- BIOCGDIRECTION and BIOCSDIRECTION get or set the setting determining
whether incoming, outgoing, or all packets on the interface should be
returned by BPF. Set to BPF_D_IN to see only incoming packets on the
interface. Set to BPF_D_INOUT to see packets originating locally and
remotely on the interface. Set to BPF_D_OUT to see only outgoing
packets on the interface. This setting is initialized to BPF_D_INOUT
by default. BIOCGSEESENT and BIOCSSEESENT are obsoleted by these but
kept for backward compatibility.
- BIOCFEEDBACK sets packet feedback mode. This allows injected packets
to be fed back as input to the interface when output via the interface is
successful. When BPF_D_INOUT direction is set, injected outgoing packet
is not returned by BPF to avoid duplication. This flag is initialized to
zero by default.
Note that libpcap has been modified to support BPF_D_OUT direction for
pcap_setdirection(3) and PCAP_D_OUT direction is functional now.
Reviewed by: rwatson
attribute. Also define some macros to manipulate one of these
structures. Explain their use in the extattr.9 manual page.
The next step will be to make a sweep through the kernel replacing
the old pointer manipulation code. To get an idea of how they would
be used, the ffs_findextattr() function in ufs/ffs/ffs_vnops.c is
currently written as follows:
/*
* Vnode operating to retrieve a named extended attribute.
*
* Locate a particular EA (nspace:name) in the area (ptr:length), and return
* the length of the EA, and possibly the pointer to the entry and to the data.
*/
static int
ffs_findextattr(u_char *ptr, u_int length, int nspace, const char *name,
u_char **eap, u_char **eac)
{
u_char *p, *pe, *pn, *p0;
int eapad1, eapad2, ealength, ealen, nlen;
uint32_t ul;
pe = ptr + length;
nlen = strlen(name);
for (p = ptr; p < pe; p = pn) {
p0 = p;
bcopy(p, &ul, sizeof(ul));
pn = p + ul;
/* make sure this entry is complete */
if (pn > pe)
break;
p += sizeof(uint32_t);
if (*p != nspace)
continue;
p++;
eapad2 = *p++;
if (*p != nlen)
continue;
p++;
if (bcmp(p, name, nlen))
continue;
ealength = sizeof(uint32_t) + 3 + nlen;
eapad1 = 8 - (ealength % 8);
if (eapad1 == 8)
eapad1 = 0;
ealength += eapad1;
ealen = ul - ealength - eapad2;
p += nlen + eapad1;
if (eap != NULL)
*eap = p0;
if (eac != NULL)
*eac = p;
return (ealen);
}
return(-1);
}
After applying the structure and macros, it would look like this:
/*
* Vnode operating to retrieve a named extended attribute.
*
* Locate a particular EA (nspace:name) in the area (ptr:length), and return
* the length of the EA, and possibly the pointer to the entry and to the data.
*/
static int
ffs_findextattr(u_char *ptr, u_int length, int nspace, const char *name,
u_char **eapp, u_char **eac)
{
struct extattr *eap, *eaend;
eaend = (struct extattr *)(ptr + length);
for (eap = (struct extattr *)ptr; eap < eaend; eap = EXTATTR_NEXT(eap)){
/* make sure this entry is complete */
if (EXTATTR_NEXT(eap) > eaend)
break;
if (eap->ea_namespace != nspace ||
eap->ea_namelength != length ||
bcmp(eap->ea_name, name, length))
continue;
if (eapp != NULL)
*eapp = eap;
if (eac != NULL)
*eac = EXTATTR_CONTENT(eap);
return (EXTATTR_CONTENT_SIZE(eap));
}
return(-1);
}
Not only is it considerably shorter, but it hopefully more readable :-)
want an equivalent of DELAY(9) that sleeps instead of spins. It accepts
a wmesg and a timeout and is not interrupted by signals. It uses a private
wait channel that should never be woken up by wakeup(9) or wakeup_one(9).
Glanced at by: phk
transition to mbuma (FreeBSD 5.3) and the fact that mbufs are now limited
almost entirely to packet storage, with straight UMA zones being used for
most other network data types.
Apart from minor cleanup of the text, it should document
in reasonable detail what the status of the code is.
RELENG_6 has some minor differences there in the way automatic
loading/unloading is handled, but hopefully this should be
fixed by MFC time.
The examples come from Max Laier and Sam Leffler.
MFC after: 1 week
Note: This also deprecates "NO" as a way to specify an empty list of
interfaces for gif_interfaces.
PR: conf/104884
Submitted by: nork
Harassed by: brd
Discussed with: brooks, dougb
The patch from the PR was a little outdated w/regards to the
Vodafone vendor string.
PR: kern/106033
Submitted by: Volker Werth <volker_AT_vwsoft.com>
MFC in: 3 days
Make devfs cloning a sysctl/tunable which defaults to on.
If devfs cloning is enabled, only the super-user may create
tun(4)/tap(4)/vmnet(4) instances. Devfs cloning is still enabled by
default; it may be disabled from the loader or via sysctl with
"net.link.tap.devfs_cloning" and "net.link.tun.devfs_cloning".
Disabling its use affects potentially all tun(4)/tap(4) consumers
including OpenSSH, OpenVPN and VMware.
PR: 105228 (potentially also 90413, 105570)
Submitted by: Landon Fuller
Tested by: Andrej Tobola
Approved by: core (rwatson)
MFC after: 4 weeks
world order:
mount -t linsysfs linsys /compat/linux/sys
instead of mount_linsysfs. Now that 6.X requires mount_linsysfs to
work. This is why there is a mount_linsysfs in 6.X and not in -current.
