1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-13 14:40:22 +00:00
Commit Graph

427 Commits

Author SHA1 Message Date
Bruce M Simpson
1cfd4b5326 Initial import of RFC 2385 (TCP-MD5) digest support.
This is the first of two commits; bringing in the kernel support first.
This can be enabled by compiling a kernel with options TCP_SIGNATURE
and FAST_IPSEC.

For the uninitiated, this is a TCP option which provides for a means of
authenticating TCP sessions which came into being before IPSEC. It is
still relevant today, however, as it is used by many commercial router
vendors, particularly with BGP, and as such has become a requirement for
interconnect at many major Internet points of presence.

Several parts of the TCP and IP headers, including the segment payload,
are digested with MD5, including a shared secret. The PF_KEY interface
is used to manage the secrets using security associations in the SADB.

There is a limitation here in that as there is no way to map a TCP flow
per-port back to an SPI without polluting tcpcb or using the SPD; the
code to do the latter is unstable at this time. Therefore this code only
supports per-host keying granularity.

Whilst FAST_IPSEC is mutually exclusive with KAME IPSEC (and thus IPv6),
TCP_SIGNATURE applies only to IPv4. For the vast majority of prospective
users of this feature, this will not pose any problem.

This implementation is output-only; that is, the option is honoured when
responding to a host initiating a TCP session, but no effort is made
[yet] to authenticate inbound traffic. This is, however, sufficient to
interwork with Cisco equipment.

Tested with a Cisco 2501 running IOS 12.0(27), and Quagga 0.96.4 with
local patches. Patches for tcpdump to validate TCP-MD5 sessions are also
available from me upon request.

Sponsored by:	sentex.net
2004-02-11 04:26:04 +00:00
Warner Losh
65b4a1b917 Remote meteor driver. It hasn't compiled in over 3 years. If someone
makes it compile again, and can test it, we can restore the driver to
the tree.
2003-12-07 04:41:11 +00:00
Warner Losh
6ee2f106aa The dgb driver is redundant with the digi driver in the tree. It uses
lots of old interfaces, and digi now supports all cards that dgb
supported.  The author of the driver says that this is no longer
necessary.

Approved by: babkin@
2003-12-07 04:18:52 +00:00
Shunsuke Akiyama
565f53bbaa Make interrupt pipe interval time configurable.
- Add kernel options: {UPLCOM,UVSCOM}_INTR_INTERVAL
- Add sysctl variables: 'hw.usb.{uplcom,uvscom}.interval'

MFC after:	1 week
2003-11-16 12:26:10 +00:00
Hartmut Brandt
ed91f9a547 Allow the ng_uni node (NgATM signalling layer) to be built into the
kernel via options NGATM_UNI.
2003-11-07 09:18:53 +00:00
Bruce Evans
b75a04af23 Removed the garbage options DPT_ALLOW_MEMIO, HIFN_NO_RNG,
IPFIREWALL_FORWARD, NTIMECOUNTER, OHCI_DEBUG, UGEN_DEBUG, UHCI_DEBUG,
UHID_DEBUG, UHUB_DEBUG, UKBD_DEBUG, ULPT_DEBUG, UMASS_DEBUG, UMS_DEBUG,
URIO_DEBUG and VINUM_AUTOSTART.
2003-11-05 14:37:48 +00:00
Scott Long
126f0dfa3a Hook the udf_iconv module up to the kernel build.
Submitted by: imura@ryu16.org
2003-11-05 06:38:14 +00:00
Nate Lawson
cc65a50cc5 Change the reset video option to be positive (hw.acpi.reset_video).
Requested by:	jhb

Initialize the real mode stack.  This is needed at least for the return
address from the lcall.
Requested by:	takawata

Fix style bugs in acpi_wakecode.S
Requested by:	bde

Remove the kernel option now that we have the tunable.
2003-11-01 00:18:29 +00:00
Mitsuru IWASAKI
d63ab51a51 Alphabetical order for ACPI options broken by adding ACPI_NO_RESET_VIDEO.
Add short comment about ACPI_NO_RESET_VIDEO into NOTES.

