From owner-svn-src-user@FreeBSD.ORG Thu Dec 24 17:06:55 2009 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8C277106566B; Thu, 24 Dec 2009 17:06:55 +0000 (UTC) (envelope-from luigi@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 782618FC19; Thu, 24 Dec 2009 17:06:55 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id nBOH6tUN036090; Thu, 24 Dec 2009 17:06:55 GMT (envelope-from luigi@svn.freebsd.org) Received: (from luigi@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id nBOH6tV2036062; Thu, 24 Dec 2009 17:06:55 GMT (envelope-from luigi@svn.freebsd.org) Message-Id: <200912241706.nBOH6tV2036062@svn.freebsd.org> From: Luigi Rizzo Date: Thu, 24 Dec 2009 17:06:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-user@freebsd.org X-SVN-Group: user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r200949 - in user/luigi/ipfw3-head: bin/pax bin/sh contrib/pf/man contrib/pf/pfctl contrib/top etc include lib/libc/stdio lib/libc/stdtime lib/libpmc lib/libstand release sbin/dumpfs sb... X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Dec 2009 17:06:55 -0000 Author: luigi Date: Thu Dec 24 17:06:54 2009 New Revision: 200949 URL: http://svn.freebsd.org/changeset/base/200949 Log: merge from head up to rev 200946 Added: user/luigi/ipfw3-head/lib/libpmc/pmc.xscale.3 - copied unchanged from r200946, head/lib/libpmc/pmc.xscale.3 user/luigi/ipfw3-head/sys/dev/hwpmc/hwpmc_xscale.c - copied unchanged from r200946, head/sys/dev/hwpmc/hwpmc_xscale.c user/luigi/ipfw3-head/sys/dev/hwpmc/hwpmc_xscale.h - copied unchanged from r200946, head/sys/dev/hwpmc/hwpmc_xscale.h user/luigi/ipfw3-head/tools/regression/acltools/02.t - copied unchanged from r200946, head/tools/regression/acltools/02.t user/luigi/ipfw3-head/tools/tools/notescheck/ - copied from r200946, head/tools/tools/notescheck/ Modified: user/luigi/ipfw3-head/bin/pax/sel_subs.c user/luigi/ipfw3-head/bin/sh/main.c user/luigi/ipfw3-head/bin/sh/var.c user/luigi/ipfw3-head/contrib/pf/man/pf.conf.5 user/luigi/ipfw3-head/contrib/pf/pfctl/parse.y user/luigi/ipfw3-head/contrib/pf/pfctl/pf_print_state.c user/luigi/ipfw3-head/contrib/pf/pfctl/pfctl_parser.c user/luigi/ipfw3-head/etc/rc.subr user/luigi/ipfw3-head/include/signal.h user/luigi/ipfw3-head/lib/libc/stdio/sprintf.c user/luigi/ipfw3-head/lib/libc/stdio/sscanf.c user/luigi/ipfw3-head/lib/libc/stdio/vsscanf.c user/luigi/ipfw3-head/lib/libc/stdtime/localtime.c user/luigi/ipfw3-head/lib/libc/stdtime/tzfile.5 user/luigi/ipfw3-head/lib/libpmc/Makefile user/luigi/ipfw3-head/lib/libpmc/libpmc.c user/luigi/ipfw3-head/lib/libstand/bzipfs.c user/luigi/ipfw3-head/lib/libstand/gzipfs.c user/luigi/ipfw3-head/release/Makefile user/luigi/ipfw3-head/sbin/dumpfs/dumpfs.c user/luigi/ipfw3-head/sbin/mount/mntopts.h user/luigi/ipfw3-head/sbin/mount/mount.8 user/luigi/ipfw3-head/sbin/mount/mount.c user/luigi/ipfw3-head/sbin/tunefs/tunefs.8 user/luigi/ipfw3-head/sbin/tunefs/tunefs.c user/luigi/ipfw3-head/share/examples/etc/make.conf user/luigi/ipfw3-head/share/man/man4/watchdog.4 user/luigi/ipfw3-head/share/man/man9/Makefile user/luigi/ipfw3-head/share/man/man9/usbdi.9 user/luigi/ipfw3-head/share/zoneinfo/asia user/luigi/ipfw3-head/share/zoneinfo/europe user/luigi/ipfw3-head/share/zoneinfo/zone.tab user/luigi/ipfw3-head/sys/arm/conf/AVILA user/luigi/ipfw3-head/sys/arm/conf/CAMBRIA user/luigi/ipfw3-head/sys/arm/include/pmc_mdep.h user/luigi/ipfw3-head/sys/arm/xscale/ixp425/files.ixp425 user/luigi/ipfw3-head/sys/boot/common/dev_net.c user/luigi/ipfw3-head/sys/boot/i386/Makefile user/luigi/ipfw3-head/sys/boot/pc98/kgzldr/crt.s user/luigi/ipfw3-head/sys/boot/sparc64/loader/main.c user/luigi/ipfw3-head/sys/conf/files.arm user/luigi/ipfw3-head/sys/conf/files.sun4v user/luigi/ipfw3-head/sys/contrib/pf/net/if_pfsync.c user/luigi/ipfw3-head/sys/contrib/pf/net/if_pfsync.h user/luigi/ipfw3-head/sys/contrib/pf/net/pf.c user/luigi/ipfw3-head/sys/contrib/pf/net/pfvar.h user/luigi/ipfw3-head/sys/dev/ahci/ahci.c user/luigi/ipfw3-head/sys/dev/ata/ata-pci.h user/luigi/ipfw3-head/sys/dev/ata/chipsets/ata-amd.c user/luigi/ipfw3-head/sys/dev/ata/chipsets/ata-intel.c user/luigi/ipfw3-head/sys/dev/auxio/auxio.c user/luigi/ipfw3-head/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_cm.c user/luigi/ipfw3-head/sys/dev/hwpmc/hwpmc_arm.c user/luigi/ipfw3-head/sys/dev/hwpmc/pmc_events.h user/luigi/ipfw3-head/sys/dev/if_ndis/if_ndis_usb.c user/luigi/ipfw3-head/sys/dev/mxge/if_mxge.c user/luigi/ipfw3-head/sys/dev/sound/usb/uaudio.c user/luigi/ipfw3-head/sys/dev/ste/if_ste.c user/luigi/ipfw3-head/sys/dev/ste/if_stereg.h user/luigi/ipfw3-head/sys/dev/uart/uart_bus_acpi.c user/luigi/ipfw3-head/sys/dev/uart/uart_bus_ebus.c user/luigi/ipfw3-head/sys/dev/uart/uart_cpu_sparc64.c user/luigi/ipfw3-head/sys/dev/usb/controller/ehci_pci.c user/luigi/ipfw3-head/sys/dev/usb/controller/ohci_pci.c user/luigi/ipfw3-head/sys/dev/usb/quirk/usb_quirk.c user/luigi/ipfw3-head/sys/dev/usb/quirk/usb_quirk.h user/luigi/ipfw3-head/sys/dev/usb/serial/uftdi.c user/luigi/ipfw3-head/sys/dev/usb/storage/umass.c user/luigi/ipfw3-head/sys/dev/usb/usbdevs user/luigi/ipfw3-head/sys/geom/concat/g_concat.c user/luigi/ipfw3-head/sys/geom/geom_dev.c user/luigi/ipfw3-head/sys/geom/mirror/g_mirror.c user/luigi/ipfw3-head/sys/geom/raid3/g_raid3.c user/luigi/ipfw3-head/sys/geom/raid3/g_raid3.h user/luigi/ipfw3-head/sys/geom/stripe/g_stripe.c user/luigi/ipfw3-head/sys/ia64/ia64/clock.c user/luigi/ipfw3-head/sys/ia64/ia64/machdep.c user/luigi/ipfw3-head/sys/ia64/include/clock.h user/luigi/ipfw3-head/sys/ia64/include/mca.h