1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-17 15:27:36 +00:00
Commit Graph

127117 Commits

Author SHA1 Message Date
Robert Watson
be3ca90685 auditreduce now requires OpenBSM's config/config.h, so add that to the
build include path.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-25 11:56:20 +00:00
Robert Watson
e6c054f607 Hook up additional OpenBSM man page aliases following OpenBSM 1.0 alpha 12
import.  Most of these should have existed previously, but didn't.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-25 11:53:58 +00:00
Bruce M Simpson
13c8384424 Fix an incompatibility between CARP and IPv4 multicast routing, whereby
the VRRPv2 advertisements will originate from the wrong source address.
This only affects kernels compiled with MROUTING and after the MRT_INIT
ioctl() has been issued.
Set imo_multicast_vif in carp's softc to the invalid value -1 after it is
zeroed by softc allocation, to stop the ip_output() path looking up the
incorrect source address thinking a vif is set.

PR:		kern/100532
Submitted by:	Bohus Plucinsky
MFC after:	1 week
2006-09-25 11:53:54 +00:00
Robert Watson
b9ad4a7bf0 Resolve conflicts from OpenBSM 1.0 alpha 12 import.
Obtained from:	TrustedBSD Project
2006-09-25 11:53:06 +00:00
Bruce M Simpson
e2fd806b36 Spleling
Submitted by:	pjd
2006-09-25 11:48:07 +00:00
Scott Long
40218a48e0 Update the mfi module build with the mfi_debug.c file. 2006-09-25 11:42:12 +00:00
Robert Watson
b3a9bf4df7 This commit was generated by cvs2svn to compensate for changes in r162621,
which included commits to RCS files with non-trunk default branches.
2006-09-25 11:40:29 +00:00
Robert Watson
4bd0c025f3 Vendor import TrustedBSD OpenBSM 1.0 alpha 12, with the following change
history notes since the last import:

OpenBSM 1.0 alpha 12

- Correct bug in auditreduce which prevented the -c option from working
  correctly when the user specifies to process successful or failed events.
  The problem stemmed from not having access to the return token at the time
  the initial preselection occurred, but now a second preselection process
  occurs while processing the return token.
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
  which auditd(8) now sets the kernel audit trail rotation size to.
- auditreduce(1) now uses stdin if no file names are specified on the command
  line; this was the documented behavior previously, but it was not
  implemented.  Be more specific in auditreduce(1)'s examples section about
  what might be done with the output of auditreduce.
- Add audit_warn(5) closefile event so that administrators can hook
  termination of an audit trail file.  For example, this might be used to
  compress the trail file after it is closed.
- auditreduce(1) now uses regular expressions for pathname matching. Users can
  now supply one or more (comma delimited) regular expressions for searching
  the pathnames. If one of the regular expressions is prefixed with a tilde
  (~), and a path matches, it will be excluded from the search results.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-25 11:40:29 +00:00
Scott Long
6b31d3f79d Add the mfi_debug.c file and MFI_DEBUG option. 2006-09-25 11:40:14 +00:00
Scott Long
5ba21ff136 Add a command debugging module and a periodic watchdog timer.
Sponsored by: IronPort
2006-09-25 11:35:34 +00:00
Søren Schmidt
6182698f19 add support for the ALI/ULI M5288 AHCI part.
patch by: Sven Petai
2006-09-25 11:26:29 +00:00
Bruce M Simpson
0f7a51321f Forced commit to note this change should be MFCed.
MFC after:	1 week
2006-09-25 10:12:07 +00:00
Bruce M Simpson
07ea6709ea Account for output IP datagrams on the ifaddr where they originated from,
*not* the first ifaddr on the ifp.  This is similar to what NetBSD does.

PR:		kern/72936
Submitted by:	alfred
Reviewed by:	andre
2006-09-25 10:11:16 +00:00
John-Mark Gurney
4dc630cdd2 if min is greater than max, prefer max over min... I managed to get a
retransmit timer that was going to take 19 days to trigger...

