1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-14 10:09:48 +00:00
Commit Graph

45906 Commits

Author SHA1 Message Date
Yoshinobu Inoue
f7d7fca7fd Prototype fix for IPsec authentication related functions
Some of IPsec authentication related functions should have
  'const' for its 2nd argument, but not now.
  But if someone try to use them, and passed const data for
  those functions, then much bogus compile warnings will be
  generated.
  So those funcs prototype should be modified.

Requested by: archie
Approved by: jkh
2000-02-10 19:35:53 +00:00
Yoshinobu Inoue
1aa540eb03 Forbid include of soem inet6 header files from wrong place
KAME put INET6 related stuff into sys/netinet6 dir, but IPv6
  standard API(RFC2553) require following files to be under sys/netinet.
    netinet/ip6.h
    netinet/icmp6.h
  Now those header files just include each following files.
    netinet6/ip6.h
    netinet6/icmp6.h

  Also KAME has netinet6/in6.h for easy INET6 common defs
  sharing between different BSDs, but RFC2553 requires only
  netinet/in.h should be included from userland.
  So netinet/in.h also includes netinet6/in6.h inside.

  To keep apps portability, apps should not directly include
  above files from netinet6 dir.
  Ideally, all contents of,
    netinet6/ip6.h
    netinet6/icmp6.h
    netinet6/in6.h
  should be moved into
    netinet/ip6.h
    netinet/icmp6.h
    netinet/in.h
  but to avoid big changes in this stage, add some hack, that
    -Put some special macro define into those files under neitnet
    -Let files under netinet6 cause error if it is included
     from some apps, and, if the specifal macro define is not
     defined.
     (which should have been defined if files under netinet is
     included)
    -And let them print an error message which tells the
     correct name of the include file to be included.

  Also fix apps which includes invalid header files.

Approved by: jkh

Obtained from: KAME project
2000-02-10 19:33:58 +00:00
Robert Watson
5bdee2c5d5 Fix sysctl namespace for jail: move the kern.jailcansethostname to
kern.prison.set_hostname_allowed, off of the kern.prison node.  Future
jail twiddles should be placed in this namespace.
2000-02-10 18:51:58 +00:00
Nick Hibma
8f9683e20c Correctly handle the conversion from virtual to physical addresses. The
problem was basically (for offset > 4096):

	vtophys(addr) + offset != vtophys(addr + offset)

Also, use TD's with a maximum size of 4k instead of 8kb for OHCI
controllers.

This problem occurs in drivers that use large transfer sizes:
umass, host2host and ethernet with jumbo frames.
2000-02-10 18:50:19 +00:00
Luigi Rizzo
9fcc079584 Move definition of fw_enable from ip_fw.c to ip_input.c
so we can compile kernels without IPFIREWALL .

Reported-by: Robert Watson
Approved-by: jordan
2000-02-10 17:56:01 +00:00
Luigi Rizzo
6355710df8 Whoops... forgot braces in a conditional
Revealed-by: diff with -STABLE version (the advantage of having
    multiple lines of development...)
Approved-by: jordan
2000-02-10 16:50:53 +00:00
Luigi Rizzo
d69f84c0b4 Support and document new stateful ipfw features.
Approved-by: jordan
2000-02-10 14:25:26 +00:00
Luigi Rizzo
6bc748b057 Support the net.inet.ip.fw.enable variable, part of
the recent ipfw modifications.

Approved-by: jordan
2000-02-10 14:19:53 +00:00
Luigi Rizzo
03c612662b Support for stateful (dynamic) ipfw rules. They are very
similar to ipfilter's keep-state.

Look at the updated ipfw(8) manpage for details.

Approved-by: jordan
2000-02-10 14:17:40 +00:00
Sheldon Hearn
645964e2a2 Merge into the manual pages the changes from 4.0.99b:
ntpd.8:
	    add -gx to SYNOPSIS
	    clarify explanation of -g
	ntp.conf.5:
	    add missing field description for rawstats lines

Install audio.htm, driver3[567].htm and qth.htm.
2000-02-10 13:15:47 +00:00
Robert Watson
6c144e7521 Introduce a new sysctl, kern.jailcansethostname, which determines whether
or not a process in a jail, with privilege, may set the jail's hostname.
Defaults to 1, which permits this.  May be set to 0 by a process with
appropriate privilege outside of jail.  Preventing hostname renaming
from within a jail is currently required to make jails manageable, as they
a currently identifiable only by hostname using /proc, which may be
modified without this sysctl being set to 0.  This will be documented
in upcoming man commits.

