From owner-p4-projects@FreeBSD.ORG  Tue May  3 21:34:44 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id DD31516A4CF; Tue,  3 May 2005 21:34:43 +0000 (GMT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 83D7216A4D2
	for <perforce@freebsd.org>; Tue,  3 May 2005 21:34:43 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9CF7143D79
	for <perforce@freebsd.org>; Tue,  3 May 2005 21:34:41 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j43LYaSn080806
	for <perforce@freebsd.org>; Tue, 3 May 2005 21:34:36 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j43LYZbQ080791
	for perforce@freebsd.org; Tue, 3 May 2005 21:34:35 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Tue, 3 May 2005 21:34:35 GMT
Message-Id: <200505032134.j43LYZbQ080791@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 76463 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2005 21:34:45 -0000

http://perforce.freebsd.org/chv.cgi?CH=76463

Change 76463 by rwatson@rwatson_tislabs on 2005/05/03 21:34:07

	pf update
	ipfilter update
	powerd
	ipi spin lock amd64 fix 
	kdb stop nmi
	yet more ata
	much vfs locking
	ksem.h
	uma critical sections

Affected files ...

.. //depot/projects/trustedbsd/base/Makefile.inc1#60 integrate
.. //depot/projects/trustedbsd/base/UPDATING#54 integrate
.. //depot/projects/trustedbsd/base/bin/ps/ps.1#23 integrate
.. //depot/projects/trustedbsd/base/contrib/bsnmp/snmpd/main.c#8 integrate
.. //depot/projects/trustedbsd/base/contrib/ipfilter/lib/printstate.c#2 integrate
.. //depot/projects/trustedbsd/base/contrib/ipfilter/tools/ippool.c#2 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/authpf/authpf.8#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/authpf/authpf.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/authpf/pathnames.h#2 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/ftp-proxy/ftp-proxy.8#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/ftp-proxy/ftp-proxy.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/ftp-proxy/getline.c#2 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/ftp-proxy/util.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/ftp-proxy/util.h#2 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/man/pf.4#7 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/man/pf.conf.5#6 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/man/pf.os.5#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/man/pflog.4#5 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/man/pfsync.4#6 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/parse.y#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pf_print_state.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl.8#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl.h#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl_altq.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl_optimize.c#1 branch
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl_osfp.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl_parser.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl_parser.h#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl_qstats.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl_radix.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pfctl/pfctl_table.c#4 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pflogd/pflogd.8#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pflogd/pflogd.c#4 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pflogd/pidfile.c#3 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pflogd/privsep.c#2 integrate
.. //depot/projects/trustedbsd/base/contrib/pf/pflogd/privsep_fdpass.c#2 integrate
.. //depot/projects/trustedbsd/base/etc/Makefile#42 integrate
.. //depot/projects/trustedbsd/base/etc/rc#27 integrate
.. //depot/projects/trustedbsd/base/etc/rc.d/Makefile#27 integrate
.. //depot/projects/trustedbsd/base/etc/rc.d/initdiskless#19 delete
.. //depot/projects/trustedbsd/base/etc/rc.d/jail#9 integrate
.. //depot/projects/trustedbsd/base/etc/rc.d/preseedrandom#5 delete
.. //depot/projects/trustedbsd/base/etc/rc.d/rcconf.sh#4 integrate
.. //depot/projects/trustedbsd/base/etc/rc.initdiskless#2 integrate
.. //depot/projects/trustedbsd/base/games/caesar/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/games/caesar/caesar.c#4 integrate
.. //depot/projects/trustedbsd/base/games/pom/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/games/pom/pom.c#4 integrate
.. //depot/projects/trustedbsd/base/gnu/lib/libobjc/Makefile#11 integrate
.. //depot/projects/trustedbsd/base/lib/libc/gen/getbootfile.c#4 integrate