Reviewed by:	silby
2006-09-25 07:22:39 +00:00
John-Mark Gurney
33fabe46da remove unnecessary NULL check...
Coverity ID:	1545
2006-09-25 01:29:48 +00:00
Warner Losh
2dca50b6a1 Add a newline to the printf. 2006-09-24 19:24:26 +00:00
Alexander Leidinger
18c15b598d Fix uninitialized variable warning.
Submitted by:	dhw
Reviewed by:	ryanb
2006-09-24 17:37:03 +00:00
Robert Watson
9b2b93002d Sleep for one second after calling audit -t to give the audit daemon a
chance to actually terminate the audit service and exit.  Otherwise, on
an rc.d/auditd restart, the new audit daemon instance may try to start
auditing while the previous session is still running.  Likewise, this
ensures a chance for auditd to terminate the audit trail at system
shutdown.

Perhaps more ideally, the script would wait synchronously for auditd to
exit rather than for an arbitrary but short period of time.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-24 17:31:04 +00:00
Daniel Gerzo
e1bd11be7b - move steps describing how to gain ipdivert support to SYNOPSIS and
follow the style of other section 4 manual pages
- add ipfw(4) to SEE ALSO section

Reviewed by: ru
Approved by: trhodes (mentor), keramida (mentor)
2006-09-24 13:58:44 +00:00
Robert Watson
22b7bca620 Rework the way errors are handled with respect to how audit records are
written to the audit trail file:

- audit_record_write() now returns void, and all file system specific
  error handling occurs inside this function.  This pushes error handling
  complexity out of the record demux routine that hands off to both the
  trail and audit pipes, and makes trail behavior more consistent with
  pipes as a record destination.

- Rate limit kernel printfs associated with running low on space.  Rate
  limit audit triggers for low space.  Rate limit printfs for fail stop
  events.  Rate limit audit worker write error printfs.

- Document in detail the types of limits and space checks we perform, and
  combine common cases.

This improves the audit subsystems tolerance to low space conditions by
avoiding toasting the console with printfs are waking up the audit daemon
continuously.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-24 13:35:58 +00:00
Simon L. B. Nielsen
696f1293a8 Remove tcpslice files. 2006-09-24 10:57:34 +00:00
Hiroki Sato
8ee0930a99 Disable an overly-verbose warning message by default.
Suggested by:	njl
MFC after:	3 days
2006-09-24 09:39:17 +00:00
Bruce M Simpson
790ca1147e De-orbit burn tcpslice.
Reviewed by:	sam, bmah
2006-09-24 09:18:36 +00:00
Bruce M Simpson
81fbc3d1f3 Disconnect tcpslice from build.
Reviewed by:	sam, bmah
2006-09-24 09:16:27 +00:00
John-Mark Gurney
4db71d27a1 hide kqueue_register from public view, and replace it w/ kqfd_register...
this eliminates a possible race in aio registering a kevent..
2006-09-24 04:47:47 +00:00
John-Mark Gurney
aeab19b21f return EBADF instead of successfully attaching (and then panicing) when
an fd is dieing..

Convinced by:	jhb
PR:		103127
2006-09-24 02:29:53 +00:00
John-Mark Gurney
9edac6f3f9 add KTRACE hooks into kevent... This will help people debug their kqueue
programs to find out exactly which events were registered and which were
returned...  This should be lower in kern_kevent, but that would require
special munging due to locks and the functions used to copyin/copyout
kevents...

If someone wants to teach ktrace how to output pretty kevents, I have a
kevent prety printer that can be used...
2006-09-24 02:23:29 +00:00
Warner Losh
4e53810378 Cleanup sloppy ifdef. 2006-09-24 00:26:33 +00:00
Bruce M Simpson
2c2da9973b Fix our ancient tcpslice for >2GB limits.
PR:		bin/13691
MFC after:	1 week
Submitted by:	Bruce A. Mah
2006-09-23 21:12:23 +00:00
Alexander Leidinger
b611c801f0 MFp4 the sound Google Summer of Code project:
The goal was to sync with the OSSv4 API 4Front Technologies uses in their
proprietary OSS driver. This was successful as far as possible. The part
of the API which is stable is implemented, for the rest there are some
stubs already.