Authorized by:	jkh, the ever-patient
2000-02-10 05:32:03 +00:00
Peter Wemm
0decb68047 Remove files not in the v3_3_8 import. 2000-02-10 05:09:52 +00:00
Peter Wemm
96c630d7b2 Not in this commit: Many spammed deltas have been removed to restore
back to the vendor branch.

Re-merge changes from the vendor branch.

Undo the local spammed changes that I could find.  There are probably
more local fixes that were clobbered that I've missed.
2000-02-10 03:17:51 +00:00
Yoshinobu Inoue
94fafad064 Support IPv6 scoped addr in ifconfig and route
IPv6 scoped addr display is not yet supported by ifconfig
   and route. Now almost of IPv6 apps support it, so its support
   in ifconfig and route is important to keep consisetncy, and
   to avoid user confusion.

Approved by: jkh
2000-02-10 03:03:09 +00:00
Yoshinobu Inoue
be26adb5b6 Let getaddrinfo() and related functions supports traditional IPv4 format
(shortend format, etc)

   Current KAME getaddrinfo() supports only d.d.d.d format IPv4
   addr. But traditionally inet_aton() and etc support other formats.
   (shortend format and octal/deciaml/hex format)
   Aboud this,
    -As far as the discussion on freebsd-current, many people
     think traditional format should also be supported by getaddrinfo().
    -X/Open spec requires getaddrinfo() also support those
     traditional IPv4 format.
    -RFC2553 say nothing about it.
    -As the result of confirmation in ietf/ipng list, there is
     no clear concensus yet, and the reply was, "RFC2553 update
     and X/Open spec will be in sync"

   So takeing these conditions into account, I think
   getaddrinfo() should also support traditional IPv4 format.

Specified by: Marc Schneiders <marc@oldserver.demon.nl>
Approved by: jkh
2000-02-10 02:59:50 +00:00
Jordan K. Hubbard
1344c9bdf6 MFC: new categories 2000-02-10 01:44:37 +00:00
Bill Fumerola
ce0c0d9da9 kbdcontrol isn't in everyones path(read: non-root people), so specify
an absolute path for us mere mortals.

Approved by:	jkh
2000-02-10 01:42:04 +00:00
Chris Costello
11400c9ac3 Replace the existing documentation for ``KERN_QUANTUM'' with a more
descriptive (and generally more useful) explanation.
2000-02-10 01:05:21 +00:00
Bill Paul
74ea2d6f60 Update the Tigon driver to use the 12.3.18 firmware release from Alteon.
(No changes to the driver code itself.)

Approved by: jkh
2000-02-10 00:37:48 +00:00
Robert Watson
bfbdbfef6e Remove /dev/console from the jail /dev environment. It's probably not
strictly a security hole, but neither is it a very good idea.  Replace
it with a symlink to /dev/null to happify programs that expect it.

It is suggested that users of the jail environment modify the jail's
syslog.conf to not send stuff to /dev/console, but instead syslog
it somewhere else.  Such as a loghost, potentially even to the host
environment's syslog.

Approved by:	jkh
2000-02-09 22:08:12 +00:00
Justin T. Gibbs
85ac786b13 Kill the "unpause_always" argument to unpause_sequencer(). The reasons
for optimizing the unpause operation no-longer exist, and this is much
safer.

When restarting the sequencer, reconstitute the free SCB list on the card.
This deals with a single instruction gap between marking the SCB as free
and actually getting it onto the free list.

Reduce the number of transfer negotiations that occur.  In the past, we
renegotiated after every reported check condition status.  This ensures
that we catch devices that have unexpectidly reset.  In this situation,
the target will always report the check condition before performing a
data-phase.  The new behavior is to renegotiate for any check-condition where
the residual matches the orginal data-length of the command (including
0 length transffers).  This avoids renegotiations during things like
variable tape block reads, where the check condition is reported only
to indicate the residual of the read.

Revamp the parity error detection logic.  We now properly report and
handle injected parity errors in all phases.  The old code used to hang
on message-in parity errors.