Pointed-out by:	njl
2003-10-29 14:22:09 +00:00
Mitsuru IWASAKI
92781c3567 Add kernel option ACPI_NO_RESET_VIDEO as workaround for problems
(e.g. LCD white-out after resume) on some machine cased by
re-initialize video BIOS code in acpi_wakecode.
2003-10-29 03:30:45 +00:00
Sam Leffler
395bb18680 speedup stream socket recv handling by tracking the tail of
the mbuf chain instead of walking the list for each append

Submitted by:	ps/jayanth
Obtained from:	netbsd (jason thorpe)
2003-10-28 05:47:40 +00:00
Hartmut Brandt
027ebd2f39 Allow building the NgATM SAAL layer directly into the kernel. 2003-10-27 11:19:08 +00:00
Hidetoshi Shimokawa
869093b15d Add dumb console driver and related bits.
dcons(4): very simple console and gdb port driver
dcons_crom(4): FireWire attachment
dconschat(8): User interface to dcons

Tested with: i386, i386-PAE, and sparc64.
2003-10-24 15:44:10 +00:00
Nate Lawson
3c0014e8ae Add the ACPICA_PEDANTIC option which is off by default. Enabling it will
enable strict checks of the AML.  Our default behavior will be to relax
checks to work on as many platforms as possible.  Also clean up and document
other ACPI options while I'm here.
2003-10-22 22:27:49 +00:00
Max Khon
c4f02a891f - Support for multibyte charsets in LIBICONV.
- CD9660_ICONV, NTFS_ICONV and MSDOSFS_ICONV kernel options
(with corresponding modules).
- kiconv(3) for loadable charset conversion tables support.

Submitted by:	Ryuichiro Imura <imura@ryu16.org>
2003-09-26 20:26:25 +00:00
Marcel Moolenaar
8194412b89 Add support for using uart(4) for pulse capturing for the Pulse Per
Second (PPS) timing interface. The support is non-optional and by
default uses the DCD line signal as the pulse input. A compile-time
option (UART_PPS_ON_CTS) can be used to have uart(4) use the CTS line
signal.

Include <sys/timepps.h> in uart_bus.h to avoid having to add the
inclusion of that header in all source files.

Reviewed by: phk
2003-09-11 23:06:42 +00:00
Tim J. Robbins
d14e51c95c Add support for the Coda 6.x venus<->kernel interface. This extends
FIDs to be 128-bits wide and adds support for realms.

Add a new CODA_COMPAT_5 option, which requests support for the old
Coda 5.x interface instead of the new one.

Create a new coda5.ko module that supports the 5.x interface, and make
the existing coda.ko module use the new 6.x interface. These modules
cannot both be loaded at the same time.

Obtained from:	Jan Harkes & the coda-6.0.2 distribution,
		NetBSD (drochner) (CODA_COMPAT_5 option).
2003-09-07 07:43:10 +00:00
Søren Schmidt
5fdbb0d222 This is a major rework of the ATA driver (ATAng)
Restructure the way ATA/ATAPI commands are processed, use a common
ata_request structure for both. This centralises the way requests
are handled so locking is much easier to handle.

The driver is now layered much more cleanly to seperate the lowlevel
HW access so it can be tailored to specific controllers without touching
the upper layers. This is needed to support some of the newer
semi-intelligent ATA controllers showing up.

The top level drivers (disk, ATAPI devices) are more or less still
the same with just corrections to use the new interface.

Pull ATA out from under Gaint now that locking can be done in a sane way.

Add support for a the National Geode SC1100. Thanks to Soekris engineering
for sponsoring a Soekris 4801 to make this support.

Fixed alot of small bugs in the chipset code for various chips now
we are around in that corner anyways.
2003-08-24 09:22:26 +00:00
Robert Watson
782f725560 Hook up mac_stub to the modules Makefile.
Hook up mac_stub in files and options.
Reference mac_stub in NOTES.
2003-08-21 16:48:39 +00:00
Alexander Langer
30e27d9623 Add a overhaul of the soundchip initialization for the MSP34xx chipsets
found only many tv-cards.

We currently use more ore less evil hacks (slow_msp_audio sysctl) to
configure the various variants of these chips in order to have
stereo autodetection work.  Nevertheless, this doesn't always work
even though it _should_, according to the specs.
This is, for example, the case for some popular Hauppauge models sold
sold in Germany.

However, the Linux driver always worked for me and others.  Looking at
the sourcecode you will find that the linux-driver uses a very much
enhanced approach to program the various msp34xx chipset variants,
which is also found in the specs for these chips.

This is a port of the Linux MSP34xx code, written by Gerd Knorr
<kraxel@bytesex.org>, who agreed to re-release his code under a
BSD license for this port.

A new config option "BKTR_NEW_MSP34XX_DRIVER" is added, which is required
to enable the new driver.  Otherwise the old code is used.

