weingart [Tue, 12 Aug 2008 18:27:22 +0000 (18:27 +0000)]
Nuke bigmem for release, still has issues.
ok deraadt@
damien [Tue, 12 Aug 2008 18:25:40 +0000 (18:25 +0000)]
AES Key Wrap adds a 64-bit MIC to the payload but we pad the content
of the frame so that it is a multiple of 8 bytes before encryption.
So we must reserve up to 15 bytes in the mbuf for the worst case, not 8.
damien [Tue, 12 Aug 2008 18:22:41 +0000 (18:22 +0000)]
process IGTK KDEs in EAPOL-Key frames and install integrity group keys
if MFP was negotiated with the peer (not possible yet).
damien [Tue, 12 Aug 2008 18:01:41 +0000 (18:01 +0000)]
extend the ic_nw_keys[] array to 6 elements.
indices 0-3 will be used for group data keys while indices 4-5 will
be used for integrity group keys.
add a ic_rsngroupmgmtcipher field too.
damien [Tue, 12 Aug 2008 17:54:57 +0000 (17:54 +0000)]
in a near future, unicast management frames will be encrypted/decrypted
using CCMP. use the right replay counter in this case.
damien [Tue, 12 Aug 2008 17:53:13 +0000 (17:53 +0000)]
Change the way we process EAPOL-Key frames.
Free the mbuf in the ieee80211_eapol_key_input() function.
Do not assume the frame is contiguous, call m_pullup2() if it is not.
We need the frame to be contiguous to process KDEs efficiently in
EAPOL-Key frames (just like we process IEs in management frames).
However, there are drivers like upgt(4) that use m_devget() in the
RX path. m_devget() can return fragmented mbuf chains.
Notice that we should do the same m_pullup2() for management frames.
This will be done later.
Remove the ic_recv_eapol callback.
miod [Tue, 12 Aug 2008 17:23:21 +0000 (17:23 +0000)]
Figured out where the prom console routines are on KA60 and how to invoke
them, thanks to old ultrix bootblocks lying around.
Also, enable M-Bus clock on the I/O slot IOCSR, this unstucks the cpu
clocks (which really are implemented on the SSC on the I/O module, but
need to be controlled via the cpu's ``internal'' processor registers...)
damien [Tue, 12 Aug 2008 16:56:45 +0000 (16:56 +0000)]
add new IEEE80211_CIPHER_AES128_CMAC cipher and new key flag
IEEE80211_KEY_IGTK.
lot of cleanup while i'm here (indent function prototypes).
change license since this file was completely rewritten.
damien [Tue, 12 Aug 2008 16:51:39 +0000 (16:51 +0000)]
Welcome BIP: the Broadcast/Multicast Integrity Protocol defined
in Draft IEEE P802.11w.
It provides data integrity and replay protection for broadcast/
multicast robust management frames (not used yet) using AES-128
in CMAC mode.
damien [Tue, 12 Aug 2008 16:45:44 +0000 (16:45 +0000)]
maintain a count of TKIP and CCMP replayed frames.
some cleanup while i'm here.
david [Tue, 12 Aug 2008 16:40:18 +0000 (16:40 +0000)]
use correct byte order when printing state expiration minutes; ok henning@
damien [Tue, 12 Aug 2008 16:33:38 +0000 (16:33 +0000)]
add replay counter for management frames.
damien [Tue, 12 Aug 2008 16:24:24 +0000 (16:24 +0000)]
fix values for QoS control field.
damien [Tue, 12 Aug 2008 16:21:46 +0000 (16:21 +0000)]
retrieve the TID from QoS frames to use with the appropriate
replay counter.
henning [Tue, 12 Aug 2008 16:14:45 +0000 (16:14 +0000)]
use MINCLSIZE to decide wether we need to allocate an mbuf cluster instead
of MLEM, damien ok
damien [Tue, 12 Aug 2008 16:14:05 +0000 (16:14 +0000)]
get rid of the map_ptk()/map_gtk() functions, just inline them
which makes things easier to track.
damien [Tue, 12 Aug 2008 16:05:15 +0000 (16:05 +0000)]
simplify ieee80211_derive_ptk() prototype.
pass the AKMP so we can support other key derivation functions in the
future.
damien [Tue, 12 Aug 2008 15:59:40 +0000 (15:59 +0000)]
use HMAC-MD5, HMAC-SHA1 and AES Key Wrap sys/crypto/
damien [Tue, 12 Aug 2008 15:49:07 +0000 (15:49 +0000)]
test vectors for HMAC-MD5, HMAC-SHA1, HMAC-SHA256, AES-128-CMAC,
AES Key Wrap.
ok djm@
damien [Tue, 12 Aug 2008 15:43:00 +0000 (15:43 +0000)]
Implementation of the HMAC-MD5, HMAC-SHA1, HMAC-SHA256, AES-128-CMAC
and AES Key Wrap algorithms.
