| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- share policy-on-socket for listening socket.
- don't copy policy-on-socket at all. secpolicy no longer contain
spidx, which saves a lot of memory.
- deep-copy pcb policy if it is an ipsec policy. assign ID field to
all SPD entries. make it possible for racoon to grab SPD entry on
pcb.
- fixed the order of searching SA table for packets.
- fixed to get a security association header. a mode is always needed
to compare them.
- fixed that the incorrect time was set to
sadb_comb_{hard|soft}_usetime.
- disallow port spec for tunnel mode policy (as we don't reassemble).
- an user can define a policy-id.
- clear enc/auth key before freeing.
- fixed that the kernel crashed when key_spdacquire() was called
because key_spdacquire() had been implemented imcopletely.
- preparation for 64bit sequence number.
- maintain ordered list of SA, based on SA id.
- cleanup secasvar management; refcnt is key.c responsibility;
alloc/free is keydb.c responsibility.
- cleanup, avoid double-loop.
- use hash for spi-based lookup.
- mark persistent SP "persistent".
XXX in theory refcnt should do the right thing, however, we have
"spdflush" which would touch all SPs. another solution would be to
de-register persistent SPs from sptree.
- u_short -> u_int16_t
- reduce kernel stack usage by auto variable secasindex.
- clarify function name confusion. ipsec_*_policy ->
ipsec_*_pcbpolicy.
- avoid variable name confusion.
(struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct
secpolicy *)
- count number of ipsec encapsulations on ipsec4_output, so that we
can tell ip_output() how to handle the packet further.
- When the value of the ul_proto is ICMP or ICMPV6, the port field in
"src" of the spidx specifies ICMP type, and the port field in "dst"
of the spidx specifies ICMP code.
- avoid from applying IPsec transport mode to the packets when the
kernel forwards the packets.
Tested by: nork
Obtained from: KAME
|
| |
|
|
|
| |
exits, otherwise shell will be confused and does not set foreground
group correctly for next su command. This sounds like a bug in sh.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
has been called, since it points to a shared inode buffer that may
be overwritten. The two cases where `dp' was used incorrectly appear
to have been overlooked when "nodump" inheritance was first added
in revision 1.12.
This is reported to correct propagation of the nodump flag on
directories that are larger than one block in size.
PR: bin/58912
Submitted by: Volker Paepcke <vpaepcke@incore.de>
MFC after: 1 week
|
| |
|
|
| |
Obtained from: KAME
|
| |
|
|
|
|
|
| |
- nuke unused macro PSUEDO_SET().
- I believe our if_xname stuff is nothing strange against other BSDs.
Obtained from: KAME
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
mdoc handling possibly fragile :)
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
make an effort to preserve the ownership and mode of the file we are
editing.
Sponsored by: Registrar AS
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
mbstate_t object that they ignore. The zeroing is fairly expensive, and it
will never be necessary in these functions; when we support state-dependent
encodings, we will pass in a pointer to the file's mbstate_t object, and
only zero it at the time the file gets opened.
|
| |
|
|
|
|
| |
PR: 58909
Submitted by: Chris Pepper <pepper@rockefeller.edu>
MFC after: 1 week
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a new filesystem. Dump and fsck will create snapshots in this
directory rather than in the root for two reasons:
1) For terabyte-sized filesystems, the snapshot may require many
minutes to build. Although the filesystem will not be suspended
during most of the snapshot build, the snapshot file itself is
locked during the entire snapshot build period. Thus, if it is
accessed during the period that it is being built, the process
trying to access it will block holding its containing directory
locked. If the snapshot is in the root, the root will lock and
the system will come to a halt until the snapshot finishes. By
putting the snapshot in a subdirectory, it is out of the likely
path of any process traversing through the root and hence much
less likely to cause a lock race to the root.
2) The dump program is usually run by a non-root user running with
operator group privilege. Such a user is typically not permitted
to create files in the root of a filesystem. By having a directory
in group operator with group write access available, such a user
will be able to create a snapshot there. Having the dump program
create its snapshot in a subdirectory below the root will benefit
from point (1) as well.