Prompted by: ru
Reviewed by: ru, rodrigc
NetBSD version is a feature-to-feature re-implementation of GNU
gzip using the freely-redistributable zlib and this version is
expected to be mostly bug-to-bug compatible with the GNU
implementation.
- Because this is a piece of mature code and we want to make
changes so it is added directly rather than importing to
src/contrib.
- Connect newly added code to src/usr.bin/ and rescue/rescue
build.
- Disconnect the GNU gzip code from build for now, they will
be eventually removed completely.
- Provide two new src.conf(5) knobs, WITHOUT_BZIP2_SUPPORT and
WITHOUT_BZIP2.
Tested by: kris (full exp-7 pointyhat build)
Approved by: core (importing a 4-clause BSD licensed file)
Approved by: re (adding new utility during -HEAD code slush)
Point out that FreeBSD libc has compat stubs for GNU glibc NSS
modules which access NSDB_PASSWD/NSDB_GROUP, but not NSDB_HOSTS;
based on painful experience porting nss_mdns.
Reviewed by: ru
and add a list of known-working PCI devices.
- For consistency throughout this man page also talk about C-Bus and
ISA adapters rather than cards.
- Add missing .Tn.
- Mention ifconfig(8) along with listing selectable media types.
- Add/un-comment hardware notes for the newly supported 'lebuffer'
variants (the transition from P/N 501-1860 to 501-1869 isn't a typo).
passed unmodified to gcc. Therefore, "prescott" should be used for Prescott,
Nocona, Core and Core 2 CPUs when building 32-bit code, and "nocona" should
be used for Prescott, Nocona and Core 2 CPUs when building 64-bit code.
MFC after: 3 weeks
Approved by: gnn
Add a new function hashinit_flags() which allows NOT-waiting
for memory (or waiting). The old hashinit() function now
calls hashinit_flags(..., HASH_WAITOK);
Document my recent changes to rc.subr(8):
- there is $required_modules now;
- $required_* are checked before invoking a custom start method, too.
MFC after: 1 month
behave as expected.
Also:
- Return an error if WD_PASSIVE is passed in to the ioctl as only
WD_ACTIVE is implemented at the moment. See sys/watchdog.h for an
explanation of the difference between WD_ACTIVE and WD_PASSIVE.
- Remove the I_HAVE_TOTALLY_LOST_MY_SENSE_OF_HUMOR define. If you've
lost your sense of humor, than don't add a define.
Specific changes:
i80321_wdog.c
Don't roll your own passive watchdog tickle as this would defeat the
purpose of an active (userland) watchdog tickle.
ichwd.c / ipmi.c:
WD_ACTIVE means active patting of the watchdog by a userland process,
not whether the watchdog is active. See sys/watchdog.h.
kern_clock.c:
(software watchdog) Remove a check for WD_ACTIVE as this does not make
sense here. This reverts r1.181.
- Move mentionings of required drivers to the SYNOPSIS where they belong
- Remove cruft (XiG, sheesh) from the EXAMPLES section and re-arrange things to make
somewhat more sense
- Fix an Xref to manpage from ports to mention the corresponsing port
- Remove commented out HISTORY section header
MFC after: 3 days
revision 1.199
date: 2004/09/24 08:30:57; author: phk; state: Exp; lines: +0 -1
Remove the cdevsw() function which is now unused.
(the log is wrong, it was really devsw that was removed).
# we really need to actually document the functions in sys/conf.h as well
# as things like d_open...
Remove reference to mount_fdescfs(8), since mount(8) calls nmount()
directly to mount an fdescfs filesystem, instead of forking an
external mount_fdescfs program.
which allows to use it with different kinds of locks. For example it allows
to implement Solaris conditions variables which will be used in ZFS port on
top of sx(9) locks.
Reviewed by: jhb
want to confuse people at the very beginning.
Sync TOC/paragraph numbers in the text.
Requested by: Benedikt Stockebrand during his talk at EuroBSDCon 2006
Reviewed by: gnn
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
POSIX advice to just ignore the operation and return 0.
We already handle this case in kern_rename(), but don't give bad example -
the source is not removed.
to WITH_CDDL.
This option enables building code that is licensed under Sun's CDDL.
The DTrace code is licensed that way, so by default it will get built
unless the WITHOUT_CDDL option is used.
There is another build toggle, NO_CTF, which turns off execution of
ctfconvert and ctfmerge in sys.mk, but this can't be implemented as
WITH_/WITHOUT because bsd.own.mk isn't included in all Makefiles and
sys.mk is included automatically by make.
* USB HID Usage Tables, V1.12
* USB Monitor Control Class Specification, V1.0
* USB Usage Tables for HID Power Devices, V1.0
* USB Device Class Definition for Physical Devices, V1.0
* USB HID Point of Sale Usage Tables, V1.02
- Fix spelling of 'Microsoft'
- Bring the so called Microsoft page, in line with the style of the rest of
the file.
- Remove NetBSD version string as it doesn't reflect reality any longer
Approved by: emax (mentor)
- s/ip.forwarding/net.inet.ip.forwarding/ to match reality [1]
Approved by: keramida (mentor), trhodes (mentor)
MFC after: 5 days
Submitted by: Tom McLaughlin via #bsddocs
: revision 1.13
: date: 2002/04/03 15:44:53; author: phk; state: Exp; lines: +0 -5
: Initial deorbit burn for the undocumented and unused d_boot[01]
: fields of struct disklabel.
:
: Sponsored by: DARPA and NAI Labs.
: ----------------------------
: revision 1.15
: date: 2002/05/12 20:49:33; author: phk; state: Exp; lines: +1 -3
: Retire the bogus uses of the disklabel field d_sbsize and begin to
: initialize it to zero so we don't have to have everbody and their
: aunt including FFS specific header files.
:
: Sponsored by: DARPA & NAI Labs.