Some of IPsec authentication related functions should have
'const' for its 2nd argument, but not now.
But if someone try to use them, and passed const data for
those functions, then much bogus compile warnings will be
generated.
So those funcs prototype should be modified.
Requested by: archie
Approved by: jkh
KAME put INET6 related stuff into sys/netinet6 dir, but IPv6
standard API(RFC2553) require following files to be under sys/netinet.
netinet/ip6.h
netinet/icmp6.h
Now those header files just include each following files.
netinet6/ip6.h
netinet6/icmp6.h
Also KAME has netinet6/in6.h for easy INET6 common defs
sharing between different BSDs, but RFC2553 requires only
netinet/in.h should be included from userland.
So netinet/in.h also includes netinet6/in6.h inside.
To keep apps portability, apps should not directly include
above files from netinet6 dir.
Ideally, all contents of,
netinet6/ip6.h
netinet6/icmp6.h
netinet6/in6.h
should be moved into
netinet/ip6.h
netinet/icmp6.h
netinet/in.h
but to avoid big changes in this stage, add some hack, that
-Put some special macro define into those files under neitnet
-Let files under netinet6 cause error if it is included
from some apps, and, if the specifal macro define is not
defined.
(which should have been defined if files under netinet is
included)
-And let them print an error message which tells the
correct name of the include file to be included.
Also fix apps which includes invalid header files.
Approved by: jkh
Obtained from: KAME project
problem was basically (for offset > 4096):
vtophys(addr) + offset != vtophys(addr + offset)
Also, use TD's with a maximum size of 4k instead of 8kb for OHCI
controllers.
This problem occurs in drivers that use large transfer sizes:
umass, host2host and ethernet with jumbo frames.
ntpd.8:
add -gx to SYNOPSIS
clarify explanation of -g
ntp.conf.5:
add missing field description for rawstats lines
Install audio.htm, driver3[567].htm and qth.htm.
or not a process in a jail, with privilege, may set the jail's hostname.
Defaults to 1, which permits this. May be set to 0 by a process with
appropriate privilege outside of jail. Preventing hostname renaming
from within a jail is currently required to make jails manageable, as they
a currently identifiable only by hostname using /proc, which may be
modified without this sysctl being set to 0. This will be documented
in upcoming man commits.
Authorized by: jkh, the ever-patient
back to the vendor branch.
Re-merge changes from the vendor branch.
Undo the local spammed changes that I could find. There are probably
more local fixes that were clobbered that I've missed.
IPv6 scoped addr display is not yet supported by ifconfig
and route. Now almost of IPv6 apps support it, so its support
in ifconfig and route is important to keep consisetncy, and
to avoid user confusion.
Approved by: jkh
(shortend format, etc)
Current KAME getaddrinfo() supports only d.d.d.d format IPv4
addr. But traditionally inet_aton() and etc support other formats.
(shortend format and octal/deciaml/hex format)
Aboud this,
-As far as the discussion on freebsd-current, many people
think traditional format should also be supported by getaddrinfo().
-X/Open spec requires getaddrinfo() also support those
traditional IPv4 format.
-RFC2553 say nothing about it.
-As the result of confirmation in ietf/ipng list, there is
no clear concensus yet, and the reply was, "RFC2553 update
and X/Open spec will be in sync"
So takeing these conditions into account, I think
getaddrinfo() should also support traditional IPv4 format.
Specified by: Marc Schneiders <marc@oldserver.demon.nl>
Approved by: jkh
strictly a security hole, but neither is it a very good idea. Replace
it with a symlink to /dev/null to happify programs that expect it.
It is suggested that users of the jail environment modify the jail's
syslog.conf to not send stuff to /dev/console, but instead syslog
it somewhere else. Such as a loghost, potentially even to the host
environment's syslog.
Approved by: jkh
for optimizing the unpause operation no-longer exist, and this is much
safer.
When restarting the sequencer, reconstitute the free SCB list on the card.