Sponsored by: DARPA & NAI Labs.
|
| |
|
|
|
|
|
|
| |
- Add the following functions to the api: sched_bind(), sched_unbind(),
sched_pin(), and sched_unpin(). Bind/unbind are used for traditional
cpu binding. Pin and unpin are meant to allow the kernel to hold a thread
on a particular cpu so that it may cache per-cpu data without fear of
being migrated.
|
| |
|
|
|
|
|
| |
remove a snapshot file from the directory in which they have requested
to have it made. If they do not have write permission in the directory
or the directory is sticky and not owned by the user, then they
will not be able to remove the snapshot when they are done with it.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
no matter where in the directory structure it may be. Use this and the "-k"
flag in the generated gdbinit files so that the "getsyms" function in gdb
requires no user intervention to run and will find every module if they're
in the kernel build's module directory. This is still quite useful for
cases where gdb knows that the path for some modules is /boot/kernel and
others are in the object directory for /usr/src/sys/$ARCH/compile/kernel.
Approved by: grog
|
| |
|
|
| |
Non-use of %# mocked by: bde
|
| |
|
|
|
|
|
| |
waitrunningbufspace() calls so that they are always able to
proceed and clean up buffer space.
Submitted by: Brian Fundakowski Feldman <green@freebsd.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
tcpdump -y ieee802_11 will work in the basic senses, including the
code compilation for filters (where you may specify "link[]" to refer
to parts of the 802.11 header, as well as treat it like a normal
Ethernet header). Previously, it was just too far off to do anything
useful for us.
* While I'm here, fix some compile problems that will result from lex
and yacc namespace polution when linking with -lpcap. The namespace
is now "pcapyy*" instead of "yy*", and it tests fine with world and
some external applications that may or may not use "yy*".
|
| |
|
|
|
|
|
|
|
|
|
| |
index referencing it. We need to know the original type and name
so that we know what to put in the table when we reconstruct it.
o Clear the table entries before we rebuild it to avoid that we
end up with stale data.
o Sequentially populate the table entries from the chunks. For the
chunks that have an index (now referencing the saved copy) we
use the saved type and name. This way we can handle unknown types
better. In all cases we update the start and end LBAs.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
o Fix minor type problems
o Fix minor problem with a couple debug printfs.
o Default to a sane media type when none is reported.
o Minor style changes
The PR complains this will fix the IBM 300GL cards.
Submitted by: Max Gotlib
PR: 11462
|
| | |
|
| |
|
|
|
|
|
|
| |
a partition size on ia64. It's not true.
o Ask for a mountpoint for EFI partitions as well and check that it
isn't "/".
o On ia64 we may need to add EFI partitions. Make sure we pass the
right arguments to Create_Chunk_DWIM() in that case.
|
| | |
|
| |
|
|
|
|
|
|
| |
Use zpfind() to see if the process became a zombie if pfind() doesn't find it
and if the caller wants to know about process death, so that the caller knows
the process died even if it happened before the kevent was actually registered.
MFC after: 1 week
|
| | |
|
| |
|
|
|
|
|
|
| |
This fixes a race condition (specifically with signal events) that could
lead to the kn being re-inserted into the list after it has been destroyed,
which is not something we want to happen.
PR: kern/58258
|
| | |
|
| |
|
|
|
| |
is computed, so the user thinks that for non-PRISM cards there are
more APs represented than exist.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
operating mode to HostAP, the card will lock up indefinitely (but
the wi(4) driver can recover if you eject the card). The problem is
that the card needs to be "reset" in a way before you even change the
media to hostap. In practice this isn't as noticeable because you
probably do some operation beforehand which prevents the lock-up
before you enable hostap mode.
e.g.:
"ifconfig wi0 up media autoselect mediaopt hostap" will lock up
(if you just inserted the card).
"ifconfig wi0 up ssid foo media autoselect mediaopt hostap" won't lock up.
|
| |
|
|
|
|
|
|
| |
sometimes, su will receive a SIGTTOU when parent su tries to set child
su's process group as foreground group, and su will be stopped unexpectly,
ignoring SIGTTOU fixes the problem.
Noticed by: fjoe
|
| | |
|
| |
|
|
|
| |
'device acpi' as well as the temporary disablement of the ACPI kernel
module.
|
| | |
|
| | |
|
