aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add libbsm to the library build.Robert Watson2006-02-022-1/+141
| | | | | | | Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155212
* Define $LIBBSM.Robert Watson2006-02-021-0/+1
| | | | | | | Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155211
* Install /etc/security configuration files from OpenBSM.Robert Watson2006-02-021-0/+15
| | | | | | | Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155210
* Add auditd rc.d script.Robert Watson2006-02-022-1/+35
| | | | | | | | Submitted by: trhodes Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155209
* Add auditd_enable and auditd_flags rc.d scripts.Robert Watson2006-02-021-0/+2
| | | | | | | Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155208
* Enable 'complete' rx checksum offloading (i.e. let chip calculate checksumsOleg Bulyzhin2006-02-021-2/+3
| | | | | | | | | | | with pseudo header for tcp/udp packets). This could save one in_pseudo() call per incoming tcp/udp packet. Approved by: glebius (mentor) MFC after: 3 weeks Notes: svn path=/head/; revision=155207
* Make sure we don't pick up a loopid that's larger than ourMatt Jacob2006-02-021-3/+12
| | | | | | | | | | current portdb max (MAX_FC_TARG == 256) now that we support 2K Login f/w. MFC after: 3 days Notes: svn path=/head/; revision=155206
* - textvp may have been from a different mountpoint than ndp->ni_vp andJeff Roberson2006-02-021-1/+6
| | | | | | | | | | we may need to acquire giant to vrele it. Found by: mjacob MFC After: 3 days Notes: svn path=/head/; revision=155205
* Correctly report L2 cache size according to its code comment.David Xu2006-02-021-2/+2
| | | | | | | Tested on my Dual PIII machine. Notes: svn path=/head/; revision=155203
* Somewhat re-factor the read/write locking mechanism associated with the packetChristian S.J. Peron2006-02-029-163/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | filtering mechanisms to use the new rwlock(9) locking API: - Drop the variables stored in the phil_head structure which were specific to conditions and the home rolled read/write locking mechanism. - Drop some includes which were used for condition variables - Drop the inline functions, and convert them to macros. Also, move these macros into pfil.h - Move pfil list locking macros intp phil.h as well - Rename ph_busy_count to ph_nhooks. This variable will represent the number of IN/OUT hooks registered with the pfil head structure - Define PFIL_HOOKED macro which evaluates to true if there are any hooks to be ran by pfil_run_hooks - In the IP/IP6 stacks, change the ph_busy_count comparison to use the new PFIL_HOOKED macro. - Drop optimization in pfil_run_hooks which checks to see if there are any hooks to be ran, and returns if not. This check is already performed by the IP stacks when they call: if (!PFIL_HOOKED(ph)) goto skip_hooks; - Drop in assertion which makes sure that the number of hooks never drops below 0 for good measure. This in theory should never happen, and if it does than there are problems somewhere - Drop special logic around PFIL_WAITOK because rw_wlock(9) does not sleep - Drop variables which support home rolled read/write locking mechanism from the IPFW firewall chain structure. - Swap out the read/write firewall chain lock internal to use the rwlock(9) API instead of our home rolled version - Convert the inlined functions to macros Reviewed by: mlaier, andre, glebius Thanks to: jhb for the new locking API Notes: svn path=/head/; revision=155201
* Regenerate.Robert Watson2006-02-025-15/+14
| | | | Notes: svn path=/head/; revision=155200
* Map audit-related system calls to audit event identifiers.Robert Watson2006-02-021-10/+10
| | | | | | | | Much work by: wsalamon Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155199
* Hook up audit to fork() and exit() events. These changes manage theRobert Watson2006-02-022-1/+16
| | | | | | | | | | audit state on processes, not auditing of these events. Much work by: wsalamon Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155198
* Add /var/audit, mode 750, which will hold audit trail files.Robert Watson2006-02-021-0/+2
| | | | | | | Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155197
* Hook up audit to the initial process creation events (proc0, proc1).Robert Watson2006-02-021-0/+9
| | | | | | | | Much help from: wsalamon Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155196
* Add new fields to process-related data structures:Robert Watson2006-02-024-0/+21
| | | | | | | | | | | | | | | | | | | - td_ar to struct thread, which holds the in-progress audit record during a system call. - p_au to struct proc, which holds per-process audit state, such as the audit identifier, audit terminal, and process audit masks. In the earlier implementation, td_ar was added to the zero'd section of struct thread. In order to facilitate merging to RELENG_6, it has been moved to the end of the data structure, requiring explicit initalization in the thread constructor. Much help from: wsalamon Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155195