They will replace/extend the non-generic implementation in net80211.
AES-128-CMAC tested by sobrado@ (AlphaServer 1200),
naddy@ (alpha/sparc64) and sthen@ (sparc64, armish).
HMAC-* reviewed by hshoexer@
ok and hints from djm@
otto [Tue, 12 Aug 2008 09:44:26 +0000 (09:44 +0000)]
basic bounds check on elf header info. avoid crashes on i.e.e truncated
kernels; noted by jasper@ ok miod@
mglocker [Tue, 12 Aug 2008 08:26:42 +0000 (08:26 +0000)]
Don't process xfers which have the stream error bit set in the stream
header.
jakemsr [Tue, 12 Aug 2008 06:50:16 +0000 (06:50 +0000)]
VT8233+ uses a different register base for capturing
from NetBSD. fixes recording for kili@, martynas@ and me.
mbalmer [Tue, 12 Aug 2008 06:32:14 +0000 (06:32 +0000)]
Fix a typo in a comment. From dawedawe@gmx.de.
brad [Mon, 11 Aug 2008 22:42:19 +0000 (22:42 +0000)]
Add support for TX/RX checksum offload for newer re(4) chipsets.
Tested by naddy@
From FreeBSD
jaredy [Mon, 11 Aug 2008 21:50:35 +0000 (21:50 +0000)]
plug a memleak when freeing io redirection in commands.
the leaked memory is actually reclaimed when the command
finishes but may grow until that happens, e.g. during
command execution.
ok phessler@.
testing sobrado@ jmc@ oga@.
kettenis [Mon, 11 Aug 2008 21:28:53 +0000 (21:28 +0000)]
Only print iotdb stuff when DEBUG.
kettenis [Mon, 11 Aug 2008 20:56:55 +0000 (20:56 +0000)]
Allow mapping mmio regions that are not page aligned.
ok miod@
jmc [Mon, 11 Aug 2008 20:43:16 +0000 (20:43 +0000)]
+Longshine LCS-8031N to the ral(4) list;
jmc [Mon, 11 Aug 2008 20:28:55 +0000 (20:28 +0000)]
some documentation updates for spamd synchronisation:
- whitelisted entries are not synced
- entries added manually (using spamdb) are not synced
suggested by Stephan A. Rickauer; ok reyk
jmc [Mon, 11 Aug 2008 20:24:45 +0000 (20:24 +0000)]
some consistency fixes and whitespace at eol removal;
jmc [Mon, 11 Aug 2008 20:23:19 +0000 (20:23 +0000)]
remove a note which seems to be duplicated; ok sobrado
kettenis [Mon, 11 Aug 2008 19:53:33 +0000 (19:53 +0000)]
Add hw.cupspeed cupport for all CPU types.
reyk [Mon, 11 Aug 2008 19:03:05 +0000 (19:03 +0000)]
fix a6 partition lookup where a static variable was incorrectly used in
the recursive findopenbsd() function. reported by PR 5905.
tested by many
ok deraadt@
kettenis [Mon, 11 Aug 2008 18:45:13 +0000 (18:45 +0000)]
Build apm(8) and apmd(8) on sparc64.
pointed out by deraadt@
kettenis [Mon, 11 Aug 2008 18:38:10 +0000 (18:38 +0000)]
Minimal apmvar.h such that we can enable apm(8) and apmd(8) on sparc64.
ok deraadt@
kettenis [Mon, 11 Aug 2008 18:20:37 +0000 (18:20 +0000)]
Add hw.setperf support for UltraSPARC-IIe support.
tested by miod@, matthieu@, naddy@, jsg@, djm@
marco [Mon, 11 Aug 2008 17:28:24 +0000 (17:28 +0000)]
Undo last commit; deraadt didn't like it.
marco [Mon, 11 Aug 2008 17:22:54 +0000 (17:22 +0000)]
Add infrastructure to manually kick off rebuilds.
