| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
with other commonly used sysctl name spaces, rather than declaring them
all over the place.
MFC after: 1 month
Sponsored by: nCircle Network Security, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
audit pipes. If the kernel record was not selected for the trail or the pipe,
any user supplied record attached to it would be tossed away, resulting in
otherwise selected events being lost.
- Introduce two new masks: AR_PRESELECT_USER_TRAIL AR_PRESELECT_USER_PIPE,
currently we have AR_PRESELECT_TRAIL and AR_PRESELECT_PIPE, which tells
the audit worker that we are interested in the kernel record, with
the additional masks we can determine if either the pipe or trail is
interested in seeing the kernel or user record.
- In audit(2), we unconditionally set the AR_PRESELECT_USER_TRAIL and
AR_PRESELECT_USER_PIPE masks under the assumption that userspace has
done the preselection [1].
Currently, there is work being done that allows the kernel to parse and
preselect user supplied records, so in the future preselection could occur
in either layer. But there is still a few details to work out here.
[1] At some point we need to teach au_preselect(3) about the interests of
all the individual audit pipes.
This is a RELENG_6 candidate.
Reviewed by: rwatson
Obtained from: TrustedBSD Project
MFC after: 1 week
|
| | |
|
| |
|
|
|
|
| |
header fields to zero on mbuf allocation.
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| |
|
|
|
|
| |
comment to it claims.
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
m_pkthdr.ether_vlan. The presence of the M_VLANTAG flag on the mbuf
signifies the presence and validity of its content.
Drivers that support hardware VLAN tag stripping fill in the received
VLAN tag (containing both vlan and priority information) into the
ether_vtag mbuf packet header field:
m->m_pkthdr.ether_vtag = vlan_id; /* ntohs()? */
m->m_flags |= M_VLANTAG;
to mark the packet m with the specified VLAN tag.
On output the driver should check the mbuf for the M_VLANTAG flag to
see if a VLAN tag is present and valid:
if (m->m_flags & M_VLANTAG) {
... = m->m_pkthdr.ether_vtag; /* htons()? */
... pass tag to hardware ...
}
VLAN tags are stored in host byte order. Byte swapping may be necessary.
(Note: This driver conversion was mechanic and did not add or remove any
byte swapping in the drivers.)
Remove zone_mtag_vlan UMA zone and MTAG_VLAN definition. No more tag
memory allocation have to be done.
Reviewed by: thompsa, yar
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| | |
|
| |
|
|
|
| |
Obtained from: TrustedBSD Project
MFC after: 3 days
|
| |
|
|
|
|
|
| |
a console warning. Eventually, we will capture more arguments for sysarch.
Obtained from: TrustedBSD Project
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
unconfigured state of the kernel accounting system. This is used by
the accounting privilege regression test to determine whether
accounting is in use and will be disrupted by the regression test.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
MFC after: 1 month
|
| |
|
|
|
| |
Requested by: Jon Otterholm
Tested by: Jon Otterholm
|
| | |
|
| |
|
|
|
|
| |
at greater then lun 0.
MFC after: 1 week
|
| |
|
|
|
|
| |
Reviewed by: marcel (ia64)
Obtained from: TrustedBSD Project
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
| |
- add support to power off the system [2]
- check the linux magic values [3]
Submitted by: Marcin Cieslak <saper@SYSTEM.PL> [1,2]
Modelled after: linux man page of the reboot() syscall [3]
Found by: LTP testcase "reboot02" [1]
Tested with: LTP testcase "reboot02" [1,3]
MFC after: 1 week
|
| |
|
|
|
|
| |
Submitted by: Stanislav Sedov
PR: kern/84637
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
of the BOOT flag. It can be performed on both attached and detached
providers.
Requested by: Matthias Lederhofer <matled@gmx.net>
MFC after: 1 week
|
| |
|
|
|
| |
Approved by: phk
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
ipfw add allow ip6 from any to 2000::/16,2002::/16
PR: 102422 (part 3)
Submitted by: Andrey V. Elsukov <bu7cher at yandex dot ru>
MFC after: 5 days
|
| |
|
|
|
| |
Approved by: phk
MFC after: 3 days
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
Use something like this:
route add -inet6 <dest_addr> <my_addr_on_that_interface> -interface -llinfo
This is usefull for wireless adhoc mesh networks.
MFC after: 5 days
|
| |
|
|
|
|
|
|
|
| |
of individual interfaces should match the ipackets/ibytes counter of
the aggregate (FEC) interface.
PR: kern/82189
Submitted by: Stikheev Andrew <sand AT zunet DOT ru>
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
| |
- Added support for multicast filtering, now that the firmware
supports it. Note that this is not yet tested, as multicast
seems to panic -current (even w/o mxge loaded)
- Added workaround to cope with different irq data struct size on
pre-multicast firmware which can found running on nics.
- Added Intel E5000 PCIe chipsets to list providing aligned completions.
- Replaced various magic constants with #defines, now that they are
defined in the firmware headers.
|
| |
|
|
|
|
|
| |
no additional argument is given or details about the given GEOM object
(class, geom, provider or consumer).
Approved by: phk
|
| |
|
|
|
|
|
|
| |
from wrapping when we generate a maximally sized packet for later
segmentation.