New system ioctls:
 - SNDCTL_SYSINFO - obtain audio system info (version, # of audio/midi/
   mixer devices, etc.)
 - SNDCTL_AUDIOINFO - fetch details about a specific audio device
 - SNDCTL_MIXERINFO - fetch details about a specific mixer device

New audio ioctls:
 - Sync groups (SNDCTL_DSP_SYNCGROUP/SNDCTL_DSP_SYNCSTART) which allow
   triggered playback/recording on multiple devices (even across processes
   simultaneously).
 - Peak meters (SNDCTL_DSP_GETIPEAKS/SNDCTL_DSP_GETOPEAKS) - can query
   audio drivers for peak levels (needs driver support, disabled for now).
 - Per channel playback/recording levels -
   SNDCTL_DSP_{GET,SET}{PLAY,REC}VOL.  Note that these are still in name
   only, just wrapping around the AC97-style mixer at the moment. The next
   step is to push them down to the drivers.

Audio ioctls still under development by 4Front (for which stubs may exist
in this commit):
 - SNDCTL_GETNAME, SNDCTL_{GET,SET}{SONG,LABEL}
 - SNDCTL_DSP_{GET,SET}_CHNORDER
 - SNDCTL_MIX_ENUMINFO, SNDCTL_MIX_EXTINFO - (might be documented enough in
   the OSS releases to work on this.  These ioctls cover the cool "twiddle
   any knob on your card" features.)

Missing:
 - SNDCTL_DSP_COOKEDMODE -- this ioctl is used to give applications direct
   access to a card's buffers, bypassing the feeder architecture.  It's
   a toughy -- "someone" needs to decide :
   (a) if this is desireable, and (b) if it's reasonably feasible.

Updates for driver writers:
 So far, only two routines to the channel class (in channel_if.m) are added.
 One is for fetching a list of discrete supported playback/recording rates
 of a channel, and the other is for fetching peak level info (useful for
 drawing peak meters).  Interested parties may want to help pushing down
 SNDCTL_DSP_{GET,SET}{PLAY,REC}VOL into the drivers.

To use the new stuff you need to rebuild the sound drivers or your kernel
(depending on if you use modules or not) and to install soundcard.h (a
buildworld/installworld handles this).

Sponsored by:	Google SoC 2006
Submitted by:	ryanb
Many thanks to:	4Front Technologies for their cooperation, explanations
		and the nice license of their soundcard.h.
2006-09-23 20:45:47 +00:00
John-Mark Gurney
402865f637 now that we don't automagicly increase the MTU of host routes, when we copy
the loopback interface, copy it's mtu also..  This means that we again have
large mtu support for local ip addresses...
2006-09-23 19:24:10 +00:00
Alexander Leidinger
d4b7423fa1 MFp4:
- Linux returns ENOPROTOOPT in a case of not supported opt to setsockopt.
- Return EISDIR in pread() when arg is a directory.
- Return EINVAL instead of EFAULT when namelen is not correct in accept().
- Return EINVAL instead of EACCESS if invalid access mode is entered in
  access().
- Return EINVAL instead of EADDRNOTAVAIL in a case of bad salen param
  to bind().

Submitted by:	rdivacky
Tested with:	LTP (vfork01 fails now, but it seems to be a race and
		not caused by those changes)
MFC after:	1 week
2006-09-23 19:06:54 +00:00
Scott Long
0d7c37283e Add documentation on the new bge tunable. Also put the tunable docs into a
separate section.
2006-09-23 19:04:01 +00:00
Scott Long
f1a7e6d559 Allow the ASF feature to be disabled via a tunable. On one of my systems,
bringing up the bge interface results in a complete system freeze when
this feature is enabled.  Leave it enabled by default.
2006-09-23 18:55:49 +00:00
Martin Blapp
45e6819160 Protect enterpgrp() against another tty/proc race case until the tty locking work
has been fixed.

MFC after:	1 week
2006-09-23 17:35:24 +00:00
Bruce M Simpson
f1edc3bde5 Always set the IP version in the TCP input path, to preserve
the header field for possible later IPSEC SPD lookup, even
when the kernel is built without 'options INET6'.

PR:		kern/57760
MFC after:	1 week
Submitted by:	Joachim Schueth
2006-09-23 16:26:31 +00:00
Robert Watson
f4882b24fd Rename "-a" flag to "-A" in order to avoid conflicting with the "-a" flag
as found on Solaris.