tobias [Mon, 11 Aug 2008 17:17:53 +0000 (17:17 +0000)]
Prevent a buffer underrun if a line is received which only contains
(multiple) @.
ok millert, otto
tobias [Mon, 11 Aug 2008 17:15:56 +0000 (17:15 +0000)]
Use only safe functions in signal handlers.
ok millert, otto
reyk [Mon, 11 Aug 2008 08:24:41 +0000 (08:24 +0000)]
more goto fail on gettimeofday error
reyk [Mon, 11 Aug 2008 08:07:14 +0000 (08:07 +0000)]
better handling of HTTP POSTs or requests with Content-Length.
reyk [Mon, 11 Aug 2008 06:42:06 +0000 (06:42 +0000)]
add missing 'break' to read HTTP content correctly
mglocker [Mon, 11 Aug 2008 05:37:01 +0000 (05:37 +0000)]
Since we have ehci(4) isoc support now, don't demote USB2 uvideo(4)
devices to USB1, instead let them attach to ehci(4).
This may break a couple of the devices for the moment, but it's the way
we have to go finally.
miod [Sun, 10 Aug 2008 18:20:07 +0000 (18:20 +0000)]
Add support for the VAXstation 3[58][24]0 to the bootblocks, currently
limited to serial console. This is enough for a 3520 to mopboot and download
a kernel over NFS.
sobrado [Sun, 10 Aug 2008 17:40:10 +0000 (17:40 +0000)]
add missing ellipsis; spacing.
krw [Sun, 10 Aug 2008 15:52:50 +0000 (15:52 +0000)]
Fix other integer overflow vulnerability I introduced, this time in
DL_BLKOFFSET(). Pointed out by kettenis@ and deraadt@.
ok kettenis@
kettenis [Sun, 10 Aug 2008 14:13:05 +0000 (14:13 +0000)]
Use the STICK logic on UltraSPARC-IIe to generate clock interrupts.
kettenis [Sun, 10 Aug 2008 13:55:19 +0000 (13:55 +0000)]
Add hypervisor calls for the sun4v random number generator interface.
sobrado [Sun, 10 Aug 2008 13:39:09 +0000 (13:39 +0000)]
typo.
sobrado [Sun, 10 Aug 2008 13:00:25 +0000 (13:00 +0000)]
spacing; remove non-existent flag from synopsis.
krw [Sun, 10 Aug 2008 12:23:25 +0000 (12:23 +0000)]
'coordiates' -> 'coordinates' from Dawe via tech@.
krw [Sun, 10 Aug 2008 12:03:53 +0000 (12:03 +0000)]
'flus' -> 'flush', 'waitinf' -> 'waiting'. From Dawe via tech@.
sobrado [Sun, 10 Aug 2008 11:22:40 +0000 (11:22 +0000)]
add missing space.
ok krw@
mglocker [Sun, 10 Aug 2008 10:01:25 +0000 (10:01 +0000)]
Prepare for ehci:
- Remove GET_DEF request for negotation. It doesn't help, instead keep
breaking devices.
- On device close first switch back to default interface 0 before
abort/close the isoc pipe. This fixes IOERRORs on device re-open.
kettenis [Sun, 10 Aug 2008 09:59:55 +0000 (09:59 +0000)]
Don't assume the first LAPIC in the table corresponds to the boot processor.
Mark the processor we're running on as the boot processor instead.
ok marco@, art@
krw [Sun, 10 Aug 2008 02:03:06 +0000 (02:03 +0000)]
Shorten the lines of '?' output in edit mode. A couple were too
long (>76 chars) for the install script space on the CD jackets.
Requested by deraadt@.
brad [Sun, 10 Aug 2008 00:18:35 +0000 (00:18 +0000)]
Style fixes and use of tabs for the DRM bits.
ok oga@
mglocker [Sat, 9 Aug 2008 22:59:20 +0000 (22:59 +0000)]
Add isochronous xfer support for ehci(4). From NetBSD.
OK brad@
kettenis [Sat, 9 Aug 2008 21:06:05 +0000 (21:06 +0000)]
Add prom_set_sun4v_api_version().
brad [Sat, 9 Aug 2008 21:00:52 +0000 (21:00 +0000)]
MCP79 are also capable of Jumbo frames. Add the Jumbo support flag.