This deals with a single instruction gap between marking the SCB as free
and actually getting it onto the free list.
Reduce the number of transfer negotiations that occur. In the past, we
renegotiated after every reported check condition status. This ensures
that we catch devices that have unexpectidly reset. In this situation,
the target will always report the check condition before performing a
data-phase. The new behavior is to renegotiate for any check-condition where
the residual matches the orginal data-length of the command (including
0 length transffers). This avoids renegotiations during things like
variable tape block reads, where the check condition is reported only
to indicate the residual of the read.
Revamp the parity error detection logic. We now properly report and
handle injected parity errors in all phases. The old code used to hang
on message-in parity errors.
Correct the reporting of selection timeout errors to the XPT. When
a selection timeout occurs, only the currently selecting command
is flagged with SELTO status instead of aborting all currently active
commands to that target.
Fix flipped arguments in ahc_match_scb and in some of the callers of this
routine. I wish that gcc allowed you to request warnings for enums passed
as ints.
Make ahc_find_msg generically handle all message types.
Work around the target mode data-in wideodd bug in all non-U2 chips.
We can now do sync-wide target mode transfers in target mode across the
hole product line.
Use lastphase exclusively for handling timeouts. The current phase
doesn't take the bus free state into account.
Fix a bug in the timeout handler that could cause corruption of the
disconnected list.
When sending an embedded cdb to a target, ensure that we start on a
quad word boundary in the data-fifo. It seems that unaligned stores
do not work correctly.
chipset to be probed & attached on newer Dell PowerEdge servers, such as
the 2400 and 4400.
Reviewed by: dfr, msmith, jlemon
Tested by: hnokubi@yyy.or.jp (in a previous incantation)
Approved by: jkh
userland in a safer way. Using the NO_MAKEDEV argument in make
distribution prevents the creation of a number of unsafe device nodes
in the jailed /dev, including disk devices, and more. This depends
on an earlier commit to /etc/Makefile to provide the NO_MAKEDEV
support.
Approved by: jkh
/etc/Makefile so that if it is defined, MAKEDEV all is not called
during a make distribution. This helps clean up the messy userland
in jail(), by reducing the number of devices exposed in jail.
Modifications to jail(2) to follow.
Approved by: jkh-arius
ptys in ways that might be unethical, especially towards processes not in
jail, or in other jails.
Submitted by: phk
Reviewed by: rwatson
Approved by: jkh
KAME scoped addr format is changed recently.
before: addr@scope
now: scope%addr
Because the end of IPv6 numeric addr is tend to be truncated in
`netstat -rn ` output, so placing scope part at starting of addr
will be convenient.
Approved by: jkh
Obtained from: KAME project
at the same time.
When rfc1323 and rfc1644 option are enabled by sysctl,
and tcp over IPv6 is tried, kernel panic happens by the
following check in tcp_output(), because now hdrlen is bigger
in such case than before.
/*#ifdef DIAGNOSTIC*/
if (max_linkhdr + hdrlen > MHLEN)
panic("tcphdr too big");
/*#endif*/
So change the above check to compare with MCLBYTES in #ifdef INET6 case.
Also, allocate a mbuf cluster for the header mbuf, in that case.
Bug reported at KAME environment.
Approved by: jkh
Reviewed by: sumikawa
Obtained from: KAME project
Because if ftpd is invoked with -R option, and EPRT is used via firewal
or NAT which don't understand EPRT, then the data connection from ftpd
to ftp client will fail.
Reported By: ume@mahoroba.org
Approved by: jkh
an all.log for logging all messages, and one to demonstrate use of loghosts.
Also, a matching entry in newsyslog.conf for all.log.
Per request of Garrett Wollman, also modified the maillog entry to use the
@T newsyslog time specification mechanism. Because newsyslog doesn't
support the mod date specification machanism, couldn't change other
entries that required more than one execution a month, but less than once
a day.
Approved by: jkh
Reviewed by: freebsd-security