Correct the reporting of selection timeout errors to the XPT.  When
a selection timeout occurs, only the currently selecting command
is flagged with SELTO status instead of aborting all currently active
commands to that target.

Fix flipped arguments in ahc_match_scb and in some of the callers of this
routine.  I wish that gcc allowed you to request warnings for enums passed
as ints.

Make ahc_find_msg generically handle all message types.

Work around the target mode data-in wideodd bug in all non-U2 chips.
We can now do sync-wide target mode transfers in target mode across the
hole product line.

Use lastphase exclusively for handling timeouts.  The current phase
doesn't take the bus free state into account.

Fix a bug in the timeout handler that could cause corruption of the
disconnected list.

When sending an embedded cdb to a target, ensure that we start on a
quad word boundary in the data-fifo.  It seems that unaligned stores
do not work correctly.
2000-02-09 21:25:00 +00:00
Guido van Rooij
a5d9362e8e Add ipl.4 manpage 2000-02-09 21:01:35 +00:00
Justin T. Gibbs
1907f932b8 Fix parity error detection logic for aic7880 and aic7895 chips during
the probe of external SRAM.

Approved by: jkh@FreeBSD.org
2000-02-09 21:00:22 +00:00
Guido van Rooij
6cd756a2b5 Bring over ipfilter v3_3_8 kernel sources, including merging the
local modifications.
Also fix initializing fr_running in KLD case.
Rename ipl_inited to fr_runninhg in mlfk_ipl

Approved by: jkh
2000-02-09 20:56:36 +00:00
Guido van Rooij
0f94bd564f This commit was generated by cvs2svn to compensate for changes in r57093,
which included commits to RCS files with non-trunk default branches.
2000-02-09 20:46:45 +00:00
Guido van Rooij
14f80d3d7b Import of ipfilter 3.3.8
Approved by: jkh
2000-02-09 20:46:45 +00:00
Andrew Gallatin
da4009202a Allow allows peer pci buses which are directly connected to the RCC host pci
chipset to be probed & attached on newer Dell PowerEdge servers, such as
the 2400 and 4400.

Reviewed by: 	dfr, msmith, jlemon
Tested by:	hnokubi@yyy.or.jp (in a previous incantation)
Approved by:	jkh
2000-02-09 20:05:30 +00:00
Chris Costello
d92ce96b1c Repair incorrect ``first appeared in'' reference, which originally stated
that we supported an IPv6 firewall since version 2.0.  It now correctly
says `4.0'.
2000-02-09 19:54:14 +00:00
Ruslan Ermilov
a6120246a2 Support the new ata(4) syntax, while providing backward compatibility for wd(4).
Reviewed by:	jkh, msmith, sos
Approved by:	jkh
2000-02-09 19:23:46 +00:00
Luigi Rizzo
569d406fb6 Populate directory...
Approved-by: jordan
2000-02-09 10:25:19 +00:00
Luigi Rizzo
59d850390a Crunched image config for bridge
Approved-by: jordan
2000-02-09 10:04:32 +00:00
Luigi Rizzo
db619074e3 Misc files for bridge floppy type
Approved-by: jordan
2000-02-09 10:01:30 +00:00
Luigi Rizzo
f2ac100560 Config file for bridge image
Approved-by: jordan
2000-02-09 09:59:05 +00:00
Luigi Rizzo
8f9196f4a4 Make inetd picobsd friendly, dont use ipsec when RELEASE_CRUNCH
is defined