From: Linux forcedeth
kettenis [Sat, 9 Aug 2008 20:42:28 +0000 (20:42 +0000)]
Fix counting of shared (PCI) interrupts. Remove some useless debug code
and unused variables.
kettenis [Sat, 9 Aug 2008 19:20:07 +0000 (19:20 +0000)]
Prevent integer overflow in DL_BLKTOSEC().
ok krw@
miod [Sat, 9 Aug 2008 16:42:29 +0000 (16:42 +0000)]
Pass a device name to {tc,tcds,ioasic}_intr_establish in order to get
meaningful names associated to the interrupt counters.
miod [Sat, 9 Aug 2008 16:41:21 +0000 (16:41 +0000)]
Do not forget to set the ``specific EOI'' bit when sending a... specific EOI;
from NetBSD.
miod [Sat, 9 Aug 2008 16:31:23 +0000 (16:31 +0000)]
Regen
miod [Sat, 9 Aug 2008 16:31:06 +0000 (16:31 +0000)]
Add the fr-dvorak-be'po layout as fr.dvorak for ps/2 and usb keyboards.
This is only the simplified layout, which is final; the complete layout with
extra symbols is still being discussed.
thib [Sat, 9 Aug 2008 11:25:05 +0000 (11:25 +0000)]
turn an MFREE() into an m_free() and garbage collect an
unused mbuf pointer.
OK claudio@
thib [Sat, 9 Aug 2008 10:14:02 +0000 (10:14 +0000)]
o nfs_vinvalbuf() is always called with the intrflag as 1, and then
checks if the mount is actually interrutable, and if not sets it 0.
remove this argument from nfs_vinvalbuf and just do the checking inside
the function.
o give nfs_vinvalbuf() a makeover so it looks nice. (spacing, casts, &c);
o Actually pass PCATCH too tsleep() if the mount it interrutable.
ok art@, blambert@
mglocker [Sat, 9 Aug 2008 08:42:03 +0000 (08:42 +0000)]
Revert last commit, it doesn't always help, we need to find another
solution.
mglocker [Sat, 9 Aug 2008 07:57:48 +0000 (07:57 +0000)]
Prepare for ehci: If GET_DEF request has failed, wait a moment before
issuing GET_CUR. Makes my NX6000 attach on ehci.
krw [Fri, 8 Aug 2008 23:49:53 +0000 (23:49 +0000)]
Admit b_blkno means block number; a block is DEV_BSIZE (a.k.a.
512) bytes; ffs is inextricably tied to using b_blkno and disklabel
always uses sectorsize units.
Thus use DEV_BSIZE units for all fields describing ffs filesystems
and convert to/from sectors where required. This enables the creation
and use of ffs filesystems on non-512 byte sectorsize devices.
This diff allows i386 and sgi (the two test platforms) to find
disklabels that are not on a sectorsize boundary. Same change to
further archs coming.
This is a no-op on 512-byte sectorsize devices.
This work triggered by jsing@'s need to create ffs filesystems on
sgi cdroms so we can create cdrom install media for sgi.
sgi testing by jsing@
ok jsing@ pedro@ "looks sane" beck@ weingart@
reyk [Fri, 8 Aug 2008 22:49:33 +0000 (22:49 +0000)]
add a variable $SERVER_NAME which is "OpenBSD relayd" by default.
sobrado [Fri, 8 Aug 2008 21:48:19 +0000 (21:48 +0000)]
documentation tweaks.
ok jmc@, matthieu@
thib [Fri, 8 Aug 2008 21:44:44 +0000 (21:44 +0000)]
o sync comment with reality, we have never malloc()'ed filehandles
and the dead code that was supposed todo that has been removed.
o rename the NFS_SMALLFH constant to NFS_MAXFHSIZE, since it better
reflects what it's for.
ok blambert@
blambert [Fri, 8 Aug 2008 20:44:38 +0000 (20:44 +0000)]
After beck@ changed the way nfsiod's are notified of work, the
nfs_iodwant array became unused. Garbage collect and free up
a few bytes.
ok thib@
blambert [Fri, 8 Aug 2008 20:40:24 +0000 (20:40 +0000)]
Remove code for variable-sized allocations of NFS filehandles by malloc(),
as it was never used because there were 64-bit buffers already allocated
for filehandles in nfsnode structs.
ok thib@
reyk [Fri, 8 Aug 2008 20:34:30 +0000 (20:34 +0000)]
chunked encoding may include empty lines at random places, do not
abort the session if we get an empty line except of the expected chunk
header.
matthieu [Fri, 8 Aug 2008 20:07:49 +0000 (20:07 +0000)]
Small step towards fixing documentation:
- sync usage() with reality. Remove the -h option that does nothing.
