, CCP & IPCP) and the
number of REQs/Challenges for PAP/CHAP by accepting more arguments
in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands.
Change the non-convergence thresholds to 3 times the number of configured
REQ tries (rather than the previous fixed ``10''). We now notice
repeated NAKs and REJs rather than just REQs.
Don't suggest that CHAP 0x05 isn't supported when it's not configured.
Fix some bugs that expose themselves with smaller numbers of retries:
o Handle instantaneous disconnects (set device /dev/null) correctly
by stopping all fsm timers in fsm2initial.
o Don't forget to uu_unlock() devices that are files but are not
ttys (set device /dev/zero).
Fix a *HORRENDOUS* bug in RFC1661 (already fixed for an Open event in state
``Closed''):
According to the state transition table, a RCR+ or RCR- received in
the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq
and SendConfig{Ack,Nak}. However, in ``Stopped'', we haven't yet
done a TLS (or the last thing we did is a TLF). We must therefore
do the TLS at this point !
This was never noticed before because LCP and CCP used not use
LayerStart() for anything interesting, and IPCP tends to go into
Stopped then get a Down because of an LCP RTR rather than getting a
RCR again.
(with care) in those instances where boot0 is not passed the
correct drive number by the PC BIOS. (The symptoms are a
"F5 Drive 0" line, even though the current drive is drive 0.)
a bum name to return as 0.0.0.0... we don't want ``delete xxx''
to delete the default route when xxx doesn't resolve.
Support IP number specifications as the host when specifying
a tcp-style device (rather than *just* hostnames).
correctly by invoking the timer to get the value before
displaying the message.
Don't assume that a value of 0 is ``random'' in
``show datalink''.
Make the random value between 1 and DIAL_TIMEOUT rather
than between 0 and DIAL_TIMEOUT-1
This is for various Olicom cards. An IBM driver is following.
This patch also adds support to tcpdump to decode packets on tokenring.
Congratulations to the proud father.. (below)
Submitted by: Larry Lile <lile@stdio.com>
Some CHAP implementations send no welcome message with their
SUCCESS/FAILURE packets. This was being mis-identified as
a truncated packet by the new authentication code :-(
is complete before checking carrier. If it's there,
the device supports carrier. If it's not it doesn't.
Add the ``set cd'' command for deciding how soon to check
for carrier, and for deciding if carrier is REQUIRED.
The default has changed: Pre 2.0 versions of ppp waited
for 1 second. Version 2 didn't wait, but this causes
problems with some (few?) modems that don't assert carrier
immediately on reporting CONNECT. The one second delay
is back now and can be removed with ``set cd 0''.
Bump the ppp version number in case this needs to be changed
again....
each time rather than making up a new one.
Increase the authname/authkey max sizes to 100 characters.
Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do). The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.
This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.
Examples will follow.
incorrect; returning NULL here means that the dispatcher won't send any
response back to the caller, which means the caller will sit there waiting
until it times out. I don't know how this ever worked before. The effect
is that using 'ypset foo' to get the local ypbind to change servers would
work, but would sit there hanging for a long time for no reason.
Under certain conditions (possibly associated with heavy load), ypserv will
fork() child processes that don't exit like they're supposed to. I think
this is because of some suspect logic in the ypproc_all procedure. I updated
it to use what I hope is a more bulletproof approach.
Also tweaked yp_svc_run() a little so that the 'are we a child?' test happens
at every pass through the for(;;) loop, not just immediately after returning
from svc_getreqset2().
input routines and take advantage of the new init/continue
interface in libradius. This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel. It should also make the future addition
of PAM support trivial.
While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.
NOTE: This involved integrating the generation of chap
challenges and the validation of chap responses
(and commenting what's going on in those routines).
I currently have no way of testing ppps ability
to respond to M$Chap CHALLENGEs correctly, so if
someone could do the honours, it'd be much
appreciated (it *looks* ok!).
Sponsored by: Internet Business Solutions Ltd., Switzerland
Now we know which variables are internal and which need to be
backed to /etc/rc.conf.site. rc.conf is not touched now.
Also kget kernel change information back properly and set up a loader.rc
file to use it.
Previously the foolowing lines would have broken:
controller fdc0 at isa? disable port ? bio
controller fdc0 at isa? disable port 0x100 bio
While this would work:
controller fdc0 at isa? disable port "IO_FD1" bio
The first of the three lines is useful for making placeholder devices
for PCMCIA-floppies, and the second is useful for non-standard hardware.
The failure is a "(null)" string in ioconf.c that the compiler pukes on.
Thanks to: Bruce Evans (bde@freebsd.org)
configured. This isn't strictly necessary according to the
rfc, but it's suggested there....
o Don't forget to include our authname when sending a
CHAP challenge when RADIUS is configured.
o Don't supply the ``16'' representing the chap answer
length to radius_Authenticate() - libradius does this
for us.
o When we successfully authenticate via radius_Authenticate(),
continue with datalink_AuthOk() as expected.
Sponsored by: Internet Business Solutions Ltd., Switzerland
details. Compiling with -DNORADIUS (the default for `release')
removes support.
TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.
Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(
Sponsored by: Internet Business Solutions Ltd., Switzerland
wcarchive. This needs to be updated when:
(a) The directory structure changes on wcarchive
(b) getosreldate() has a new significance
(ie. get ELF packages/get a.out packages)
(c) Branches are changed around
As we stand right now, 3.0-postELFday and 4.0-x all point to the same
directory, but when 4.0 starts to have its own packages, this file will
need to be changed.
Add the much-needed and long-desired ability to force the log rotation
to take place on a specific day or time, and document same. This works
by extending the syntax of the `when' field to allow a restricted
ISO 8601 time specification, and performing the log rotation if newsyslog
is run during the same hour as is specified.
changes:
- Finish migrating zic to its own private.h.
- Fix zic.8 so that it really is written in -mdoc.
- Add four new flags to zic (&document):
-D don't create directories
-u change ownership of newly-created files to user
-g change ownership of newly-created files to group
-m change mode of newly-created files to modespec
These, once proven, can be used to clean up the installation.
Obtained from: ftp://elsie.nci.nih.gov/pub/tzcode1999a.tar.gz (partially)
with minor changes to work around a bug in Cisco's IOS version 12.0 .
3.9-beta3 is much improved over 3.8, and is only labelled "beta" because
of missing features, as opposed to instability or known bugs.
otherwise windows clients will keep resending the
response :-/
It'd be nice if M$ would document this sort of thing !
Problem reported by: Andrzej Tobola <san@tmp.iem.pw.edu.pl>
The previous commit broke mtree(8) when file names using certain 8-bit
characters ended up being encoded with '/', '*', and other shell
metacharacters.
PR: bin/9538
Submitted by: "Eugene M. Kim" <astralblue@usa.net>
Reviewed by: jkoshy
Bug-missed-last-time-by: jkoshy
The remote option allows for automatic package fetching and installation
using the package repository found on wcarchive. Naturally, this site
can be overridden with a enviornment variable.
This code uses getobjformat() and getosreldate(). This means when some event
causes the package to be fetched to change (such as e-day) the logic also
needs to be changed.
Sorta reviewed by: jkh
Code suggestions: peter, jkh, eivind, msmith