.. //depot/projects/trustedbsd/base/lib/libc/gen/getgrouplist.c#7 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getaddrinfo.3#9 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getaddrinfo.c#19 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/gethostbydns.c#14 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/gethostbyht.c#6 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/gethostbyname.3#9 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/gethostbynis.c#7 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/gethostnamadr.c#7 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getipnodebyname.3#7 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getnameinfo.3#7 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getnameinfo.c#6 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getnetbydns.c#8 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getnetbyht.c#6 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getnetbynis.c#4 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getnetent.3#5 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getnetnamadr.c#5 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getprotoent.c#5 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/getservent.c#9 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/map_v4v6.c#4 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/name6.c#19 integrate
.. //depot/projects/trustedbsd/base/lib/libc/net/netdb_private.h#4 integrate
.. //depot/projects/trustedbsd/base/lib/libc/yp/yplib.c#9 integrate
.. //depot/projects/trustedbsd/base/lib/libpmc/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/lib/libpmc/libpmc.c#2 integrate
.. //depot/projects/trustedbsd/base/lib/libpmc/pmc.3#2 integrate
.. //depot/projects/trustedbsd/base/lib/libpmc/pmc.h#2 integrate
.. //depot/projects/trustedbsd/base/lib/libthr/Makefile#8 integrate
.. //depot/projects/trustedbsd/base/lib/libthr/arch/i386/i386/pthread_md.c#3 integrate
.. //depot/projects/trustedbsd/base/lib/libthr/arch/i386/include/pthread_md.h#2 integrate
.. //depot/projects/trustedbsd/base/lib/libthr/support/Makefile.inc#1 branch
.. //depot/projects/trustedbsd/base/lib/libthr/thread/thr_create.c#10 integrate
.. //depot/projects/trustedbsd/base/lib/msun/src/s_ceill.c#3 integrate
.. //depot/projects/trustedbsd/base/lib/msun/src/s_floorl.c#3 integrate
.. //depot/projects/trustedbsd/base/lib/msun/src/s_truncl.c#3 integrate
.. //depot/projects/trustedbsd/base/release/Makefile#64 integrate
.. //depot/projects/trustedbsd/base/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#90 integrate
.. //depot/projects/trustedbsd/base/release/doc/zh_CN.GB2312/relnotes/common/new.sgml#4 integrate
.. //depot/projects/trustedbsd/base/release/scripts/package-split.py#3 integrate
.. //depot/projects/trustedbsd/base/release/scripts/package-trees.sh#2 integrate
.. //depot/projects/trustedbsd/base/rescue/rescue/Makefile#14 integrate
.. //depot/projects/trustedbsd/base/sbin/atm/atm/atm.h#4 integrate
.. //depot/projects/trustedbsd/base/sbin/atm/atmconfig/atmconfig_device.h#2 integrate
.. //depot/projects/trustedbsd/base/sbin/atm/ilmid/ilmid.c#11 integrate
.. //depot/projects/trustedbsd/base/sbin/dump/traverse.c#18 integrate
.. //depot/projects/trustedbsd/base/sbin/fdisk/fdisk.c#22 integrate
.. //depot/projects/trustedbsd/base/sbin/fdisk_pc98/Makefile#5 integrate
.. //depot/projects/trustedbsd/base/sbin/fdisk_pc98/fdisk.c#11 integrate
.. //depot/projects/trustedbsd/base/sbin/geom/core/geom.c#5 integrate
.. //depot/projects/trustedbsd/base/sbin/ggate/shared/ggate.h#3 integrate
.. //depot/projects/trustedbsd/base/sbin/ifconfig/ifpfsync.c#2 integrate
.. //depot/projects/trustedbsd/base/sbin/ipf/ipf/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/sbin/ipf/ipftest/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/sbin/ipf/ipmon/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/sbin/ipf/ipnat/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/sbin/ipf/ippool/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/sbin/ipf/ipresend/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/sbin/ipf/ipsend/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/sbin/ipf/libipf/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/sbin/natd/natd.c#13 integrate
.. //depot/projects/trustedbsd/base/sbin/pfctl/Makefile#4 integrate
.. //depot/projects/trustedbsd/base/share/man/man4/ath.4#16 integrate
.. //depot/projects/trustedbsd/base/share/man/man4/hwpmc.4#2 integrate
.. //depot/projects/trustedbsd/base/share/man/man5/rc.conf.5#47 integrate
.. //depot/projects/trustedbsd/base/share/man/man9/taskqueue.9#12 integrate
.. //depot/projects/trustedbsd/base/share/mk/sys.mk#21 integrate
.. //depot/projects/trustedbsd/base/sys/amd64/amd64/mp_machdep.c#9 integrate
.. //depot/projects/trustedbsd/base/sys/amd64/amd64/trap.c#16 integrate