user/luigi/ipfw3-head/sys/ia64/include/md_var.h user/luigi/ipfw3-head/sys/kern/vfs_subr.c user/luigi/ipfw3-head/sys/net/if_var.h user/luigi/ipfw3-head/sys/net/netisr.c user/luigi/ipfw3-head/sys/netinet/ip_fw.h user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_log.c user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_nat.c user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw_sockopt.c user/luigi/ipfw3-head/sys/netinet/tcp.h user/luigi/ipfw3-head/sys/netinet/tcp_usrreq.c user/luigi/ipfw3-head/sys/netinet6/mld6.c user/luigi/ipfw3-head/sys/netinet6/mld6_var.h user/luigi/ipfw3-head/sys/sparc64/central/central.c user/luigi/ipfw3-head/sys/sparc64/ebus/ebus.c user/luigi/ipfw3-head/sys/sparc64/fhc/fhc.c user/luigi/ipfw3-head/sys/sparc64/include/bus_common.h user/luigi/ipfw3-head/sys/sparc64/include/iommureg.h user/luigi/ipfw3-head/sys/sparc64/include/iommuvar.h user/luigi/ipfw3-head/sys/sparc64/isa/ofw_isa.c user/luigi/ipfw3-head/sys/sparc64/pci/apb.c user/luigi/ipfw3-head/sys/sparc64/pci/ofw_pci.h user/luigi/ipfw3-head/sys/sparc64/pci/ofw_pcib.c user/luigi/ipfw3-head/sys/sparc64/pci/ofw_pcibus.c user/luigi/ipfw3-head/sys/sparc64/sbus/dma_sbus.c user/luigi/ipfw3-head/sys/sparc64/sbus/sbus.c user/luigi/ipfw3-head/sys/sparc64/sparc64/identcpu.c user/luigi/ipfw3-head/sys/sparc64/sparc64/interrupt.S user/luigi/ipfw3-head/sys/sparc64/sparc64/intr_machdep.c user/luigi/ipfw3-head/sys/sparc64/sparc64/iommu.c user/luigi/ipfw3-head/sys/sparc64/sparc64/nexus.c user/luigi/ipfw3-head/sys/sparc64/sparc64/ofw_machdep.c user/luigi/ipfw3-head/sys/sparc64/sparc64/rtc.c user/luigi/ipfw3-head/sys/sparc64/sparc64/upa.c user/luigi/ipfw3-head/sys/sun4v/conf/NOTES user/luigi/ipfw3-head/sys/sys/acl.h user/luigi/ipfw3-head/sys/sys/disk.h user/luigi/ipfw3-head/sys/sys/mount.h user/luigi/ipfw3-head/sys/sys/vnode.h user/luigi/ipfw3-head/sys/ufs/ffs/ffs_rawread.c user/luigi/ipfw3-head/sys/ufs/ffs/ffs_vfsops.c user/luigi/ipfw3-head/sys/ufs/ffs/fs.h user/luigi/ipfw3-head/sys/ufs/ufs/acl.h user/luigi/ipfw3-head/sys/ufs/ufs/ufs_acl.c user/luigi/ipfw3-head/sys/ufs/ufs/ufs_lookup.c user/luigi/ipfw3-head/sys/ufs/ufs/ufs_vnops.c user/luigi/ipfw3-head/sys/vm/vm_object.c user/luigi/ipfw3-head/sys/vm/vm_object.h user/luigi/ipfw3-head/tools/tools/README user/luigi/ipfw3-head/usr.bin/finger/finger.c user/luigi/ipfw3-head/usr.bin/sockstat/sockstat.1 user/luigi/ipfw3-head/usr.bin/truss/amd64-fbsd32.c user/luigi/ipfw3-head/usr.bin/truss/i386-fbsd.c user/luigi/ipfw3-head/usr.bin/truss/syscalls.c user/luigi/ipfw3-head/usr.bin/unzip/unzip.c user/luigi/ipfw3-head/usr.sbin/apm/apm.8 user/luigi/ipfw3-head/usr.sbin/apm/apm.c user/luigi/ipfw3-head/usr.sbin/burncd/burncd.8 user/luigi/ipfw3-head/usr.sbin/burncd/burncd.c user/luigi/ipfw3-head/usr.sbin/newsyslog/newsyslog.c user/luigi/ipfw3-head/usr.sbin/powerd/powerd.8 user/luigi/ipfw3-head/usr.sbin/service/service.8 user/luigi/ipfw3-head/usr.sbin/service/service.sh user/luigi/ipfw3-head/usr.sbin/watchdogd/watchdogd.c user/luigi/ipfw3-head/usr.sbin/zic/Theory Directory Properties: user/luigi/ipfw3-head/ (props changed) user/luigi/ipfw3-head/cddl/contrib/opensolaris/ (props changed) user/luigi/ipfw3-head/contrib/bind9/ (props changed) user/luigi/ipfw3-head/contrib/cpio/ (props changed) user/luigi/ipfw3-head/contrib/csup/ (props changed) user/luigi/ipfw3-head/contrib/ee/ (props changed) user/luigi/ipfw3-head/contrib/expat/ (props changed) user/luigi/ipfw3-head/contrib/file/ (props changed) user/luigi/ipfw3-head/contrib/gdb/ (props changed) user/luigi/ipfw3-head/contrib/gdtoa/ (props changed) user/luigi/ipfw3-head/contrib/less/ (props changed) user/luigi/ipfw3-head/contrib/libpcap/ (props changed) user/luigi/ipfw3-head/contrib/ncurses/ (props changed) user/luigi/ipfw3-head/contrib/netcat/ (props changed) user/luigi/ipfw3-head/contrib/ntp/ (props changed) user/luigi/ipfw3-head/contrib/openbsm/ (props changed) user/luigi/ipfw3-head/contrib/openpam/ (props changed) user/luigi/ipfw3-head/contrib/pf/ (props changed) user/luigi/ipfw3-head/contrib/sendmail/ (props changed) user/luigi/ipfw3-head/contrib/tcpdump/ (props changed) user/luigi/ipfw3-head/contrib/tcsh/ (props changed) user/luigi/ipfw3-head/contrib/top/ (props changed) user/luigi/ipfw3-head/contrib/top/install-sh (props changed) user/luigi/ipfw3-head/contrib/wpa/ (props changed) user/luigi/ipfw3-head/crypto/openssh/ (props changed) user/luigi/ipfw3-head/crypto/openssl/ (props changed) user/luigi/ipfw3-head/lib/libc/ (props changed) user/luigi/ipfw3-head/lib/libc/stdtime/ (props changed) user/luigi/ipfw3-head/lib/libutil/ (props changed) user/luigi/ipfw3-head/sbin/ (props changed) user/luigi/ipfw3-head/sbin/ipfw/ (props changed) user/luigi/ipfw3-head/share/zoneinfo/ (props changed) user/luigi/ipfw3-head/sys/ (props changed) user/luigi/ipfw3-head/sys/amd64/include/xen/ (props changed) user/luigi/ipfw3-head/sys/cddl/contrib/opensolaris/ (props changed) user/luigi/ipfw3-head/sys/contrib/dev/acpica/ (props changed) user/luigi/ipfw3-head/sys/contrib/pf/ (props changed) user/luigi/ipfw3-head/sys/dev/xen/xenpci/ (props changed) user/luigi/ipfw3-head/usr.bin/csup/ (props changed) user/luigi/ipfw3-head/usr.bin/procstat/ (props changed) user/luigi/ipfw3-head/usr.sbin/zic/ (props changed) Modified: user/luigi/ipfw3-head/bin/pax/sel_subs.c ============================================================================== --- user/luigi/ipfw3-head/bin/pax/sel_subs.