- don't complain about kvm_openfiles() error in case of incorrect usage.
- add basic descriptions of the new options and views in the manual
page. More is needed...
with help from jmc@ and sobrado@. ok sobrado@.
thib [Fri, 8 Aug 2008 19:49:09 +0000 (19:49 +0000)]
remove an if notyet block from sys_fstatfs(), that will never be needed,
softupdates are reported too statfs via other means. missed this block
in in rev1.148 where the same block was removed from sys_statfs().
reyk [Fri, 8 Aug 2008 19:13:24 +0000 (19:13 +0000)]
fix possible memleaks in chunked encoding handler
reyk [Fri, 8 Aug 2008 18:56:05 +0000 (18:56 +0000)]
only dump all protocol nodes with DEBUG > 1.
reyk [Fri, 8 Aug 2008 18:38:14 +0000 (18:38 +0000)]
Support HTTP responses that neither specify a Content-Length header
nor chunked encoding. We don't know the length of the HTTP body in
this case, so it only works for single-pass HTTP responses without
subsequent HTTP response headers in the stream. You can still enforce
the Content-Length header with an "expect" rule.
For example, this fixes response handling from undeadly.org (thttpd)
if relayd is running as a transparent HTTP proxy.
bluhm [Fri, 8 Aug 2008 17:49:21 +0000 (17:49 +0000)]
Do not latch the IPSec tdb to the inpcb unconditionally. This has
been moved to the protocol layer from ip_output at 2002/05/31. The
IPv6 part has been forgotten so packets could get encrypted
unintentionally.
ok hshoexer markus
jsing [Fri, 8 Aug 2008 17:12:37 +0000 (17:12 +0000)]
Wrap long lines and remove useless comment.
thib [Fri, 8 Aug 2008 16:17:38 +0000 (16:17 +0000)]
use cgbase() instead of doing arthmetic on fs_fpg when calculating
block# too ensure proper casting.
From FreeBSD;
ok miod@, pedro@, blambert@
damien [Fri, 8 Aug 2008 16:08:22 +0000 (16:08 +0000)]
sync
jsing [Fri, 8 Aug 2008 16:07:41 +0000 (16:07 +0000)]
Make sgivol use the sgilabel struct from machine/disklabel.h, rather than
declaring another.
ok miod@
damien [Fri, 8 Aug 2008 16:07:18 +0000 (16:07 +0000)]
PCI IDs for Intel WiFi Link 5000 series (5100, 5300, 5350).
damien [Fri, 8 Aug 2008 15:57:41 +0000 (15:57 +0000)]
add Longshine LCS-8031N to the list of supported devices (RT2860).
from Fabian (bsdlist at gmx dot net)
thib [Fri, 8 Aug 2008 12:20:24 +0000 (12:20 +0000)]
if we fail to extract the mbuf in the Rx routine, increment
the if_ierrors before bailing out;
Turn a printf() that fires in this case too a DPRINTF since we
the interface error counters now reflect this.
OK mglocker@
reyk [Fri, 8 Aug 2008 11:10:31 +0000 (11:10 +0000)]
sync
reyk [Fri, 8 Aug 2008 11:10:06 +0000 (11:10 +0000)]
add eMPIA Technology EeePC 701 camera (currently unsupported uvideo(4)
device)
thib [Fri, 8 Aug 2008 09:02:25 +0000 (09:02 +0000)]
spacing + wrap a line at 79chars.
thib [Fri, 8 Aug 2008 08:54:08 +0000 (08:54 +0000)]
plug an mbuf leak in m_pullup2(); If we fail to get a cluster for an mbuf,
free the mbuf before bailing out.
ok claudio@
thib [Fri, 8 Aug 2008 08:51:21 +0000 (08:51 +0000)]
Check gettimeofday() against -1; Add a missing error check in one place.
OK reyk@
sobrado [Fri, 8 Aug 2008 08:22:42 +0000 (08:22 +0000)]
add a description for the options of fgen;
remove superfluous comments from the roff source code.
improvements by jmc@ and matthieu@.
ok jmc@, matthieu@
fgsch [Fri, 8 Aug 2008 07:26:40 +0000 (07:26 +0000)]
o use definitions from cd.h
o remove unused function prototype
krw [Fri, 8 Aug 2008 01:05:20 +0000 (01:05 +0000)]
'prey' -> 'pray' in comment as prayer rather than predation seems
the intended meaning.