.. //depot/projects/trustedbsd/base/sys/amd64/conf/NOTES#7 integrate
.. //depot/projects/trustedbsd/base/sys/amd64/include/smp.h#6 integrate
.. //depot/projects/trustedbsd/base/sys/conf/NOTES#59 integrate
.. //depot/projects/trustedbsd/base/sys/conf/files#84 integrate
.. //depot/projects/trustedbsd/base/sys/conf/files.amd64#20 integrate
.. //depot/projects/trustedbsd/base/sys/conf/files.i386#51 integrate
.. //depot/projects/trustedbsd/base/sys/conf/files.pc98#45 integrate
.. //depot/projects/trustedbsd/base/sys/conf/kern.post.mk#41 integrate
.. //depot/projects/trustedbsd/base/sys/conf/options#59 integrate
.. //depot/projects/trustedbsd/base/sys/conf/options.amd64#9 integrate
.. //depot/projects/trustedbsd/base/sys/conf/options.i386#27 integrate
.. //depot/projects/trustedbsd/base/sys/conf/options.pc98#29 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/ipfilter/netinet/ip_compat.h#12 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/ipfilter/netinet/ip_frag.c#10 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/if_pflog.c#7 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/if_pflog.h#3 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/if_pfsync.c#7 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/if_pfsync.h#3 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/pf.c#12 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/pf_if.c#5 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/pf_ioctl.c#8 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/pf_norm.c#5 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/pf_osfp.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/pf_subr.c#2 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/pf_table.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/contrib/pf/net/pfvar.h#4 integrate
.. //depot/projects/trustedbsd/base/sys/dev/aac/aac_disk.c#20 integrate
.. //depot/projects/trustedbsd/base/sys/dev/arcmsr/arcmsr.c#2 integrate
.. //depot/projects/trustedbsd/base/sys/dev/asr/asr.c#24 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-all.c#44 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-all.h#25 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-card.c#26 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-cbus.c#15 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-chipset.c#24 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-disk.c#35 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-dma.c#34 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-isa.c#19 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-lowlevel.c#14 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-pci.c#38 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-pci.h#19 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-queue.c#14 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-raid.c#29 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata-raid.h#19 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/ata_if.m#2 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/atapi-cam.c#21 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/atapi-cd.c#34 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/atapi-fd.c#24 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ata/atapi-tape.c#24 integrate
.. //depot/projects/trustedbsd/base/sys/dev/ciss/ciss.c#28 integrate
.. //depot/projects/trustedbsd/base/sys/dev/hwpmc/hwpmc_amd.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/dev/hwpmc/hwpmc_intel.c#2 integrate
.. //depot/projects/trustedbsd/base/sys/dev/hwpmc/hwpmc_mod.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/dev/hwpmc/hwpmc_piv.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/dev/hwpmc/hwpmc_ppro.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/dev/pci/pci.c#40 integrate
.. //depot/projects/trustedbsd/base/sys/dev/pci/pci_pci.c#22 integrate
.. //depot/projects/trustedbsd/base/sys/dev/pci/pcireg.h#8 integrate
.. //depot/projects/trustedbsd/base/sys/dev/pci/pcivar.h#15 integrate
.. //depot/projects/trustedbsd/base/sys/dev/twa/tw_osl_cam.c#2 integrate
.. //depot/projects/trustedbsd/base/sys/fs/devfs/devfs_vfsops.c#19 integrate
.. //depot/projects/trustedbsd/base/sys/fs/devfs/devfs_vnops.c#35 integrate
.. //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs_vnops.c#26 integrate
.. //depot/projects/trustedbsd/base/sys/fs/unionfs/union_vnops.c#24 integrate
.. //depot/projects/trustedbsd/base/sys/geom/geom_pc98_enc.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/geom/vinum/geom_vinum_init.c#4 integrate
.. //depot/projects/trustedbsd/base/sys/i386/conf/NOTES#55 integrate
.. //depot/projects/trustedbsd/base/sys/i386/conf/PAE#10 integrate
.. //depot/projects/trustedbsd/base/sys/i386/i386/mp_machdep.c#40 integrate