Approved-by: jordan
2000-02-09 09:04:36 +00:00
Luigi Rizzo
17ba97a25c Update configuration files, remove unused mfs.mtree
Approved-by: jordan
2000-02-09 08:50:55 +00:00
Luigi Rizzo
ff74e1c8e9 Update kernel config file.
Approved-by: jordan
2000-02-09 08:48:36 +00:00
Jordan K. Hubbard
7cb262d727 Whoops, missed a file in the previous cleanup. 2000-02-09 06:59:59 +00:00
Jordan K. Hubbard
171287a9a6 In a sudden burst of energy (perhaps it was that last mocha), attempt
to update the release docs to more current information.
2000-02-09 06:33:49 +00:00
Jordan K. Hubbard
af8d6b67c0 Add src menu item for /usr/src/tools 2000-02-09 05:31:26 +00:00
Jordan K. Hubbard
64d608cd93 Support the extraction of /usr/src/tools
Submitted by:	"John W. DeBoskey" <jwd@unx.sas.com>
2000-02-09 05:28:50 +00:00
Matthew N. Dodd
d00d79c12c Remove the old copy of this file. It is now active in its new location.
Implicit Approval by:	 jkh
2000-02-09 04:18:41 +00:00
Robert Watson
34d226d7ff Clean up the jail(8) documentation so that it suggests building a jail
userland in a safer way.  Using the NO_MAKEDEV argument in make
distribution prevents the creation of a number of unsafe device nodes
in the jailed /dev, including disk devices, and more.  This depends
on an earlier commit to /etc/Makefile to provide the NO_MAKEDEV
support.

Approved by:	jkh
2000-02-09 04:17:41 +00:00
Matthew N. Dodd
978d4f5bc8 Complete the repo-copy of ida_pci.c to sys/dev/ida/
Implicit Approval by:	 jkh
2000-02-09 04:17:10 +00:00
Robert Watson
f5749a8265 Intoduce a new make.conf entry, NO_MAKEDEV, and modifications to
/etc/Makefile so that if it is defined, MAKEDEV all is not called
during a make distribution.  This helps clean up the messy userland
in jail(), by reducing the number of devices exposed in jail.
Modifications to jail(2) to follow.

Approved by:	jkh-arius
2000-02-09 04:08:18 +00:00
Robert Watson
35a0a88fda Correct an oversight in jail() that allowed processes in jail to access
ptys in ways that might be unethical, especially towards processes not in
jail, or in other jails.

Submitted by:	phk
Reviewed by:	rwatson
Approved by:	jkh
2000-02-09 03:32:11 +00:00
Yoshinobu Inoue
0db018f059 IPv6 scoped addr format is changed as recent KAME change.
KAME scoped addr format is changed recently.
     before:   addr@scope
     now:      scope%addr

   Because the end of IPv6 numeric addr is tend to be truncated in
   `netstat -rn ` output, so placing scope part at starting of addr
   will be convenient.

Approved by: jkh

Obtained from: KAME project
2000-02-09 00:38:06 +00:00
Yoshinobu Inoue
a683a7dd4f Avoid kernel panic when tcp rfc1323 and rfc1644 options are enabled
at the same time.

   When rfc1323 and rfc1644 option are enabled by sysctl,
   and tcp over IPv6 is tried, kernel panic happens by the
   following check in tcp_output(), because now hdrlen is bigger
   in such case than before.

/*#ifdef DIAGNOSTIC*/
        if (max_linkhdr + hdrlen > MHLEN)
                panic("tcphdr too big");
/*#endif*/

   So change the above check to compare with MCLBYTES in #ifdef INET6 case.
   Also, allocate a mbuf cluster for the header mbuf, in that case.

Bug reported at KAME environment.
Approved by: jkh

Reviewed by: sumikawa
Obtained from: KAME project
2000-02-09 00:34:40 +00:00
Yoshinobu Inoue
d98d74772f Let ftp command use only PORT(no EPRT) for IPv4 destination.
Because if ftpd is invoked with -R option, and EPRT is used via firewal
  or NAT which don't understand EPRT, then the data connection from ftpd
  to ftp client will fail.

Reported By: ume@mahoroba.org
Approved by: jkh
2000-02-09 00:27:40 +00:00
Bill Fumerola
b85666e879 Allow $PAGER to have arguments.
Submitted by:	brian
Reviewed by:	Doug Barton <Doug@gorean.org>
Approved by:	jkh
2000-02-08 22:31:53 +00:00
Robert Watson
13c032fd0e Add two commented out syslog.conf entries, one to demonstrate the use of
an all.log for logging all messages, and one to demonstrate use of loghosts.
Also, a matching entry in newsyslog.conf for all.log.

Per request of Garrett Wollman, also modified the maillog entry to use the
@T newsyslog time specification mechanism.  Because newsyslog doesn't
support the mod date specification machanism, couldn't change other
entries that required more than one execution a month, but less than once
a day.

Approved by:	jkh
Reviewed by:	freebsd-security
2000-02-08 21:57:28 +00:00