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/bin/pax/sel_subs.c Thu Dec 24 17:06:54 2009 (r200949) @@ -396,6 +396,7 @@ trng_add(char *str) default: paxwarn(1, "Bad option %c with time range %s", *flgpt, str); + free(pt); goto out; } ++flgpt; Modified: user/luigi/ipfw3-head/bin/sh/main.c ============================================================================== --- user/luigi/ipfw3-head/bin/sh/main.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/bin/sh/main.c Thu Dec 24 17:06:54 2009 (r200949) @@ -315,7 +315,6 @@ find_dot_file(char *basename) int dotcmd(int argc, char **argv) { - struct strlist *sp; char *fullname; if (argc < 2) @@ -323,9 +322,6 @@ dotcmd(int argc, char **argv) exitstatus = 0; - for (sp = cmdenviron; sp ; sp = sp->next) - setvareq(savestr(sp->text), VSTRFIXED|VTEXTFIXED); - fullname = find_dot_file(argv[1]); setinputfile(fullname, 1); commandname = fullname; Modified: user/luigi/ipfw3-head/bin/sh/var.c ============================================================================== --- user/luigi/ipfw3-head/bin/sh/var.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/bin/sh/var.c Thu Dec 24 17:06:54 2009 (r200949) @@ -607,7 +607,6 @@ exportcmd(int argc, char **argv) if (values && argc != 0) error("-p requires no arguments"); - listsetvar(cmdenviron); if (argc != 0) { while ((name = *argv++) != NULL) { if ((p = strchr(name, '=')) != NULL) { Modified: user/luigi/ipfw3-head/contrib/pf/man/pf.conf.5 ============================================================================== --- user/luigi/ipfw3-head/contrib/pf/man/pf.conf.5 Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/contrib/pf/man/pf.conf.5 Thu Dec 24 17:06:54 2009 (r200949) @@ -28,7 +28,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 30, 2006 +.Dd June 10, 2008 .Dt PF.CONF 5 .Os .Sh NAME @@ -2059,6 +2059,13 @@ Changes the timeout values used for stat For a list of all valid timeout names, see .Sx OPTIONS above. +.It Ar sloppy +Uses a sloppy TCP connection tracker that does not check sequence +numbers at all, which makes insertion and ICMP teardown attacks way +easier. +This is intended to be used in situations where one does not see all +packets of a connection, i.e. in asymmetric routing situations. +Cannot be used with modulate or synproxy state. .El .Pp Multiple options can be specified, separated by commas: @@ -2923,7 +2930,7 @@ tos = "tos" ( "lowdelay" | "t [ "0x" ] number ) state-opts = state-opt [ [ "," ] state-opts ] -state-opt = ( "max" number | "no-sync" | timeout | +state-opt = ( "max" number | "no-sync" | timeout | sloppy | "source-track" [ ( "rule" | "global" ) ] | "max-src-nodes" number | "max-src-states" number | "max-src-conn" number | Modified: user/luigi/ipfw3-head/contrib/pf/pfctl/parse.y ============================================================================== --- user/luigi/ipfw3-head/contrib/pf/pfctl/parse.y Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/contrib/pf/pfctl/parse.y Thu Dec 24 17:06:54 2009 (r200949) @@ -128,7 +128,7 @@ enum { PF_STATE_OPT_MAX, PF_STATE_OPT_NO PF_STATE_OPT_MAX_SRC_STATES, PF_STATE_OPT_MAX_SRC_CONN, PF_STATE_OPT_MAX_SRC_CONN_RATE, PF_STATE_OPT_MAX_SRC_NODES, PF_STATE_OPT_OVERLOAD, PF_STATE_OPT_STATELOCK, - PF_STATE_OPT_TIMEOUT }; + PF_STATE_OPT_TIMEOUT, PF_STATE_OPT_SLOPPY }; enum { PF_SRCTRACK_NONE, PF_SRCTRACK, PF_SRCTRACK_GLOBAL, PF_SRCTRACK_RULE }; @@ -423,7 +423,7 @@ typedef struct { %token QUEUE PRIORITY QLIMIT RTABLE %token LOAD RULESET_OPTIMIZATION %token STICKYADDRESS MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE -%token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH +%token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH SLOPPY %token TAGGED TAG IFBOUND FLOATING STATEPOLICY ROUTE %token STRING %token PORTBINARY @@ -1891,6 +1891,14 @@ pfrule : action dir logquick interface statelock = 1; r.rule_flag |= o->data.statelock; break; + case PF_STATE_OPT_SLOPPY: + if (r.rule_flag & PFRULE_STATESLOPPY) { + yyerror("state sloppy option: " + "multiple definitions"); + YYERROR; + } + r.rule_flag |= PFRULE_STATESLOPPY; + break; case PF_STATE_OPT_TIMEOUT: if (o->data.timeout.number == PFTM_ADAPTIVE_START || @@ -3216,6 +3224,14 @@ state_opt_item : MAXIMUM number { $$->next = NULL; $$->tail = $$; } + | SLOPPY { + $$ = calloc(1, sizeof(struct node_state_opt)); + if ($$ == NULL) + err(1, "state_opt_item: calloc"); + $$->type = PF_STATE_OPT_SLOPPY; + $$->next = NULL; + $$->tail = $$; + } | STRING number { int i; @@ -4101,6 +4117,13 @@ filter_consistent(struct pf_rule *r, int yyerror("keep state on block rules doesn't make sense"); problems++; } + if (r->rule_flag & PFRULE_STATESLOPPY && + (r->keep_state == PF_STATE_MODULATE || + r->keep_state == PF_STATE_SYNPROXY)) { + yyerror("sloppy state matching cannot be used with " + "synproxy state or modulate state"); + problems++; + } return (-problems); } @@ -4969,6 +4992,7 @@ lookup(char *s) { "scrub", SCRUB}, { "set", SET}, { "skip", SKIP}, + { "sloppy", SLOPPY}, { "source-hash", SOURCEHASH}, { "source-track", SOURCETRACK}, { "state", STATE}, Modified: user/luigi/ipfw3-head/contrib/pf/pfctl/pf_print_state.c ============================================================================== --- user/luigi/ipfw3-head/contrib/pf/pfctl/pf_print_state.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/contrib/pf/pfctl/pf_print_state.c Thu Dec 24 17:06:54 2009 (r200949) @@ -294,6 +294,8 @@ print_state(struct pf_state *s, int opts printf(", anchor %u", s->anchor.nr); if (s->rule.nr != -1) printf(", rule %u", s->rule.nr); + if (s->state_flags & PFSTATE_SLOPPY) + printf(", sloppy"); if (s->src_node != NULL) printf(", source-track"); if (s->nat_src_node != NULL) Modified: user/luigi/ipfw3-head/contrib/pf/pfctl/pfctl_parser.c ============================================================================== --- user/luigi/ipfw3-head/contrib/pf/pfctl/pfctl_parser.