.. //depot/projects/trustedbsd/base/sys/i386/i386/trap.c#38 integrate
.. //depot/projects/trustedbsd/base/sys/i386/include/pmc_mdep.h#3 integrate
.. //depot/projects/trustedbsd/base/sys/i386/include/smp.h#14 integrate
.. //depot/projects/trustedbsd/base/sys/kern/imgact_aout.c#17 integrate
.. //depot/projects/trustedbsd/base/sys/kern/imgact_elf.c#31 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_descrip.c#55 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_exec.c#51 integrate
.. //depot/projects/trustedbsd/base/sys/kern/subr_devstat.c#13 integrate
.. //depot/projects/trustedbsd/base/sys/kern/subr_kdb.c#5 integrate
.. //depot/projects/trustedbsd/base/sys/kern/subr_smp.c#23 integrate
.. //depot/projects/trustedbsd/base/sys/kern/subr_taskqueue.c#14 integrate
.. //depot/projects/trustedbsd/base/sys/kern/uipc_sem.c#12 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_aio.c#41 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_bio.c#50 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_cluster.c#30 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_default.c#32 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_mount.c#37 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_subr.c#62 integrate
.. //depot/projects/trustedbsd/base/sys/netinet/tcp_usrreq.c#26 integrate
.. //depot/projects/trustedbsd/base/sys/nfsclient/nfs_vfsops.c#39 integrate
.. //depot/projects/trustedbsd/base/sys/pc98/conf/NOTES#23 integrate
.. //depot/projects/trustedbsd/base/sys/posix4/ksem.h#1 branch
.. //depot/projects/trustedbsd/base/sys/powerpc/conf/GENERIC#26 integrate
.. //depot/projects/trustedbsd/base/sys/powerpc/powermac/ata_kauai.c#9 integrate
.. //depot/projects/trustedbsd/base/sys/powerpc/powermac/ata_macio.c#16 integrate
.. //depot/projects/trustedbsd/base/sys/sys/diskpc98.h#9 integrate
.. //depot/projects/trustedbsd/base/sys/sys/param.h#45 integrate
.. //depot/projects/trustedbsd/base/sys/sys/pmc.h#3 integrate
.. //depot/projects/trustedbsd/base/sys/sys/ptrace.h#9 integrate
.. //depot/projects/trustedbsd/base/sys/sys/smp.h#11 integrate
.. //depot/projects/trustedbsd/base/sys/sys/taskqueue.h#7 integrate
.. //depot/projects/trustedbsd/base/sys/ufs/ffs/ffs_rawread.c#14 integrate
.. //depot/projects/trustedbsd/base/sys/ufs/ffs/ffs_softdep.c#33 integrate
.. //depot/projects/trustedbsd/base/sys/vm/swap_pager.c#38 integrate
.. //depot/projects/trustedbsd/base/sys/vm/uma_core.c#36 integrate
.. //depot/projects/trustedbsd/base/sys/vm/uma_int.h#17 integrate
.. //depot/projects/trustedbsd/base/sys/vm/vm_fault.c#36 integrate
.. //depot/projects/trustedbsd/base/sys/vm/vm_map.c#42 integrate
.. //depot/projects/trustedbsd/base/sys/vm/vm_object.c#52 integrate
.. //depot/projects/trustedbsd/base/sys/vm/vm_object.h#23 integrate
.. //depot/projects/trustedbsd/base/sys/vm/vnode_pager.c#41 integrate
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/README#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/all.sh#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t0/Makefile#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t0/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t0/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t0/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t0/libtest.a#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t0/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t1/Makefile#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t1/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t1/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t1/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t1/libtest.a#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t1/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t2/Makefile#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t2/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t2/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t2/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t2/libtest.a#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/archives/t2/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t0/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t0/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t0/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t0/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t1/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t1/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t1/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t1/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t2/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t2/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t2/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t2/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