* Add 'options AUDIT' and associate various .c files with the AUDITRobert Watson2006-02-012-0/+8
| | | | | | | | | | | | | | option. We always build audit_syscalls.c so that the system call stubs can return ENOSYS rather than the system call code generating SIGSYS for the system calls. We are not yet ready to add AUDIT to LINT, as the prototypes for system call arguments won't be there until after the system calls for audit are added. Much work from: wsalamon Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=155194
* Xref rwlock(9).Gleb Smirnoff2006-02-014-4/+8
| | | | | | | Reviewed by: ru Notes: svn path=/head/; revision=155193
* Import kernel audit framework:Robert Watson2006-02-019-0/+6228
| | | | | | | | | | | | | | | | | | - Management of audit state on processes. - Audit system calls to configure process and system audit state. - Reliable audit record queue implementation, audit_worker kernel thread to asynchronously store records on disk. - Audit event argument. - Internal audit data structure -> BSM audit trail conversion library. - Audit event pre-selection. - Audit pseudo-device permitting kernel->user upcalls to notify auditd of kernel audit events. Much work by: wsalamon Obtained from: TrustedBSD Project, Apple Computer, Inc. Notes: svn path=/head/; revision=155192
* Update src/sys/bsm include files to match OpenBSM (albeit with aRobert Watson2006-02-014-45/+1234
| | | | | | | | | | | | couple of FreeBSD-specific modifications that may be merged out later). These include files define the basic audit data structures, types, and definitions use by the kernel, or shared by the kernel and user space. Obtained from: TrustedBSD Project, Apple Computer, Inc. Notes: svn path=/head/; revision=155191
* Document read/write locks.Gleb Smirnoff2006-02-012-0/+201
| | | | | | | Reviewed by: jhb, ru Notes: svn path=/head/; revision=155189
* Don't add an agp child in vgapci's attach routine if the PCIY_AGPJohn Baldwin2006-02-013-7/+20
| | | | | | | | | | capability is present as not all devices supported by the agp_i810 driver (such as i915) have the AGP capability. Instead, add an identify routine to the agp_i810 driver that uses the PCI ID to determine if it should create an agp child device. Notes: svn path=/head/; revision=155186
* Add regression tests which will verify that giving no key components forPawel Jakub Dawidek2006-02-011-0/+65
| | | | | | | | | init/attach/setkey subcommands is really impossible. MFC after: 3 days Notes: svn path=/head/; revision=155185
* Optimize bge_rxeof() & bge_txeof(): return immediately if there are no packetsOleg Bulyzhin2006-02-011-4/+10
| | | | | | | | | | | | to process. It could give us [significant?] perfomance increase if there is big difference between RX/TX flows. Submitted by: Mihail Balikov <mihail.balikov AT interbgc DOT com> Approved by: glebius (mentor) MFC after: 3 days Notes: svn path=/head/; revision=155184
* Deny init/attach/setkey subcommands when no key components are given.Pawel Jakub Dawidek2006-02-011-1/+4
| | | | | | | | MFC after: 3 days Tested with: prove /usr/src/tools/regression/geom_eli Notes: svn path=/head/; revision=155183
* Since bge_rxeof() & bge_txeof() depends on status block data it should beOleg Bulyzhin2006-02-011-14/+16
| | | | | | | | | | | synchronized on every call of bge_poll_locked(). Suggested by: Mihail Balikov <mihail.balikov AT interbgc DOT com> Approved by: glebius (mentor) MFC after: 3 days Notes: svn path=/head/; revision=155182
* Expand contractions.Joel Dahl2006-02-019-13/+13
| | | | Notes: svn path=/head/; revision=155181
* 1) Fix link state detection for cards operating in TBI mode (fiber ones)Oleg Bulyzhin2006-02-012-25/+31
| | | | | | | | | | | 2) add missing bus_dmamap_sync() call in bge_intr() Tested by: Husnu Demir <hdemir AT metu DOT edu DOT tr> Approved by: glebius (mentor) MFC after: 3 days Notes: svn path=/head/; revision=155180
* Move the IPSEC related code blocks to their own file to unclutterAndre Oppermann2006-02-015-445/+655
| | | | | | | | | | | | | | | | | and signifincantly improve the readability of ip_input() and ip_output() again. The resulting IPSEC hooks in ip_input() and ip_output() may be used later on for making IPSEC loadable. This move is mostly mechanical and should preserve current IPSEC behaviour as-is. Nothing shall prevent improvements in the way IPSEC interacts with the IPv4 stack. Discussed with: bz, gnn, rwatson; (earlier version) Notes: svn path=/head/; revision=155179
* Record the change in vnone_create_vobject() argument size,Yaroslav Tykhiy2006-02-011-0/+4