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/contrib/pf/pfctl/pfctl_parser.c Thu Dec 24 17:06:54 2009 (r200949) @@ -873,6 +873,8 @@ print_rule(struct pf_rule *r, const char opts = 1; if (r->rule_flag & PFRULE_IFBOUND) opts = 1; + if (r->rule_flag & PFRULE_STATESLOPPY) + opts = 1; for (i = 0; !opts && i < PFTM_MAX; ++i) if (r->timeout[i]) opts = 1; @@ -939,6 +941,12 @@ print_rule(struct pf_rule *r, const char printf("if-bound"); opts = 0; } + if (r->rule_flag & PFRULE_STATESLOPPY) { + if (!opts) + printf(", "); + printf("sloppy"); + opts = 0; + } for (i = 0; i < PFTM_MAX; ++i) if (r->timeout[i]) { int j; Modified: user/luigi/ipfw3-head/etc/rc.subr ============================================================================== --- user/luigi/ipfw3-head/etc/rc.subr Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/etc/rc.subr Thu Dec 24 17:06:54 2009 (r200949) @@ -390,7 +390,7 @@ wait_for_pids() _list=$_nlist echo -n ${_prefix:-"Waiting for PIDS: "}$_list _prefix=", " - sleep 2 + pwait $_list 2>/dev/null || sleep 2 done if [ -n "$_prefix" ]; then echo "." Modified: user/luigi/ipfw3-head/include/signal.h ============================================================================== --- user/luigi/ipfw3-head/include/signal.h Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/include/signal.h Thu Dec 24 17:06:54 2009 (r200949) @@ -99,12 +99,12 @@ int sigwaitinfo(const sigset_t * __restr #if __XSI_VISIBLE int killpg(__pid_t, int); int sigaltstack(const stack_t * __restrict, stack_t * __restrict); -int sighold(int sig); -int sigignore(int sig); -int sigpause(int sigmask); -int sigrelse(int sig); -void (*sigset(int sig, void (*disp)(int)))(int); -int xsi_sigpause(int sig); +int sighold(int); +int sigignore(int); +int sigpause(int); +int sigrelse(int); +void (*sigset(int, void (*)(int)))(int); +int xsi_sigpause(int); #endif #if __XSI_VISIBLE >= 600 Modified: user/luigi/ipfw3-head/lib/libc/stdio/sprintf.c ============================================================================== --- user/luigi/ipfw3-head/lib/libc/stdio/sprintf.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/lib/libc/stdio/sprintf.c Thu Dec 24 17:06:54 2009 (r200949) @@ -46,17 +46,9 @@ sprintf(char * __restrict str, char cons { int ret; va_list ap; - FILE f; - f._file = -1; - f._flags = __SWR | __SSTR; - f._bf._base = f._p = (unsigned char *)str; - f._bf._size = f._w = INT_MAX; - f._orientation = 0; - memset(&f._mbstate, 0, sizeof(mbstate_t)); va_start(ap, fmt); - ret = __vfprintf(&f, fmt, ap); + ret = vsprintf(str, fmt, ap); va_end(ap); - *f._p = 0; return (ret); } Modified: user/luigi/ipfw3-head/lib/libc/stdio/sscanf.c ============================================================================== --- user/luigi/ipfw3-head/lib/libc/stdio/sscanf.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/lib/libc/stdio/sscanf.c Thu Dec 24 17:06:54 2009 (r200949) @@ -41,37 +41,14 @@ __FBSDID("$FreeBSD$"); #include #include "local.h" -static int eofread(void *, char *, int); - -/* ARGSUSED */ -static int -eofread(cookie, buf, len) - void *cookie; - char *buf; - int len; -{ - - return (0); -} - int sscanf(const char * __restrict str, char const * __restrict fmt, ...) { int ret; va_list ap; - FILE f; - f._file = -1; - f._flags = __SRD; - f._bf._base = f._p = (unsigned char *)str; - f._bf._size = f._r = strlen(str); - f._read = eofread; - f._ub._base = NULL; - f._lb._base = NULL; - f._orientation = 0; - memset(&f._mbstate, 0, sizeof(mbstate_t)); va_start(ap, fmt); - ret = __svfscanf(&f, fmt, ap); + ret = vsscanf(str, fmt, ap); va_end(ap); return (ret); } Modified: user/luigi/ipfw3-head/lib/libc/stdio/vsscanf.c ============================================================================== --- user/luigi/ipfw3-head/lib/libc/stdio/vsscanf.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/lib/libc/stdio/vsscanf.c Thu Dec 24 17:06:54 2009 (r200949) @@ -45,20 +45,15 @@ eofread(void *, char *, int); /* ARGSUSED */ static int -eofread(cookie, buf, len) - void *cookie; - char *buf; - int len; +eofread(void *cookie, char *buf, int len) { return (0); } int -vsscanf(str, fmt, ap) - const char * __restrict str; - const char * __restrict fmt; - __va_list ap; +vsscanf(const char * __restrict str, const char * __restrict fmt, + __va_list ap) { FILE f; Modified: user/luigi/ipfw3-head/lib/libc/stdtime/localtime.c ============================================================================== --- user/luigi/ipfw3-head/lib/libc/stdtime/localtime.