Crist J. Clark [Thu, 21 Jun 2001 19:17:15 +0000 (19:17 +0000)]
Fixing a bug reported on freebsd-security. It is possible for
non-printable characters to sneak into /var/log/messages (e.g.
someone aims a Solaris/Linux RCP exploit at your FreeBSD box and
you end up with his shellcode as part of a log entry). You might
get something like,
In the daily security script as a result. Allowing attackers to
mess with your security script's ability to accurately report
is a Bad Thing. Tell grep(1) to treat /var/log/messages like a
text file even if it has non-printable characters.
Submitted by: Tim Zingelman <zingelman@fnal.gov> on freebsd-security
Approved by: ru
MFC after: 1 week
Josef Karthauser [Thu, 21 Jun 2001 10:28:40 +0000 (10:28 +0000)]
When reporting that a packet can't be written back, usually because
of a restrictive firewall rule, also report detail on the packet
that caused the failure.
Luigi Rizzo [Thu, 21 Jun 2001 08:59:12 +0000 (08:59 +0000)]
Remove tcpdump from the list of binaries. When cross-compiling
I get a link error on in6addr_<something> and i cannot find the
symbol in any of the libraries. It might be my mistake, but in any
case the crunched binary would overflow the floppy, so...
Luigi Rizzo [Thu, 21 Jun 2001 08:56:59 +0000 (08:56 +0000)]
Remove support of I386_CPU in -current.
Make sure hints are statically compiled into the kernel,
because the bootloader is not available in picobsd and so the
hints file cannot be found at run time.
(This is kind of inconvenient if you have to handle non PnP devices,
but fortunately these days non-PnP ISA cards are disappearing...)
Luigi Rizzo [Thu, 21 Jun 2001 08:53:21 +0000 (08:53 +0000)]
Use /dev/fd0 instead of /dev/fd0c for mounting the floppy.
This must have to do with the use of devfs in -CURRENT, but i
have no idea when the devfs is actually mounted (is it a
side effect of mount -t nonfs or what ?) and when /dev/fd0c becomes
available.
For the time being, let's use this hack. Once I understand how devfs
works, this can be reverted back to the previous value, and also the
part of the build script which creates device entries can be nuked.
This is for -current only.
Luigi Rizzo [Thu, 21 Jun 2001 08:49:46 +0000 (08:49 +0000)]
Move handling of crunch* files into Makefile.conf, which is a
better place to handle dependencies.
Make another step at helping cross-compiling: when the user specifies
an alternate source tree, the script takes care of creating include
files and libraries for the new tree.
Furthermore, build and use a version of the "config" program which
matches the new sources.
It takes a long time to create libraries, and it might even not do
the right thing at once, there might be some dependencies that i
have forgotten. At any rate, with this code i have been able to
build a working picobsd image using -CURRENT sources on -STABLE
- Renumber KAME local ICMP types and NDP options numberes beacaues they
are duplicated by newly defined types/options in RFC3121
- We have no backward compatibility issue. There is no apps in our
distribution which use the above types/options.
Dima Dorfman [Thu, 21 Jun 2001 01:36:09 +0000 (01:36 +0000)]
Fail if -s isn't specified for an MD_MALLOC or MD_SWAP disk; the
driver itself obviously won't configure such a disk, but the error
returned (EDOM) is more cryptic to the average user than it should be.
Also assert that the argument to -u is in fact a valid unit; don't
just accept any string to mean 0.
John Baldwin [Wed, 20 Jun 2001 23:34:06 +0000 (23:34 +0000)]
Don't lock around swap_pager_swap_init() that is only called once during
the pagedaemon's startup code since it calls malloc which results in lock
order reversals.
Josef Karthauser [Wed, 20 Jun 2001 23:21:02 +0000 (23:21 +0000)]
Use 'LIBS+= ...' instead of 'LIBS= ...' in the generated makefile
so that the user can override libraries at build time. This is
makes it easier to cross-compile crunch builds.
John Baldwin [Wed, 20 Jun 2001 23:10:06 +0000 (23:10 +0000)]
Fix some lock order reversals where we called free() while holding a proc
lock. We now use temporary variables to save the process argument pointer
and just update the pointer while holding the lock. We then perform the
free on the cached pointer after releasing the lock.
Joerg Wunsch [Wed, 20 Jun 2001 20:21:55 +0000 (20:21 +0000)]
Cosmetics:
. staticize out_fdc(), there's no longer an ft(4) driver sharing its use
. remove in_fdc(), has been used by ft(4) last time, long since obsoleted
by fd_in()
. move the declaration of fd_clone() to where most of the other function
declarations are
. de-__P()ify fd_clone(), it's been the only _P()ed function in the
entire file
Bosko Milekic [Wed, 20 Jun 2001 19:48:35 +0000 (19:48 +0000)]
Change m_devget()'s outdated and unused `offset' argument to actually mean
something: offset into the first mbuf of the target chain before copying
the source data over.
Make drivers using m_devget() with a first argument "data - ETHER_ALIGN"
to use the offset argument to pass ETHER_ALIGN in. The way it was previously
done is potentially dangerous if the source data was at the top of a page
and the offset caused the previous page to be copied (if the
previous page has not yet been appropriately mapped).