t3/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t3/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t3/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/basic/t3/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/common.sh#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t0/Makefile#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t0/TEST1.a#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t0/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t0/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t0/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t0/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t1/Makefile#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t1/TEST1.a#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t1/TEST2.a#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t1/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t1/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t1/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t1/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t2/Makefile#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t2/TEST1.a#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t2/TEST2.a#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t2/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t2/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t2/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/suffixes/t2/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/variables/t0/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/variables/t0/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/variables/t0/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/variables/t0/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/variables/t1/expected.status#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/variables/t1/expected.stderr#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/variables/t1/expected.stdout#1 branch
.. //depot/projects/trustedbsd/base/tools/regression/usr.bin/make/variables/t1/test.t#1 branch
.. //depot/projects/trustedbsd/base/tools/tools/tinderbox/etc/default.rc#4 integrate
.. //depot/projects/trustedbsd/base/tools/tools/tinderbox/tinderbox.pl#13 integrate
.. //depot/projects/trustedbsd/base/usr.bin/Makefile#41 integrate
.. //depot/projects/trustedbsd/base/usr.bin/brandelf/brandelf.c#5 integrate
.. //depot/projects/trustedbsd/base/usr.bin/compress/zopen.c#6 integrate
.. //depot/projects/trustedbsd/base/usr.bin/id/id.1#5 integrate
.. //depot/projects/trustedbsd/base/usr.bin/id/id.c#10 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/Makefile#14 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/cond.c#13 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/directive_hash.c#2 delete
.. //depot/projects/trustedbsd/base/usr.bin/make/directive_hash.h#2 delete
.. //depot/projects/trustedbsd/base/usr.bin/make/globals.h#3 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/hash_tables.c#1 branch
.. //depot/projects/trustedbsd/base/usr.bin/make/hash_tables.h#1 branch
.. //depot/projects/trustedbsd/base/usr.bin/make/main.c#27 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/make.h#8 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/nonints.h#12 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/parse.c#21 integrate
.. //depot/projects/trustedbsd/base/usr.bin/mkuzip/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/usr.bin/mkuzip/mkuzip.c#2 integrate
.. //depot/projects/trustedbsd/base/usr.bin/rs/rs.c#6 integrate
.. //depot/projects/trustedbsd/base/usr.bin/systat/pigs.c#7 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/adduser/adduser.sh#11 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/authpf/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/burncd/burncd.8#18 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/faithd/ftp.c#6 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/jail/jail.8#21 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/pmccontrol/pmccontrol.c#2 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/pmcstat/pmcstat.c#2 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/ppp/ppp.8.m4#21 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/rpc.yppasswdd/yppasswdd_main.c#7 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/sysinstall/dist.c#28 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/sysinstall/menus.c#40 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/ypserv/Makefile.yp#5 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/ypserv/yp_dnslookup.c#6 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/ypserv/yp_extern.h#3 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/ypserv/yp_server.c#5 integrate