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/lib/libc/stdtime/localtime.c Thu Dec 24 17:06:54 2009 (r200949) @@ -237,6 +237,9 @@ static char lcl_TZname[TZ_STRLEN_MAX + static int lcl_is_set; static pthread_once_t gmt_once = PTHREAD_ONCE_INIT; static pthread_rwlock_t lcl_rwlock = PTHREAD_RWLOCK_INITIALIZER; +static pthread_once_t localtime_once = PTHREAD_ONCE_INIT; +static pthread_key_t localtime_key; +static int localtime_key_error; char * tzname[2] = { wildabbr, @@ -1406,27 +1409,24 @@ struct tm * const tmp; return result; } +static void +localtime_key_init(void) +{ + + localtime_key_error = _pthread_key_create(&localtime_key, free); +} + struct tm * localtime(timep) const time_t * const timep; { - static pthread_mutex_t localtime_mutex = PTHREAD_MUTEX_INITIALIZER; - static pthread_key_t localtime_key = -1; struct tm *p_tm; - int r; if (__isthreaded != 0) { - if (localtime_key < 0) { - _pthread_mutex_lock(&localtime_mutex); - if (localtime_key < 0) { - if ((r = _pthread_key_create(&localtime_key, - free)) != 0) { - _pthread_mutex_unlock(&localtime_mutex); - errno = r; - return(NULL); - } - } - _pthread_mutex_unlock(&localtime_mutex); + _once(&localtime_once, localtime_key_init); + if (localtime_key_error != 0) { + errno = localtime_key_error; + return(NULL); } p_tm = _pthread_getspecific(localtime_key); if (p_tm == NULL) { Modified: user/luigi/ipfw3-head/lib/libc/stdtime/tzfile.5 ============================================================================== --- user/luigi/ipfw3-head/lib/libc/stdtime/tzfile.5 Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/lib/libc/stdtime/tzfile.5 Thu Dec 24 17:06:54 2009 (r200949) @@ -147,6 +147,6 @@ such instants). .Xr ctime 3 , .Xr time2posix 3 , .Xr zic 8 -.\" @(#)tzfile.5 8.2 +.\" @(#)tzfile.5 8.3 .\" This file is in the public domain, so clarified as of .\" 1996-06-05 by Arthur David Olson. Modified: user/luigi/ipfw3-head/lib/libpmc/Makefile ============================================================================== --- user/luigi/ipfw3-head/lib/libpmc/Makefile Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/lib/libpmc/Makefile Thu Dec 24 17:06:54 2009 (r200949) @@ -35,6 +35,8 @@ MAN+= pmc.p4.3 MAN+= pmc.p5.3 MAN+= pmc.p6.3 MAN+= pmc.tsc.3 +.elif ${MACHINE_ARCH} == "arm" && ${CPUTYPE} == "xscale" +MAN+= pmc.xscale.3 .endif MLINKS+= \ Modified: user/luigi/ipfw3-head/lib/libpmc/libpmc.c ============================================================================== --- user/luigi/ipfw3-head/lib/libpmc/libpmc.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/lib/libpmc/libpmc.c Thu Dec 24 17:06:54 2009 (r200949) @@ -69,6 +69,10 @@ static int p6_allocate_pmc(enum pmc_even static int tsc_allocate_pmc(enum pmc_event _pe, char *_ctrspec, struct pmc_op_pmcallocate *_pmc_config); #endif +#if defined(__XSCALE__) +static int xscale_allocate_pmc(enum pmc_event _pe, char *_ctrspec, + struct pmc_op_pmcallocate *_pmc_config); +#endif #define PMC_CALL(cmd, params) \ syscall(pmc_syscall, PMC_OP_##cmd, (params)) @@ -132,6 +136,7 @@ PMC_CLASSDEP_TABLE(k8, K8); PMC_CLASSDEP_TABLE(p4, P4); PMC_CLASSDEP_TABLE(p5, P5); PMC_CLASSDEP_TABLE(p6, P6); +PMC_CLASSDEP_TABLE(xscale, XSCALE); #undef __PMC_EV_ALIAS #define __PMC_EV_ALIAS(N,CODE) { N, PMC_EV_##CODE }, @@ -176,6 +181,7 @@ PMC_MDEP_TABLE(k8, K8, PMC_CLASS_TSC); PMC_MDEP_TABLE(p4, P4, PMC_CLASS_TSC); PMC_MDEP_TABLE(p5, P5, PMC_CLASS_TSC); PMC_MDEP_TABLE(p6, P6, PMC_CLASS_TSC); +PMC_MDEP_TABLE(xscale, XSCALE, PMC_CLASS_XSCALE); static const struct pmc_event_descr tsc_event_table[] = { @@ -216,6 +222,9 @@ PMC_CLASS_TABLE_DESC(p6, P6, p6, p6); #if defined(__i386__) || defined(__amd64__) PMC_CLASS_TABLE_DESC(tsc, TSC, tsc, tsc); #endif +#if defined(__XSCALE__) +PMC_CLASS_TABLE_DESC(xscale, XSCALE, xscale, xscale); +#endif #undef PMC_CLASS_TABLE_DESC @@ -2008,6 +2017,29 @@ tsc_allocate_pmc(enum pmc_event pe, char } #endif +#if defined(__XSCALE__) + +static struct pmc_event_alias xscale_aliases[] = { + EV_ALIAS("branches", "BRANCH_RETIRED"), + EV_ALIAS("branch-mispredicts", "BRANCH_MISPRED"), + EV_ALIAS("dc-misses", "DC_MISS"), + EV_ALIAS("ic-misses", "IC_MISS"), + EV_ALIAS("instructions", "INSTR_RETIRED"), + EV_ALIAS(NULL, NULL) +}; +static int +xscale_allocate_pmc(enum pmc_event pe, char *ctrspec __unused, + struct pmc_op_pmcallocate *pmc_config __unused) +{ + switch (pe) { + default: + break; + } + + return (0); +} +#endif + /* * Match an event name `name' with its canonical form. * @@ -2335,6 +2367,10 @@ pmc_event_names_of_class(enum pmc_class ev = p6_event_table; count = PMC_EVENT_TABLE_SIZE(p6); break; + case PMC_CLASS_XSCALE: + ev = xscale_event_table; + count = PMC_EVENT_TABLE_SIZE(xscale); + break; default: errno = EINVAL; return (-1); @@ -2520,6 +2556,12 @@ pmc_init(void) pmc_class_table[n] = &p4_class_table_descr; break; #endif +#if defined(__XSCALE__) + case PMC_CPU_INTEL_XSCALE: + PMC_MDEP_INIT(xscale); + pmc_class_table[n] = &xscale_class_table_descr; + break; +#endif default: @@ -2635,6 +2677,9 @@ _pmc_name_of_event(enum pmc_event pe, en } else if (pe >= PMC_EV_P6_FIRST && pe <= PMC_EV_P6_LAST) { ev = p6_event_table; evfence = p6_event_table + PMC_EVENT_TABLE_SIZE(p6); + } else if (pe >= PMC_EV_XSCALE_FIRST && pe <= PMC_EV_XSCALE_LAST) { + ev = xscale_event_table; + evfence = xscale_event_table + PMC_EVENT_TABLE_SIZE(xscale); } else if (pe == PMC_EV_TSC_TSC) { ev = tsc_event_table; evfence = tsc_event_table + PMC_EVENT_TABLE_SIZE(tsc); Copied: user/luigi/ipfw3-head/lib/libpmc/pmc.xscale.3 (from r200946, head/lib/libpmc/pmc.xscale.3) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/luigi/ipfw3-head/lib/libpmc/pmc.xscale.3 Thu Dec 24 17:06:54 2009 (r200949, copy of r200946, head/lib/libpmc/pmc.xscale.3) @@ -0,0 +1,39 @@ +.\" Copyright (c) 2009 Rui Paulo. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" This software is provided by Joseph Koshy ``as is'' and +.\" any express or implied warranties, including, but not limited to, the +.\" implied warranties of merchantability and fitness for a particular purpose +.\" are disclaimed. in no event shall Joseph Koshy be liable +.\" for any direct, indirect, incidental, special, exemplary, or consequential +.\" damages (including, but not limited to, procurement of substitute goods +.\" or services; loss of use, data, or profits; or business interruption) +.