| | | | | | | | which broke kernel ABI to filesystem modules on i386, where sizeof(size_t) != sizeof(off_t). Notes: svn path=/head/; revision=155178
* Use off_t for file size passed to vnode_create_vobject().Yaroslav Tykhiy2006-02-012-2/+2
| | | | | | | | | | | | The former type, size_t, was causing truncation to 32 bits on i386, which immediately led to undersizing of VM objects backed by files >4GB. In particular, sendfile(2) was broken for such files. PR: kern/92243 MFC after: 5 days Notes: svn path=/head/; revision=155177
* Remove trailing spaces.Pawel Jakub Dawidek2006-02-0112-28/+28
| | | | Notes: svn path=/head/; revision=155175
* Remove trailing spaces.Pawel Jakub Dawidek2006-02-0128-67/+67
| | | | Notes: svn path=/head/; revision=155174
* Remove unsupported hardware.Yoshihiro Takahashi2006-02-011-2/+0
| | | | | | | X-MFC after: soon Notes: svn path=/head/; revision=155172
* Setting IFF_ALLMULTI on a running interface didn't call bge_setmulti()Ruslan Ermilov2006-02-011-1/+4
| | | | | | | | | as intended, resulting in a non-working multicast routing. Fix it. MFC after: 3 days Notes: svn path=/head/; revision=155170
* - Install a temporary bandaid in vm_object_reference() that will stopJeff Roberson2006-02-011-5/+5
| | | | | | | mtx_assert()s from triggering until I find a real long-term solution. Notes: svn path=/head/; revision=155169
* - Solve a problem where a vput could be called on an outgoing directoryJeff Roberson2006-02-011-5/+13
| | | | | | | | | | | | without Giant held. Do this by tracking the vfslocked state for the directory seperate from the child. This is only important in the case where we cross a mountpoint. Sponsored by: Isilon Systems, Inc. MFC After: 3 days Notes: svn path=/head/; revision=155168
* - chroot and chdir need to lock giant as appropriate for the outgoing vpJeff Roberson2006-02-012-0/+10
| | | | | | | | | | as well as the new vp. Sponsored by: Isilon Systems, Inc. MFC After: 3 days Notes: svn path=/head/; revision=155167
* Brain-o (use standard int types now).Ruslan Ermilov2006-02-011-2/+2
| | | | Notes: svn path=/head/; revision=155166
* Fix another compile problem. If I find any more, this file is going in theScott Long2006-02-011-1/+1
| | | | | | | Attic until it is properly fixed. Notes: svn path=/head/; revision=155162
* - Solve a race where we could lose a call to VOP_INACTIVE. If vget() waitingJeff Roberson2006-02-011-12/+30
| | | | | | | | | | | | | | | | on a lock held the last usecount ref on a vnode and the lock failed we would not call INACTIVE. Solve this by only holding a holdcnt to prevent the vnode from disappearing while we wait on vn_lock. Other callers may now VOP_INACTIVE while we are waiting on the lock, however this race is acceptable, while losing INACTIVE is not. Discussed with: kan, pjd Tested by: kkenn Sponsored by: Isilon Systems, Inc. MFC After: 1 week Notes: svn path=/head/; revision=155161
* - Reorder calls to vrele() after calls to vput() when the vrele is aJeff Roberson2006-02-018-88/+81
| | | | | | | | | | | | | | | directory. vrele() may lock the passed vnode, which in these cases would give an invalid lock order of child -> parent. These situations are deadlock prone although do not typically deadlock because the vrele is typically not releasing the last reference to the vnode. Users of vrele must consider it as a call to vn_lock() and order it appropriately. MFC After: 1 week Sponsored by: Isilon Systems, Inc. Tested by: kkenn Notes: svn path=/head/; revision=155160
* Attach ce(4) to the build.Roman Kurakin2006-01-314-0/+10
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=155159
* Remove duplicate model entry.Roman Kurakin2006-01-311-4/+0
| | | | Notes: svn path=/head/; revision=155158
* - Sync the list of supported chips with pcn_probe() as of sys/pci/if_pcn.cMarius Strobl2006-01-311-7/+3
| | | | | | | | | | | | | rev. 1.77, i.e. remove Am53C974/Am79C970/Am79C974 PCnet-PCI and Am79C970A PCnet-PCI II. - Change the entry of the PCnet-Home in the list of supported chips to match the other ones, i.e. s,PCnet/Home HomePNA,Am79C978 PCnet-Home,. - s,familly,family MFC after: 1 day Notes: svn path=/head/; revision=155157
* Add RWLOCK_NOINLINE.John Baldwin2006-01-311-1/+8
| | | | Notes: svn path=/head/; revision=155156
* Add a reference to le(4) as the SBus-based Ultra 1 have on-board LANCE.Marius Strobl2006-01-311-1/+2
| | | | Notes: svn path=/head/; revision=155155
* Add le(4) to the list of devices supporting VLAN-sized frames natively.Marius Strobl2006-01-311-1/+5
| | | | Notes: svn path=/head/; revision=155154
* Add a man page for le(4), based on the NetBSD one.Marius Strobl2006-01-312-0/+371
| | | | Notes: svn path=/head/; revision=155153
* Fix multicast routing on 64-bit platforms.Ruslan Ermilov2006-01-311-2/+2
| | | | | | | | Tested on: amd64 MFC after: 3 days Notes: svn path=/head/; revision=155152
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-22 04:56:09 +0000