The msp34xx.c file is diff-reduced to the linux-driver to make later
modifications easier, thus it doesn't follow style(9) in most cases.

Approved by:	roger (committing this, no time to test/review),
		keichii (code review)
2003-08-12 09:45:34 +00:00
Hartmut Brandt
ee4080d424 Add ng_atmpif: a HARP physical interface emulation. This allows one
to run the HARP ATM stack without real hardware.

Submitted by:	Vincent Jardin <vjardin@wanadoo.fr>
2003-08-11 08:40:02 +00:00
Jeffrey Hsu
e0f688ba30 Add support for "options PIM" in the kernel configuration file.
Submitted by:	Pavlin Radoslavov <pavlin@icir.org>
2003-08-07 18:19:28 +00:00
Poul-Henning Kamp
86e2f1f1ea Remove the NSWAPDEV option, we have no upper limit on how many
swap devices we can have anymore.
2003-08-03 13:39:59 +00:00
Nate Lawson
dda5f182ae Fix the new DA_OLD_QUIRKS option for normal and module compiles.
Pointed out by: 	bde
2003-07-29 18:08:16 +00:00
Nate Lawson
af991a6d16 Deprecate USB and Firewire quirks. We should now never send 6 byte commands
to such devices.  If a device fails due to this commit, add:
   options DA_OLD_QUIRKS
to the kernel config and recompile.  Then send the output of "camcontrol
inquiry da0" to scsi@freebsd.org so the quirk can be re-enabled.
2003-07-29 04:32:33 +00:00
Bernd Walter
77bf7b3bc0 EISA_SLOTS is mandantory to get opt_eisa.h
Put it into MI files.
2003-07-22 11:42:45 +00:00
Sam Leffler
fc66b6e994 safenet driver config glue
Sponsored by:   Global Technology Associates, Inc.
2003-07-21 21:50:41 +00:00
Hartmut Brandt
7e9024cdd9 Add a facility for devices, specifically network interfaces, that require
large to huge amounts of small or medium sized receive buffers. The problem
with these situations is that they eat up the available DMA address space
very quickly when using mbufs or even mbuf clusters. Additionally this
facility provides a direct mapping between 32-bit integers and these buffers.
This is needed for devices originally designed for 32-bit systems. Ususally
the virtual address of the buffer is used as a handle to find the buffer as
soon as it is returned by the card. This does not work for 64-bit machines
and hence this mapping is needed.
2003-07-15 08:59:38 +00:00
Warner Losh
08ebe101d2 Fix typo for BURN_BRIDGES' file, it should be opt_global.h 2003-07-11 17:04:37 +00:00
Sean Kelly
370c3cb57c - Add a software watchdog facility.
This commit has two pieces. One half is the watchdog kernel code which lives
primarily in hardclock() in sys/kern/kern_clock.c. The other half is a userland
daemon which, when run, will keep the watchdog from firing while the userland
is intact and functioning.

Approved by:	jeff (mentor)
2003-06-26 09:50:52 +00:00
Sam Leffler
167f409fd6 config+build glue for Atheros support 2003-06-25 14:51:20 +00:00
Sam Leffler
a826874f28 add "no RNG support options" for ubsec and hifn drivers 2003-06-25 14:49:24 +00:00
Hartmut Brandt
02152e8f90 Make the netgraph ATM node compilable into the kernel. 2003-06-25 13:21:04 +00:00
Jake Burkholder
28ab032ea9 Moved the syscons options, kbd options and DEV_SPLASH to the MI options
file.
2003-06-18 15:25:01 +00:00
Poul-Henning Kamp
22db1e9ff5 Add "GEOM_FOX", a class which detects and selects between multiple
redundant paths to the same device.

This class reacts to a label in the first sector of the device,
which is created the following way:

        #    "0123456789abcdef012345..."
        #    "<----magic-----><-id-...>
        echo "GEOM::FOX       someid" | dd of=/dev/da0 conv=sync

NB: Since the fact that multiple disk devices are in fact the same
    device is not known to GEOM, the geom taste/spoil process cannot
    fully catch all corner cases and this module can therefore be
    confused if you do the right wrong things.

NB: The disk level drivers need to do the right thing for this to
    be useful, and that is not by definition currently the case.
2003-06-18 09:29:28 +00:00
Warner Losh
7b22d083ff New global option: BURN_BRIDGES
Compile out code that will disappear in 6.0, per Peter Wemm's bridge
burning proposal.
2003-06-12 04:39:32 +00:00
Scott Long
8c33536c7f Add the MUTEX_NOINLINE option that explicitely de-inlines the mutex
operations.