\" however caused and on any theory of liability, whether in contract, strict +.\" liability, or tort (including negligence or otherwise) arising in any way +.\" out of the use of this software, even if advised of the possibility of +.\" such damage. +.\" +.\" $FreeBSD$ +.\" +.Dd December 23, 2009 +.Os +.Dt PMC.XSCALE 3 +.Sh NAME +.Nm pmc.xscale +.Nd measurement events for +.Tn Intel +.Tn XScale +family CPUs +.Sh LIBRARY +.Lb libpmc +.Sh SYNOPSIS +.In pmc.h +.Sh DESCRIPTION Modified: user/luigi/ipfw3-head/lib/libstand/bzipfs.c ============================================================================== --- user/luigi/ipfw3-head/lib/libstand/bzipfs.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/lib/libstand/bzipfs.c Thu Dec 24 17:06:54 2009 (r200949) @@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$"); #ifndef REGRESSION #include "stand.h" #else +#include #include #include #include @@ -42,7 +43,7 @@ struct open_file { }; #define F_READ 0x0001 /* file opened for reading */ #define EOFFSET (ELAST+8) /* relative seek not supported */ -static inline u_int min(u_int a, u_int b) { return (a < b ? a : b); } +static inline u_int min(u_int a, u_int b) { return(a < b ? a : b); } #define panic(x, y) abort() #endif @@ -174,6 +175,8 @@ bzf_open(const char *fname, struct open_ /* Construct new name */ bzfname = malloc(strlen(fname) + 5); + if (bzfname == NULL) + return(ENOMEM); sprintf(bzfname, "%s.bz2", fname); /* Try to open the compressed datafile */ @@ -195,13 +198,14 @@ bzf_open(const char *fname, struct open_ /* Allocate a bz_file structure, populate it */ bzf = malloc(sizeof(struct bz_file)); + if (bzf == NULL) + return(ENOMEM); bzero(bzf, sizeof(struct bz_file)); bzf->bzf_rawfd = rawfd; - /* Verify that the file is bzipped (XXX why do this afterwards?) */ + /* Verify that the file is bzipped */ if (check_header(bzf)) { close(bzf->bzf_rawfd); - BZ2_bzDecompressEnd(&(bzf->bzf_bzstream)); free(bzf); return(EFTYPE); } @@ -247,7 +251,7 @@ bzf_read(struct open_file *f, void *buf, if (bzf->bzf_bzstream.avail_in == 0) { /* oops, unexpected EOF */ printf("bzf_read: unexpected EOF\n"); if (bzf->bzf_bzstream.avail_out == size) - return (EIO); + return(EIO); break; } @@ -266,6 +270,50 @@ bzf_read(struct open_file *f, void *buf, return(0); } +static int +bzf_rewind(struct open_file *f) +{ + struct bz_file *bzf = (struct bz_file *)f->f_fsdata; + struct bz_file *bzf_tmp; + + /* + * Since bzip2 does not have an equivalent inflateReset function a crude + * one needs to be provided. The functions all called in such a way that + * at any time an error occurs a role back can be done (effectively making + * this rewind 'atomic', either the reset occurs successfully or not at all, + * with no 'undefined' state happening). + */ + + /* Allocate a bz_file structure, populate it */ + bzf_tmp = malloc(sizeof(struct bz_file)); + if (bzf_tmp == NULL) + return(-1); + bzero(bzf_tmp, sizeof(struct bz_file)); + bzf_tmp->bzf_rawfd = bzf->bzf_rawfd; + + /* Initialise the inflation engine */ + if (BZ2_bzDecompressInit(&(bzf_tmp->bzf_bzstream), 0, 1) != BZ_OK) { + free(bzf_tmp); + return(-1); + } + + /* Seek back to the beginning of the file */ + if (lseek(bzf->bzf_rawfd, 0, SEEK_SET) == -1) { + BZ2_bzDecompressEnd(&(bzf_tmp->bzf_bzstream)); + free(bzf_tmp); + return(-1); + } + + /* Free old bz_file data */ + BZ2_bzDecompressEnd(&(bzf->bzf_bzstream)); + free(bzf); + + /* Use the new bz_file data */ + f->f_fsdata = bzf_tmp; + + return(0); +} + static off_t bzf_seek(struct open_file *f, off_t offset, int where) { @@ -284,14 +332,17 @@ bzf_seek(struct open_file *f, off_t offs target = -1; default: errno = EINVAL; - return (-1); + return(-1); } /* Can we get there from here? */ - if (target < bzf->bzf_bzstream.total_out_lo32) { + if (target < bzf->bzf_bzstream.total_out_lo32 && bzf_rewind(f) != 0) { errno = EOFFSET; return -1; - } + } + + /* if bzf_rewind was called then bzf has changed */ + bzf = (struct bz_file *)f->f_fsdata; /* skip forwards if required */ while (target > bzf->bzf_bzstream.total_out_lo32) { @@ -301,7 +352,7 @@ bzf_seek(struct open_file *f, off_t offs return(-1); } /* This is where we are (be honest if we overshot) */ - return (bzf->bzf_bzstream.total_out_lo32); + return(bzf->bzf_bzstream.total_out_lo32); } static int Modified: user/luigi/ipfw3-head/lib/libstand/gzipfs.c ============================================================================== --- user/luigi/ipfw3-head/lib/libstand/gzipfs.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/lib/libstand/gzipfs.c Thu Dec 24 17:06:54 2009 (r200949) @@ -212,10 +212,9 @@ zf_open(const char *fname, struct open_f bzero(zf, sizeof(struct z_file)); zf->zf_rawfd = rawfd; - /* Verify that the file is gzipped (XXX why do this afterwards?) */ + /* Verify that the file is gzipped */ if (check_header(zf)) { close(zf->zf_rawfd); - inflateEnd(&(zf->zf_zstream)); free(zf); return(EFTYPE); } @@ -261,7 +260,7 @@ zf_read(struct open_file *f, void *buf, if (zf->zf_zstream.avail_in == 0) { /* oops, unexpected EOF */ printf("zf_read: unexpected EOF\n"); if (zf->zf_zstream.avail_out == size) - return (EIO); + return(EIO); break; } @@ -286,12 +285,13 @@ zf_rewind(struct open_file *f) struct z_file *zf = (struct z_file *)f->f_fsdata; if (lseek(zf->zf_rawfd, zf->zf_dataoffset, SEEK_SET) == -1) - return -1; + return(-1); zf->zf_zstream.avail_in = 0; zf->zf_zstream.next_in = NULL; + zf->zf_endseen = 0; (void)inflateReset(&zf->zf_zstream); - return 0; + return(0); } static off_t @@ -312,12 +312,12 @@ zf_seek(struct open_file *f, off_t offse target = -1; default: errno = EINVAL; - return (-1); + return(-1); } /* rewind if required */ if (target < zf->zf_zstream.total_out && zf_rewind(f) != 0) - return -1; + return(-1); /* skip forwards if required */ while (target > zf->zf_zstream.total_out) { @@ -327,7 +327,7 @@ zf_seek(struct open_file *f, off_t offse return(-1); } /* This is where we are (be honest if we overshot) */ - return (zf->zf_zstream.total_out); + return(zf->zf_zstream.total_out); } Modified: user/luigi/ipfw3-head/release/Makefile ============================================================================== --- user/luigi/ipfw3-head/release/Makefile Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/release/Makefile Thu Dec 24 17:06:54 2009 (r200949) @@ -1128,36 +1128,36 @@ iso.1: .if defined(CD_BOOT) @sh ${.CURDIR}/${TARGET_ARCH}/mkisoimages.sh ${BOOTABLE} \ FreeBSD_bootonly \ - ${CD}/${BUILDNAME}-${TARGET}-bootonly.iso ${CD_BOOT} + ${CD}/FreeBSD-${BUILDNAME}-${TARGET}-bootonly.iso ${CD_BOOT} .endif @sh ${.CURDIR}/${TARGET_ARCH}/mkisoimages.sh ${BOOTABLE} \ FreeBSD_Install \ - ${CD}/${BUILDNAME}-${TARGET}-disc1.iso ${CD_DISC1} \ + ${CD}/FreeBSD-${BUILDNAME}-${TARGET}-disc1.iso ${CD_DISC1} \ ${CD_DISC1_PKGS} @sh ${.CURDIR}/${TARGET_ARCH}/mkisoimages.sh \ FreeBSD_Packages \ - ${CD}/${BUILDNAME}-${TARGET}-disc2.iso ${CD_DISC2} \ + ${CD}/FreeBSD-${BUILDNAME}-${TARGET}-disc2.iso ${CD_DISC2} \ ${CD_DISC2_PKGS} .if defined(MAKE_DVD) @sh ${.CURDIR}/${TARGET_ARCH}/mkisoimages.sh ${BOOTABLE} \ FreeBSD_Install \ - ${CD}/${BUILDNAME}-${TARGET}-dvd1.iso ${CD_DVD1} \ + ${CD}/FreeBSD-${BUILDNAME}-${TARGET}-dvd1.iso ${CD_DVD1} \ ${CD_DVD1_PKGS} .endif .if !defined(NODOC) @sh ${.CURDIR}/${TARGET_ARCH}/mkisoimages.sh \ FreeBSD_Documentation \ - ${CD}/${BUILDNAME}-${TARGET}-disc3.iso ${CD_DOCS} \ + ${CD}/FreeBSD-${BUILDNAME}-${TARGET}-disc3.iso ${CD_DOCS} \ ${CD_DOCS_PKGS} .endif .if defined(SEPARATE_LIVEFS) @sh ${.CURDIR}/${TARGET_ARCH}/mkisoimages.sh ${BOOTABLE} \ FreeBSD_LiveFS \ - ${CD}/${BUILDNAME}-${TARGET}-livefs.iso ${CD_LIVEFS} + ${CD}/FreeBSD-${BUILDNAME}-${TARGET}-livefs.iso ${CD_LIVEFS} .endif @echo "Generating MD5 and SHA256 sums..." - @(cd ${CD} && md5 *.iso > ${BUILDNAME}-${TARGET}-iso.CHECKSUM.MD5) - @(cd ${CD} && sha256 *.iso > ${BUILDNAME}-${TARGET}-iso.CHECKSUM.SHA256) + @(cd ${CD} && md5 *.iso > FreeBSD-${BUILDNAME}-${TARGET}-iso.CHECKSUM.MD5) + @(cd ${CD} && sha256 *.iso > FreeBSD-${BUILDNAME}-${TARGET}-iso.CHECKSUM.SHA256) touch ${.TARGET} .else @echo "Do not know how to create an ISO for ${TARGET_ARCH}." Modified: user/luigi/ipfw3-head/sbin/dumpfs/dumpfs.c ============================================================================== --- user/luigi/ipfw3-head/sbin/dumpfs/dumpfs.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/sbin/dumpfs/dumpfs.c Thu Dec 24 17:06:54 2009 (r200949) @@ -251,8 +251,11 @@ dumpfs(const char *name) printf("gjournal "); if (fsflags & FS_FLAGS_UPDATED) printf("fs_flags expanded "); + if (fsflags & FS_NFS4ACLS) + printf("nfsv4acls "); fsflags &= ~(FS_UNCLEAN | FS_DOSOFTDEP | FS_NEEDSFSCK | FS_INDEXDIRS | - FS_ACLS | FS_MULTILABEL | FS_GJOURNAL | FS_FLAGS_UPDATED); + FS_ACLS | FS_MULTILABEL | FS_GJOURNAL | FS_FLAGS_UPDATED | + FS_NFS4ACLS); if (fsflags != 0) printf("unknown flags (%#x)", fsflags); putchar('\n'); Modified: user/luigi/ipfw3-head/sbin/mount/mntopts.h ============================================================================== --- user/luigi/ipfw3-head/sbin/mount/mntopts.h Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/sbin/mount/mntopts.h Thu Dec 24 17:06:54 2009 (r200949) @@ -54,6 +54,7 @@ struct mntopt { #define MOPT_SNAPSHOT { "snapshot", 0, MNT_SNAPSHOT, 0 } #define MOPT_MULTILABEL { "multilabel", 0, MNT_MULTILABEL, 0 } #define MOPT_ACLS { "acls", 0, MNT_ACLS, 0 } +#define MOPT_NFS4ACLS { "nfsv4acls", 0, MNT_NFS4ACLS, 0 } /* Control flags. */ #define MOPT_FORCE { "force", 0, MNT_FORCE, 0 } @@ -87,7 +88,8 @@ struct mntopt { MOPT_NOCLUSTERR, \ MOPT_NOCLUSTERW, \ MOPT_MULTILABEL, \ - MOPT_ACLS + MOPT_ACLS, \ + MOPT_NFS4ACLS void getmntopts(const char *, const struct mntopt *, int *, int *); void rmslashes(char *, char *); Modified: user/luigi/ipfw3-head/sbin/mount/mount.8 ============================================================================== --- user/luigi/ipfw3-head/sbin/mount/mount.8 Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/sbin/mount/mount.8 Thu Dec 24 17:06:54 2009 (r200949) @@ -120,11 +120,14 @@ takes effect. The following options are available: .Bl -tag -width indent .It Cm acls -Enable Access Control Lists, or ACLS, which can be customized via the +Enable POSIX.1e Access Control Lists, or ACLs, which can be customized via the .Xr setfacl 1 and .Xr getfacl 1 commands. +This flag is mutually exclusive with +.Cm nfsv4acls +flag. .It Cm async All .Tn I/O @@ -186,6 +189,15 @@ See .Xr mac 4 for more information, which cause the multilabel mount flag to be set automatically at mount-time. +.It Cm nfsv4acls +Enable NFSv4 ACLs, which can be customized via the +.Xr setfacl 1 +and +.Xr getfacl 1 +commands. +This flag is mutually exclusive with +.Cm acls +flag. .It Cm noasync Metadata I/O should be done synchronously, while data I/O should be done asynchronously. Modified: user/luigi/ipfw3-head/sbin/mount/mount.c ============================================================================== --- user/luigi/ipfw3-head/sbin/mount/mount.