Requested by:	ceri
MFC after:	3 days
2006-09-23 15:43:29 +00:00
Martin Blapp
7c56049e6d Check for tp->t_refcnt == 0 before doing anything in tty_open().
PR:		103520
MFC after:	1 week
2006-09-23 14:52:46 +00:00
Andrey A. Chernov
d3ff3b5f2f Keep compatible parts in sync with OpenBSD v1.21, add some comments.
No functional changes.
2006-09-23 14:48:31 +00:00
Martin Blapp
153c21c8c1 If /dev/tty gets opened after your controlling terminal has been revoked
you can't call tty_clone afterwords. OpenBSD and NetBSD both fail the
open call in that case, so we should do so as well. This can
be done in ctty_clone by returning with *dev==NULL. Admittedly this
causes open to return ENOENT, instead of ENXIO as on the other BSDs,
but this way requires the least touching of code.

Submitted by:  Nate Eldredge <nge@cs.hmc.edu>
PR:            83375

MFC:           1 week
2006-09-23 14:44:14 +00:00
David Xu
07a8ebcc75 Stop reloading %fs and %gs, since it causes the base address from
GDT to be loaded into FS.base and GS.base, these values of course
are not the values set by sysarch() with I386_SET_FSBASE and
I386_SET_GSBASE, the change fixed a crash for 32bit libthr after
signal handler returned and normal code is accessing thread pointer,
for example: movl %gs:8, %eax.
2006-09-23 13:42:09 +00:00
Robert Watson
5bae3124ab Add a -a argument to id(1), which causes id(1) to print out process
audit properties, including the audit user id.  This can be quite
helpful in debugging audit problems.

Obtained from:	TrustedBSD Project
MFC after:	3 days
2006-09-23 12:30:31 +00:00
David Xu
4af4fcb71a Regenerate. 2006-09-23 00:27:53 +00:00
David Xu
5c26f4cea8 Enable sigwait. 2006-09-23 00:27:11 +00:00
John Baldwin
157f14ae25 Map pmap_{un,}mapbios() to pmap_{un,}mapdev() on 6.x and earlier. 2006-09-22 22:16:20 +00:00
John Baldwin
d72a078647 Update the ipmi(4) driver:
- Split out the communication protocols into their own files and use
  a couple of function pointers in the softc that the commuication
  protocols setup in their own attach routine.
- Add support for the SSIF interface (talking to IPMI over SMBus).
- Add an ACPI attachment.
- Add a PCI attachment that attaches to devices with the IPMI interface
  subclass.
- Split the ISA attachment out into its own file: ipmi_isa.c.
- Change the code to probe the SMBIOS table for an IPMI entry to just use
  pmap_mapbios() to map the table in rather than trying to setup a fake
  resource on an isa device and then activating the resource to map in the
  table.
- Make bus attachments leaner by adding attach functions for each
  communication interface (ipmi_kcs_attach(), ipmi_smic_attach(), etc.)
  that setup per-interface data.
- Formalize the model used by the driver to handle requests by adding an
  explicit struct ipmi_request object that holds the state of a given
  request and reply for the entire lifetime of the request.  By bundling
  the request into an object, it is easier to add retry logic to the various
  communication backends (as well as eventually support BT mode which uses
  a slightly different message format than KCS, SMIC, and SSIF).
- Add a per-softc lock and remove D_NEEDGIANT as the driver is now MPSAFE.
- Add 32-bit compatibility ioctl shims so you can use a 32-bit ipmitool
  on FreeBSD/amd64.
- Add ipmi(4) to i386 and amd64 NOTES.

Submitted by:	ambrisko (large portions of 2 and 3)
Sponsored by:	IronPort Systems, Yahoo!
MFC after:	6 days
2006-09-22 22:11:29 +00:00
Andrew Thompson
0a6f8a5050 Revert r1.80 as the ethernet header was inadvertently stripped from ARP
packets. Reimplement this correctly and use a sysctl that defaults to off so
the user doesnt get any suprises if ipfw blocks the ARP packet.

MFC after:	3 days
2006-09-22 21:57:52 +00:00
Ruslan Ermilov
43e5f4b8cd Update a comment about M_VLANTAG. 2006-09-22 19:50:04 +00:00
Andrey A. Chernov
6843acf8ac Remove code #ifndef'ed in prev. commit to stay in sync with OpenBSD
v1.21 which just do that.
2006-09-22 18:59:03 +00:00
Andrey A. Chernov
f27c7b4713 Be more GNU compatible:
don't be greedy on the GNU "::" extension when arg separated by whitespace
and POSIX_CORRECTLY is set. From POSIX point of view this is unclear
situation, so minimal assumption looks right.
2006-09-22 17:01:38 +00:00