The old `offset' argument in m_devget() is not used anywhere (it's always
0) and dates back to ~1995 (and earlier?) when support for ethernet trailers
existed. With that support gone, it was merely collecting dust.
Ian Dowse [Wed, 20 Jun 2001 16:47:23 +0000 (16:47 +0000)]
The serial console break-to-debugger support only functioned while
the console device was open. At other times, the interrupts that
are used to detect the break signal or ~^B sequence were disabled,
so these events would not be noticed until the next open (e.g. the
next kernel printf). This was mainly a problem while there was no
getty running on the console, such as during bootup or shutdown.
For serial consoles with break-to-debugger support, we now enable
the generation of interrupts at attach time, and we leave them
enabled while the device is closed.
Reviewed by: bde (I've since made chages as per his suggestions)
Brian Somers [Wed, 20 Jun 2001 14:52:20 +0000 (14:52 +0000)]
o Add a -a flag for changing/getting the ALTPIN setting for a digi port.
o For the -i switch, only show the device if more than one is given on
the command line.
Brian Somers [Wed, 20 Jun 2001 14:52:08 +0000 (14:52 +0000)]
Allow individual ports to use alternate pin settings (swap dsr & cd)
via the new DIGIIO_SETALTPIN ioctl, and allow the port's ALTPIN setting
to be queried via DIGIIO_GETALTPIN.
The initial state and lock devices are normally used to set and/or
lock ALTPIN settings although the device itself may also be used.
ALTPIN settings are applied per-device and apply to both the callin
and callout device at the same time.
Hajimu UMEMOTO [Wed, 20 Jun 2001 13:17:07 +0000 (13:17 +0000)]
Change default value of rtadvd_enable to NO to be compatible with
the following description in RFC2461:
AdvSendAdvertisements
A flag indicating whether or not the router sends
periodic Router Advertisements and responds to
Router Solicitations.
Default: FALSE
Note that AdvSendAdvertisements MUST be FALSE by
default so that a node will not accidentally start
acting as a router unless it is explicitly
configured by system management to send Router
Advertisements.
Hajimu UMEMOTO [Wed, 20 Jun 2001 12:32:48 +0000 (12:32 +0000)]
made sure to use the correct sa_len for rtalloc().
sizeof(ro_dst) is not necessarily the correct one.
this change would also fix the recent path MTU discovery problem for the
destination of an incoming TCP connection.
Brian Somers [Wed, 20 Jun 2001 10:06:28 +0000 (10:06 +0000)]
Close a race where we were releasing the unit resource at the start
of tunclose() rather than the end, and tunopen() grabbed that unit
before tunclose() finished (one process is allocating it while another
is freeing it!).
It may be worth hanging some sort of rw mutex around all specinfo
calls where d_close and the detach handler get a write lock and all
other functions get a read lock. This would guarantee certain levels
of ``atomicity'' (is that a word?) that people may expect (I believe
Solaris does something like this).
Doug Barton [Wed, 20 Jun 2001 07:15:38 +0000 (07:15 +0000)]
Work around the problem in RELENG_4 where the file doesn't actually
exist, and therefore mm_install is returning the "fail" value of
the test instead of the "success" value for install.
This change is a no-op on HEAD, but since the only harm on RELENG_4
ATM is a spurious warning it can follow the usual MFC practice.
John Baldwin [Wed, 20 Jun 2001 00:48:20 +0000 (00:48 +0000)]
Put the scheduler, vmdaemon, and pagedaemon kthreads back under Giant for
now. The proc locking isn't actually safe yet and won't be until the proc
locking is finished.
Constify the module name. This silences a few warnings ("initialization
discards qualifier"), and probably adds a few where module names are
compared to or passed as non-const strings.
Made all fields in default output be space separated. Run-together
columns confuse the heck out of other apps trying to parse vmstat output
(eg sscope). I made sure we're still <= 80 cols per line.
Fixed warnings about unused vars and printf %format mismatches.
Suppress update ifnet.iflastchange when processing packets for SNMP
requirements(RFC1573, interface MIB). This change for 4.4BSD was
first introduced in if_ethersubr.c:1.17->1.18.
BTW, iflastchange on all of IFs are inconsistent. e.g.
ether, tun: update
fddi, tokenring, ppp: not update
I'll make patch later.
Dima Dorfman [Mon, 18 Jun 2001 23:46:58 +0000 (23:46 +0000)]
Introduce mdmfs(8), a wrapper around mdconfig(8), disklabel(8),
newfs(8), and mount(8) that mimics the command line option set of the
deprecated mount_mfs(8).
Garrett Wollman [Mon, 18 Jun 2001 22:18:08 +0000 (22:18 +0000)]
Document _SC_IOV_MAX. Add cross-references to pathconf(2), confstr(3), and
getconf(1). This document still needs to be sorted and to have other missing
parameters described.
Bill Paul [Mon, 18 Jun 2001 22:04:40 +0000 (22:04 +0000)]
Fix some memory bugs with regard to jumbo buffers. I made a mistake when
converting from the old external mbuf buffer code to the new (with the
MEXTADD() macro). Also free free list memory correctly in
foo_free_jumbo_mem() routines: grab the head of the list, then
remove it, _then_ free() it.
This fixes the memory corruption problem I've been chasing in the level 1
driver.