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/sbin/mount/mount.c Thu Dec 24 17:06:54 2009 (r200949) @@ -111,6 +111,7 @@ static struct opt { { MNT_SOFTDEP, "soft-updates" }, { MNT_MULTILABEL, "multilabel" }, { MNT_ACLS, "acls" }, + { MNT_NFS4ACLS, "nfsv4acls" }, { MNT_GJOURNAL, "gjournal" }, { 0, NULL } }; @@ -918,6 +919,7 @@ flags2opts(int flags) if (flags & MNT_SUIDDIR) res = catopt(res, "suiddir"); if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel"); if (flags & MNT_ACLS) res = catopt(res, "acls"); + if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls"); return (res); } Modified: user/luigi/ipfw3-head/sbin/tunefs/tunefs.8 ============================================================================== --- user/luigi/ipfw3-head/sbin/tunefs/tunefs.8 Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/sbin/tunefs/tunefs.8 Thu Dec 24 17:06:54 2009 (r200949) @@ -44,6 +44,7 @@ .Op Fl L Ar volname .Op Fl l Cm enable | disable .Op Fl m Ar minfree +.Op Fl N Cm enable | disable .Op Fl n Cm enable | disable .Op Fl o Cm space | time .Op Fl p @@ -70,7 +71,7 @@ this option will cause all backups to be primary super-block. This is potentially dangerous - use with caution. .It Fl a Cm enable | disable -Turn on/off the administrative ACL enable flag. +Turn on/off the administrative POSIX.1e ACL enable flag. .It Fl e Ar maxbpg Indicate the maximum number of blocks any single file can allocate out of a cylinder group before it is forced to begin @@ -114,6 +115,8 @@ factor of three over the performance obt If the value is raised above the current usage level, users will be unable to allocate files until enough files have been deleted to get under the higher threshold. +.It Fl N Cm enable | disable +Turn on/off the administrative NFSv4 ACL enable flag. .It Fl n Cm enable | disable Turn on/off soft updates. .It Fl o Cm space | time Modified: user/luigi/ipfw3-head/sbin/tunefs/tunefs.c ============================================================================== --- user/luigi/ipfw3-head/sbin/tunefs/tunefs.c Thu Dec 24 15:43:37 2009 (r200948) +++ user/luigi/ipfw3-head/sbin/tunefs/tunefs.c Thu Dec 24 17:06:54 2009 (r200949) @@ -76,12 +76,12 @@ void printfs(void); int main(int argc, char *argv[]) { - char *avalue, *Jvalue, *Lvalue, *lvalue, *nvalue; + char *avalue, *Jvalue, *Lvalue, *lvalue, *Nvalue, *nvalue; const char *special, *on; const char *name; int active; int Aflag, aflag, eflag, evalue, fflag, fvalue, Jflag, Lflag, lflag; - int mflag, mvalue, nflag, oflag, ovalue, pflag, sflag, svalue; + int mflag, mvalue, Nflag, nflag, oflag, ovalue, pflag, sflag, svalue; int ch, found_arg, i; const char *chg[2]; struct ufs_args args; @@ -90,12 +90,12 @@ main(int argc, char *argv[]) if (argc < 3) usage(); Aflag = aflag = eflag = fflag = Jflag = Lflag = lflag = mflag = 0; - nflag = oflag = pflag = sflag = 0; - avalue = Jvalue = Lvalue = lvalue = nvalue = NULL; + Nflag = nflag = oflag = pflag = sflag = 0; + avalue = Jvalue = Lvalue = lvalue = Nvalue = nvalue = NULL; evalue = fvalue = mvalue = ovalue = svalue = 0; active = 0; found_arg = 0; /* At least one arg is required. */ - while ((ch = getopt(argc, argv, "Aa:e:f:J:L:l:m:n:o:ps:")) != -1) + while ((ch = getopt(argc, argv, "Aa:e:f:J:L:l:m:N:n:o:ps:")) != -1) switch (ch) { case 'A': @@ -105,7 +105,7 @@ main(int argc, char *argv[]) case 'a': found_arg = 1; - name = "ACLs"; + name = "POSIX.1e ACLs"; avalue = optarg; if (strcmp(avalue, "enable") && strcmp(avalue, "disable")) { @@ -187,6 +187,18 @@ main(int argc, char *argv[]) mflag = 1; break; + case 'N': + found_arg = 1; + name = "NFSv4 ACLs"; + Nvalue = optarg; + if (strcmp(Nvalue, "enable") && + strcmp(Nvalue, "disable")) { + errx(10, "bad %s (options are %s)", + name, "`enable' or `disable'"); + } + Nflag = 1; + break; + case 'n': found_arg = 1; name = "soft updates"; @@ -255,10 +267,13 @@ main(int argc, char *argv[]) strlcpy(sblock.fs_volname, Lvalue, MAXVOLLEN); } if (aflag) { - name = "ACLs"; + name = "POSIX.1e ACLs"; if (strcmp(avalue, "enable") == 0) { if (sblock.fs_flags & FS_ACLS) { warnx("%s remains unchanged as enabled", name); + } else if (sblock.fs_flags & FS_NFS4ACLS) { + warnx("%s and NFSv4 ACLs are mutually " + "exclusive", name); } else { sblock.fs_flags |= FS_ACLS; warnx("%s set", name); @@ -349,6 +364,29 @@ main(int argc, char *argv[]) warnx(OPTWARN, "space", "<", MINFREE); } } + if (Nflag) { + name = "NFSv4 ACLs"; + if (strcmp(Nvalue, "enable") == 0) { + if (sblock.fs_flags & FS_NFS4ACLS) { + warnx("%s remains unchanged as enabled", name); + } else if (sblock.fs_flags & FS_ACLS) { + warnx("%s and POSIX.1e ACLs are mutually " + "exclusive", name); + } else { + sblock.fs_flags |= FS_NFS4ACLS; + warnx("%s set", name); + } + } else if (strcmp(Nvalue, "disable") == 0) { + if ((~sblock.fs_flags & FS_NFS4ACLS) == + FS_NFS4ACLS) { + warnx("%s remains unchanged as disabled", + name); + } else { + sblock.fs_flags &= ~FS_NFS4ACLS; + warnx("%s cleared", name); + } + } + } if (nflag) { name = "soft updates"; if (strcmp(nvalue, "enable") == 0) { @@ -423,16 +461,18 @@ usage(void) fprintf(stderr, "%s\n%s\n%s\n%s\n", "usage: tunefs [-A] [-a enable | disable] [-e maxbpg] [-f avgfilesize]", " [-J enable | disable ] [-L volname] [-l enable | disable]", -" [-m minfree] [-n enable | disable] [-o space | time] [-p]", -" [-s avgfpdir] special | filesystem"); +" [-m minfree] [-N enable | disable] [-n enable | disable]", +" [-o space | time] [-p] [-s avgfpdir] special | filesystem"); exit(2); } void printfs(void) { - warnx("ACLs: (-a) %s", + warnx("POSIX.1e ACLs: (-a) %s", *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***