Differences ...

==== //depot/projects/trustedbsd/base/Makefile.inc1#60 (text+ko) ====

@@ -1,5 +1,5 @@
 #
-# $FreeBSD: src/Makefile.inc1,v 1.492 2005/04/06 01:55:43 peter Exp $
+# $FreeBSD: src/Makefile.inc1,v 1.494 2005/05/01 17:36:09 imp Exp $
 #
 # Make command line options:
 #	-DNO_DYNAMICROOT do not link /bin and /sbin dynamically

==== //depot/projects/trustedbsd/base/UPDATING#54 (text+ko) ====

@@ -21,6 +21,11 @@
 	developers choose to disable these features on build machines
 	to maximize performance.
 
+20050503:
+	The packet filter (pf) code has been updated to OpenBSD 3.7
+	Please note the changed anchor syntax and the fact that
+	authpf(8) now needs a mounted fdescfs(5) to function.
+
 20050415:
 	The NO_MIXED_MODE kernel option has been removed from the i386
 	amd64 platforms as its use has been superceded by the new local
@@ -331,4 +336,4 @@
 Contact Warner Losh if you have any questions about your use of
 this document.
 
-$FreeBSD: src/UPDATING,v 1.401 2005/04/18 14:33:18 scottl Exp $
+$FreeBSD: src/UPDATING,v 1.402 2005/05/03 17:43:13 mlaier Exp $

==== //depot/projects/trustedbsd/base/bin/ps/ps.1#23 (text+ko) ====

@@ -27,7 +27,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)ps.1	8.3 (Berkeley) 4/18/94
-.\" $FreeBSD: src/bin/ps/ps.1,v 1.85 2005/03/20 10:40:36 pjd Exp $
+.\" $FreeBSD: src/bin/ps/ps.1,v 1.86 2005/04/29 11:10:27 maxim Exp $
 .\"
 .Dd March 20, 2005
 .Dt PS 1
@@ -103,7 +103,7 @@
 .Bl -tag -width indent
 .It Fl a
 Display information about other users' processes as well as your own.
-This will skip any processes which do not have a controlling teminal,
+This will skip any processes which do not have a controlling terminal,
 unless the
 .Fl x
 option is also specified.

==== //depot/projects/trustedbsd/base/contrib/bsnmp/snmpd/main.c#8 (text+ko) ====

@@ -1634,9 +1634,7 @@
 timer_start(u_int ticks, void (*func)(void *), void *udata, struct lmodule *mod)
 {
 	struct timer *tp;
-#ifdef USE_LIBBEGEMOT
-	struct timeval due;
-#else
+#ifndef USE_LIBBEGEMOT
 	struct timespec due;
 #endif
 
@@ -1644,15 +1642,8 @@
 		syslog(LOG_CRIT, "out of memory for timer");
 		exit(1);
 	}
-#ifdef USE_LIBBEGEMOT
-	(void)gettimeofday(&due, NULL);
-	due.tv_sec += ticks / 100;
-	due.tv_usec += (ticks % 100) * 10000;
-	if (due.tv_usec >= 1000000) {
-		due.tv_sec++;
-		due.tv_usec -= 1000000;
-	}
-#else
+
+#ifndef USE_LIBBEGEMOT
 	due = evAddTime(evNowTime(),
 	    evConsTime(ticks / 100, (ticks % 100) * 10000));
 #endif
@@ -1664,8 +1655,7 @@
 	LIST_INSERT_HEAD(&timer_list, tp, link);
 
 #ifdef USE_LIBBEGEMOT
-	if ((tp->id = poll_start_timer(due.tv_sec * 1000 + due.tv_usec / 1000,
-	    0, tfunc, tp)) < 0) {
+	if ((tp->id = poll_start_timer(ticks * 10, 0, tfunc, tp)) < 0) {
 		syslog(LOG_ERR, "cannot set timer: %m");
 		exit(1);
 	}

==== //depot/projects/trustedbsd/base/contrib/ipfilter/lib/printstate.c#2 (text+ko) ====

@@ -1,4 +1,4 @@
-/*	$FreeBSD: src/contrib/ipfilter/lib/printstate.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $	*/
+/*	$FreeBSD: src/contrib/ipfilter/lib/printstate.c,v 1.3 2005/04/28 21:36:30 darrenr Exp $	*/
 
 /*
  * Copyright (C) 2002 by Darren Reed.
@@ -64,7 +64,7 @@
 			ips.is_icmp.ici_seq, ips.is_icmp.ici_type);
 
 #ifdef        USE_QUAD_T
-	PRINTF("\tforward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n\tbackward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n",
+	PRINTF("\tforward: pkts in %lld bytes in %lld pkts out %lld bytes out %lld\n\tbackward: pkts in %lld bytes in %lld pkts out %lld bytes out %lld\n",
 		ips.is_pkts[0], ips.is_bytes[0],
 		ips.is_pkts[1], ips.is_bytes[1],
 		ips.is_pkts[2], ips.is_bytes[2],

==== //depot/projects/trustedbsd/base/contrib/ipfilter/tools/ippool.c#2 (text+ko) ====

@@ -1,4 +1,4 @@
-/*	$FreeBSD: src/contrib/ipfilter/tools/ippool.c,v 1.2 2005/04/25 18:20:15 darrenr Exp $	*/
+/*	$FreeBSD: src/contrib/ipfilter/tools/ippool.c,v 1.3 2005/04/28 16:26:33 darrenr Exp $	*/
 
 /*
  * Copyright (C) 2003 by Darren Reed.
@@ -639,7 +639,7 @@
 		}
 
 	}
-	printf("%u object%s flushed\n", flush.iplf_count,
+	printf("%zd object%s flushed\n", flush.iplf_count,
 	       (flush.iplf_count == 1) ? "" : "s");
 
 	return 0;