Submitted by:	jhb
2003-05-18 03:46:30 +00:00
Eric Anholt
42da33c444 Update the DRM to the latest from DRI CVS. Includes some bugfixes and removal
of the infrastructure for the gamma driver which was removed a while back.
The DRM_LINUX option is removed because the handler is now provided by the
linux compat code itself.
2003-04-25 01:18:47 +00:00
John Baldwin
8667535d13 NO_COMPAT_FREEBSD4 is no longer used. 2003-04-15 20:59:43 +00:00
Robert Watson
3757e11997 Re-add MUTEX_DEBUG and MUTEX_PROFILING, which got hosed by rejected
chunks from bde's patch.

Spotted by:	jhb
2003-04-15 20:49:48 +00:00
Robert Watson
d971c22b4a Improve consistency, ordering, style of options:
- Remove extra blank lines
- Sort options
- Remove comments that belong in NOTES

Submitted by:	bde (older revision)
2003-04-15 19:43:52 +00:00
Robert Watson
e965edfda2 Add MAC_ALWAYS_LABEL_MBUF to options; this permits the administrator
to force the allocation of MAC labels for all mbufs regardless of
whether a configured policy requires labeling when the mbuf is
allocated.  This can be useful it you anticipate loading a fully
labeled policy after boot and don't want mbufs to exist without
label storage, for performance measurement purposes, etc.  It also
slightly lowers the overhead of m_tag labeling due to removing the
decision logic.

While here, improve commenting of other MAC options.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-04-14 21:45:12 +00:00
Dag-Erling Smørgrav
ed9adee74c Options that go into homonymous headers shouldn't specify the header name.
Submitted by:	Hiten Pandya <hiten@unixdaemons.com>
2003-04-12 09:40:37 +00:00
Mike Silbersack
53dcc544a8 Rename MBUF_FRAG_TEST to MBUF_STRESS_TEST as it will be extended
to include more than just frag tests.
2003-04-12 06:11:46 +00:00
Tor Egge
5bbb806004 Add support for reading directly from file to userland buffer when the
O_DIRECT descriptor status flag is set and both offset and length is a
multiple of the physical media sector size.
2003-03-26 23:40:42 +00:00
Robert Watson
eae870cdb4 Add a new kernel option, MALLOC_MAKE_FAILURES, which compiles
in a debugging feature causing M_NOWAIT allocations to fail at
a specified rate.  This can be useful for detecting poor
handling of M_NOWAIT: the most frequent problems I've bumped
into are unconditional deference of the pointer even though
it's NULL, and hangs as a result of a lost event where memory
for the event couldn't be allocated.  Two sysctls are added:

debug.malloc.failure_rate

  How often to generate a failure: if set to 0 (default), this
  feature is disabled.  Otherwise, the frequency of failures --
  I've been using 10 (one in ten mallocs fails), but other
  popular settings might be much lower or much higher.

debug.malloc.failure_count

  Number of times a coerced malloc failure has occurred as a
  result of this feature.  Useful for tracking what might have
  happened and whether failures are being generated.

Useful possible additions: tying failure rate to malloc type,
printfs indicating the thread that experienced the coerced
failure.

Reviewed by:	jeffr, jhb
2003-03-26 20:18:40 +00:00
Mike Silbersack
9d9edc5693 Add the MBUF_FRAG_TEST option. When compiled in, this option
allows you to tell ip_output to fragment all outgoing packets
into mbuf fragments of size net.inet.ip.mbuf_frag_size bytes.
This is an excellent way to test if network drivers can properly
handle long mbuf chains being passed to them.

net.inet.ip.mbuf_frag_size defaults to 0 (no fragmentation)
so that you can at least boot before your network driver dies. :)
2003-03-25 05:45:05 +00:00
Sam Leffler
b7c4858f1e o add crypto driver glue for using the new rndtest driver/module; this is
conditional in each driver on foo_RNDTEST being defined_
o bring HIFN_DEBUG and UBSEC_DEBUG out to be visible options; they control
  the debugging printfs that are set with hw.foo.debug (e.g. hw.hifn.debug)
2003-03-11 22:47:06 +00:00
Shunsuke Akiyama
20280807ca Fix device freeze to reduce output packet size.
And make this value configurable by kernel config or sysctl.
2003-03-09 11:50:27 +00:00
Tim J. Robbins
74c69254e6 Remove unimplemented IP-in-IPX encapsulation support (options IPTUNNEL). 2003-03-08 06:58:22 +00:00