Noticed by: gallatin
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
trunk ports first. If that succeeds, and we're inside our own bounds,
so be it.
Still not ideal -- adding a port after changing an MTU doesn't change
port's MTU, but a step in the right direction.
PR: kern/95417
Submitted by: Vladimir Ivanov <wawa AT yandex-team DOT ru>
MFC after: 3 days
I've slightly edited a patch to make the conditional logic positive
and remove (what I think was) a redundant ng_fec_init() call.
|
| |
|
|
|
|
|
|
|
| |
are supposed to be set directly in ifnet already. This change fixes a
panic when ng_eiface node is attached to ng_fec node and the latter is
shut down (ng_fec sets flags and then calls SIOCSIFFLAGS with a NULL
argument).
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
in the transmit busdma tag, so I moved the segment list off the
stack.
- Fixed transmit routine to ensure it doesn't read past the end
of an mbuf when parsing headers.
- Corrected handling of odd length segments. Setting MXGEFW_FLAGS_ALIGN_ODD
is required only when offloading the checksum of that frame.
Sponsored by: Myricom Inc.
|
| |
|
|
|
|
|
|
| |
if_watchdog, etc., or in functions used only in these methods.
In all other functions in the driver use device_printf().
- Use __func__ instead of typing function name.
Submitted by: Alex Lyashkov <umka sevcity.net>
|
| | |
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
if_ioctl, if_watchdog, etc, or in functions that are used by
these methods only. In all other cases use device_printf().
This also fixes several panics, when if_printf() is called before
softc->ifp was initialized.
Submitted by: Alex Lyashkov <umka sevcity.net>
|
| |
|
|
|
|
| |
to use the current_ geometry.
This avoids a panic with BIOS'n that sets these to zero.
|
| | |
|
| | |
|
| |
|
|
|
| |
Pointed out by: wsk
Message-ID: <45060FC4.2090308@gddsn.org.cn>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
adds a FS type specific flag indicating that the FS supports shared
vnode lock lookups, adds some logic in vfs_lookup.c to test this flag
and set lock flags appropriately.
- amd on 6.x is a non-starter (without this change). Using amd under
heavy load results in a deadlock (with cascading vnode locks all the
way to the root) very quickly.
- This change should also fix the more general problem of cascading
vnode deadlocks when an NFS server goes down.
Ideally, we wouldn't need these changes, as enabling shared vnode lock
lookups globally would work. Unfortunately, UFS, for example isn't
ready for shared vnode lock lookups, crashing pretty quickly.
This change is the result of discussions with Stephan Uphoff (ups@).
Reviewed by: ups@
|
| |
|
|
|
|
|
|
|
| |
in syscons. This replaces a simple access semaphore that was assumed to be
protected by Giant but often was not. If two threads that were otherwise
SMP-safe called printf at the same time, there was a high likelyhood that
the semaphore would get corrupted and result in a permanently frozen video
console. This is similar to what is already done in the serial console
drivers.
|
| |
|
|
|
|
|
|
|
|
| |
protect the vnode, it was present to synchronize access to TTY session
information between exit(2) and the TTY code. While we are here, note that
Giant is required for TTY protection.
Clue from: bde
Discussed with: jhb
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
request can still have bio_to set to sc_provider (this is READ part of a
synchronization request) and in this case g_{mirror,raid3}_sync() wasn't
called as it should be.
MFC after: 1 week
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
functionality:
- Remove a rwlock aquisition/release per generated syncookie. Locking
is now integrated with the bucket row locking of syncache itself and
syncookies no longer add any additional lock overhead.
- Syncookie secrets are different for and stored per syncache buck row.
Secrets expire after 16 seconds and are reseeded on-demand.
- The computational overhead for syncookie generation and verification
is one MD5 hash computation as before.
- Syncache can be turned off and run with syncookies only by setting the
sysctl net.inet.tcp.syncookies_only=1.
This implementation extends the orginal idea and first implementation
of FreeBSD by using not only the initial sequence number field to store
information but also the timestamp field if present. This way we can
keep track of the entire state we need to know to recreate the session in
its original form. Almost all TCP speakers implement RFC1323 timestamps
these days. For those that do not we still have to live with the known
shortcomings of the ISN only SYN cookies. The use of the timestamp field
causes the timestamps to be randomized if syncookies are enabled.
The idea of SYN cookies is to encode and include all necessary information
about the connection setup state within the SYN-ACK we send back and thus
to get along without keeping any local state until the ACK to the SYN-ACK
arrives (if ever). Everything we need to know should be available from
the information we encoded in the SYN-ACK.
A detailed description of the inner working of the syncookies mechanism
is included in the comments in tcp_syncache.c.
Reviewed by: silby (slightly earlier version)
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| |
|
|
| |
inlined.
|
| |
|
|
|
| |
Reported by: netchild
Reviewed by: rwatson
|
| |
|
|
|
|
| |
for KVA_PAGES, and that it it likely needed for >4GB memory boxes..
MFC after: 3 days
|
| | |
|
| |
|
|
| |
Reported by: jkim
|
| |
|
|
| |
Approved by: scottl@
|