==== //depot/projects/trustedbsd/base/contrib/pf/authpf/authpf.8#3 (text+ko) ====

@@ -1,4 +1,4 @@
-.\" $OpenBSD: authpf.8,v 1.31 2003/12/10 04:10:37 beck Exp $
+.\" $OpenBSD: authpf.8,v 1.38 2005/01/04 09:57:04 jmc Exp $
 .\"
 .\" Copyright (c) 2002 Bob Beck (beck@openbsd.org>.  All rights reserved.
 .\"
@@ -60,6 +60,10 @@
 requires that the
 .Xr pf 4
 system be enabled before use.
+.Nm
+can also maintain the list of IP address of connected users
+in the "authpf_users"
+.Pa table .
 .Pp
 .Nm
 is meant to be used with users who can connect via
@@ -93,11 +97,16 @@
 .Nm
 rules:
 .Bd -literal -offset indent
-nat-anchor authpf
-rdr-anchor authpf
-binat-anchor authpf
-anchor authpf
+nat-anchor "authpf/*"
+rdr-anchor "authpf/*"
+binat-anchor "authpf/*"
+anchor "authpf/*"
 .Ed
+.Pp
+The "/*" at the end of the anchor name is required for
+.Xr pf 4
+to process the rulesets attached to the anchor by
+.Nm authpf .
 .Sh FILTER AND TRANSLATION RULES
 Filter and translation rules for
 .Nm
@@ -113,10 +122,14 @@
 .Em user_id
 is assigned the user name.
 .Pp
-Filter and nat rules will first be searched for in
+Filter and translation rules are stored in a file called
+.Pa authpf.rules .
+This file will first be searched for in
 .Pa /etc/authpf/users/$USER/
 and then in
 .Pa /etc/authpf/ .
+Only one of these files will be used if both are present.
+.Pp
 Per-user rules from the
 .Pa /etc/authpf/users/$USER/
 directory are intended to be used when non-default rules
@@ -124,21 +137,11 @@
 It is important to ensure that a user can not write or change
 these configuration files.
 .Pp
-Filter and translation rules are loaded from the file
-.Pa /etc/authpf/users/$USER/authpf.rules .
-If this file does not exist the file
-.Pa /etc/authpf/authpf.rules
-is used.
 The
 .Pa authpf.rules
 file must exist in one of the above locations for
 .Nm
 to run.
-.Pp
-Translation rules are also loaded from this file.
-The use of translation rules in an
-.Pa authpf.rules
-file is optional.
 .Sh CONFIGURATION
 Options are controlled by the
 .Pa /etc/authpf/authpf.conf
@@ -154,6 +157,10 @@
 Use the specified
 .Pa anchor
 name instead of "authpf".
+.It table=name
+Use the specified
+.Pa table
+name instead of "authpf_users".
 .El
 .Sh USER MESSAGES
 On successful invocation,
@@ -218,9 +225,15 @@
 hijack the session.
 Note that TCP keepalives are not sufficient for
 this, since they are not secure.
+Also note that
+.Ar AllowTcpForwarding
+should be disabled for
+.Nm
+users to prevent them from circumventing restrictions imposed by the
+packet filter ruleset.
 .Pp
 .Nm
-will remove statetable entries that were created during a user's
+will remove state table entries that were created during a user's
 session.
 This ensures that there will be no unauthenticated traffic
 allowed to pass after the controlling
@@ -391,15 +404,15 @@
 # ssh and use us as a dns server.
 internal_if="fxp1"
 gateway_addr="10.0.1.1"
-nat-anchor authpf
-rdr-anchor authpf
-binat-anchor authpf
+nat-anchor "authpf/*"
+rdr-anchor "authpf/*"
+binat-anchor "authpf/*"
 block in on $internal_if from any to any
 pass in quick on $internal_if proto tcp from any to $gateway_addr \e
       port = ssh
 pass in quick on $internal_if proto udp from any to $gateway_addr \e
       port = domain
-anchor authpf
+anchor "authpf/*"
 .Ed
 .Pp
 .Sy For a switched, wired net
@@ -465,6 +478,33 @@
 129.128.11.10.60539 > 198.137.240.92.22: S 2131494121:2131494121(0) win \e
 16384 <mss 1460,nop,nop,sackOK> (DF)
 .Ed
+.Pp
+.Sy Using the authpf_users table
+\- Simple
+.Nm
+settings can be implemented without an anchor by just using the "authpf_users"
+.Pa table .
+For example, the following
+.Xr pf.conf 5
+lines will give SMTP and IMAP access to logged in users:
+.Bd -literal
+table <authpf_users> persist
+pass in on $ext_if proto tcp from <authpf_users> \e
+        to port { smtp imap } keep state
+.Ed
+.Pp
+It is also possible to use the "authpf_users"
+.Pa table
+in combination with anchors.
+For example,
+.Xr pf 4
+processing can be sped up by looking up the anchor
+only for packets coming from logged in users:
+.Bd -literal
+table <authpf_users> persist
+anchor "authpf/*" from <authpf_users>
+rdr-anchor "authpf/*" from <authpf_users>
+.Ed
 .Sh FILES
 .Bl -tag -width "/etc/authpf/authpf.conf" -compact
 .It Pa /etc/authpf/authpf.conf

