| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
previously we used hard-coded 0 and 1 values.
- Add man page for au_open(), au_write(), au_close(), and
au_close_buffer().
- Support a more complete range of data types for the arbitrary data token:
add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
to AUR_INT), add AUR_INT64.
- Add au_close_token(), which allows writing a single token_t to a memory
buffer. Not likely to be used much by applications, but useful for
writing test tools.
- Modify au_to_file() so that it accepts a timeval in user space, not just
kernel -- this is not a Solaris BSM API so can be modified without
causing compatibility issues.
- Define a new API, au_to_header32_tm(), which adds a struct timeval
argument to the ordinary au_to_header32(), which is now implemented by
wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL
the APIs that invoke gettimeofday(), rather than having a variable
definition. Don't try to retrieve time zone information using
gettimeofday(), as it's not needed, and introduces possible failure
modes.
- Don't perform byte order transformations on the addr/machine fields of
the terminal ID that appears in the process32/subject32 tokens. These
are assumed to be IP addresses, and as such, to be in network byte
order.
- Universally, APIs now assume that IP addresses and ports are provided
in network byte order. APIs now generally provide these types in
network byte order when decoding.
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
This code is not built or installed by default.
- auditd now assigns more appropriate syslog levels to its debugging and
error information.
- Support for audit filters introduced: audit filters are dynamically
loaded shared objects that run in the context of a new daemon,
auditfilterd. The daemon reads from an audit pipe and feeds both BSM and
parsed versions of records to shared objects using a module API. This
will provide a framework for the writing of intrusion detection services.
- New utility API, audit_submit(), added to capture common elements of audit
record submission for many applications.
Obtained from: TrustedBSD Project
|
| | |
| |
| |
| |
| |
| |
| | |
to the audit types.
Submitted by: wsalamon
Obtained from: TrustedBSD Project
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Eliminate unnecessary, recursive acquisitions and releases of the page
queues lock by free_pv_entry() and pmap_remove_pages().
Reduce the scope of the page queues lock in pmap_remove_pages().
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
crypto_copyback() functions.
- Add crypto_apply() function.
This will allow for more code simplification.
|
| | |
| |
| |
| |
| |
| | |
Before the change if a hardware crypto driver was loaded after
the software crypto driver, calling crypto_newsession() with
hard=0, will always choose software crypto.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By using a pointer to struct dos_partition, we implicitly tell the
compiler that the pointer is 4-bytes aligned, even though we know
that's not the case. The fact that we only dereference the pointer
to access a byte-wide field (field dp_ptyp) is not a guarantee that
the compiler will in fact use a byte-wide load. On some platforms
it's more efficient to use long word or quad word loads and use
bit-shifting and bit-masking to get the intended byte. On those
platforms an misaligned load will be the result.
The fix is to use byte-wide pointer arithmetic based on sizeof() and
offsetof() to avoid invalid casts which avoids that the compiler
makes invalid assumptions.
Backtrace provided by: wilko@
MFC after: 1 week
|
| | |
| |
| |
| | |
This unbreaks compiling a kernel with FAST_IPSEC and no INET6.
|
| | |
| |
| |
| |
| |
| | |
PR: docs/98471
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
MFC after: 1 day
|
| | | |
|
| | |
| |
| |
| | |
in padlock(4) as well.
|
| | | |
|
| | |
| |
| |
| | |
- Use defines of used algorithm instead of HMAC_BLOCK_LEN.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
axe_cmd() calls. Without this the device can get confused if multiple
threads attempt these operations concurrently. The problem was
easily reproducible by running "ifconfig axe0" in a loop because
eventually it would conflict with axe_tick_task().
A similar approach is probably required in all USB ethernet drivers.
|
| | |
| |
| |
| |
| | |
EALG_MAX_BLOCK_LEN instead of hardcoded value.
- Kill an unused define.
|
| | |
| |
| |
| | |
EALG_MAX_BLOCK_LEN.
|
| | |
| |
| |
| | |
other defines.
|
| | |
| |
| |
| |
| |
| | |
- Add defines with block length for each HMAC algorithm.
- Add AES_BLOCK_LEN define which is an alias for RIJNDAEL128_BLOCK_LEN.
- Add NULL_BLOCK_LEN define.
|
| | |
| |
| |
| |
| |
| | |
authentication operations.
Unfortunately I've no hardware, so I only compiled-tested it.
|
| | |
| |
| |
| | |
authentication operations.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
tcp_attach() after the call to soreserve(), as it doesn't require
the global lock. Rearrange inpcb locking here also.
MFC after: 1 month
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Move the code for printing timer statistics into a test function instead of
an ifdef (accessible via the debug.acpi.hpet_test tunable). Also use defines
for register offsets instead of magic values.
Courtesy of: slow flight to HK
|
| | |
| |
| |
| |
| |
| |
| | |
doing that if we're not doing the rest of the work.
Submitted by: thompsa
MFC after: 1 week
|
| | |
| |
| |
| | |
Reviewed by: brd
|
| | |
| |
| |
| | |
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| | |
the code depends on this.
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
bread() the UFS superblock. Should eliminate crashes when trying
to do: mount -t ufs on an audio CD.
PR: kern/85893
Reported by: Russell Francis <rfrancis at ev dot net>
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| | |
non-intuitive for the ~ to be built into the mask. All the users now
explicitly ~ the mask. In addition, add MTX_UNOWNED to the mask even
though it technically isn't a flag. This should unbreak mtx_owner().
Quickly spotted by: kris
|
| | |
| |
| |
| |
| |
| | |
it. We just moved it to be pci specific, so this was causing compile
problems (linking problems, so I didn't notice since I unwisely just
built the module).
|
| | |
| |
| |
| | |
our ISR.
|
| | |
| |
| |
| |
| | |
context switch while in the debugger, reenter the debugger sooner before
performing any statistics updates.
|
| | | |
|
| | |
| |
| |
| | |
instead of 'for (;;) { if (foo) break; ... }'.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
vendor-specific device ids across vendors.
- Include the revision in the dc_devs[] array instead of special casing
the revid handling in dc_devtype().
- Use PCI bus accessors to read registers instead of pci_read_config()
where possible.
- Use an 8-bit write to update the latency timer.
- Use PCIR_xxx constants and remove unused DC_xxx related to standard
PCI config registers.
MFC after: 1 week
|
| | |
| |
| |
| | |
get the subvendor device id.
|
| | |
| |
| |
| |
| | |
freed), & cs (CPU context switch rate). 'vmstat 1' output is now lined up
for today's typical machines vs. a VAX. [tested my modest 1.6ghz laptop]
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dropped. This prevents a bug introduced during the socket/pcb refcounting
work from occuring, in which occasionally the retransmit timer may fire
after a connection has been reset, resulting in the resulting R|A TCP
packet having a source port of 0, as the port reservation has been
released.
While here, fixing up some RUNLOCK->WUNLOCK bugs.
MFC after: 1 month
|
| | |
| |
| |
| |
| |
| |
| | |
is not required. This simplifies error-handling, and reduces the time
that this lock is held.
MFC after: 1 month
|
| | |
| |
| |
| | |
are needed still.
|
| | | |
|
| | |
| |
| |
| | |
Use a better name for the cbb thread.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
resulting in some build failures. Instead, to fix the problem of bpf not
being present, check the pointer before dereferencing it.
This is a temporary bandaid until we can decide on how we want to handle
the bpf code not being present. This will be fixed shortly.
|
| | | |
|