==== //depot/projects/trustedbsd/base/contrib/pf/authpf/authpf.c#3 (text+ko) ====

@@ -1,4 +1,4 @@
-/*	$OpenBSD: authpf.c,v 1.75 2004/01/29 01:55:10 deraadt Exp $	*/
+/*	$OpenBSD: authpf.c,v 1.89 2005/02/10 04:24:15 joel Exp $	*/
 
 /*
  * Copyright (C) 1998 - 2002 Bob Beck (beck@openbsd.org).
@@ -26,13 +26,15 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/contrib/pf/authpf/authpf.c,v 1.5 2004/06/16 23:39:30 mlaier Exp $");
+__FBSDID("$FreeBSD: src/contrib/pf/authpf/authpf.c,v 1.6 2005/05/03 16:55:19 mlaier Exp $");
 
 #include <sys/param.h>
 #include <sys/file.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/time.h>
+#include <sys/wait.h>
 
 #include <net/if.h>
 #include <net/pfvar.h>
@@ -40,6 +42,7 @@
 
 #include <err.h>
 #include <errno.h>
+#include <login_cap.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdio.h>
@@ -48,9 +51,6 @@
 #include <syslog.h>
 #include <unistd.h>
 
-#include <pfctl_parser.h>
-#include <pfctl.h>
-
 #include "pathnames.h"
 
 extern int	symset(const char *, const char *, int);
@@ -61,11 +61,13 @@
 static int	check_luser(char *, char *);
 static int	remove_stale_rulesets(void);
 static int	change_filter(int, const char *, const char *);
+static int	change_table(int, const char *, const char *);
 static void	authpf_kill_states(void);
 
 int	dev;			/* pf device */
 char	anchorname[PF_ANCHOR_NAME_SIZE] = "authpf";
-char	rulesetname[PF_RULESET_NAME_SIZE];
+char	rulesetname[MAXPATHLEN - PF_ANCHOR_NAME_SIZE - 2];
+char	tablename[PF_TABLE_NAME_SIZE] = "authpf_users";
 
 FILE	*pidfp;
 char	*infile;		/* file name printed by yyerror() in parse.y */
@@ -94,10 +96,12 @@
 {
 	int		 lockcnt = 0, n, pidfd;
 	FILE		*config;
-	struct in_addr	 ina;
+	struct in6_addr	 ina;
 	struct passwd	*pw;
 	char		*cp;
 	uid_t		 uid;
+	char		*shell;
+	login_cap_t	*lc;
 
 	config = fopen(PATH_CONFFILE, "r");
 
@@ -121,7 +125,8 @@
 		exit(1);
 	}
 	*cp = '\0';
-	if (inet_pton(AF_INET, ipsrc, &ina) != 1) {
+	if (inet_pton(AF_INET, ipsrc, &ina) != 1 &&
+	    inet_pton(AF_INET6, ipsrc, &ina) != 1) {
 		syslog(LOG_ERR,
 		    "cannot determine IP from SSH_CLIENT %s", ipsrc);
 		exit(1);
@@ -135,16 +140,31 @@
 
 	uid = getuid();
 	pw = getpwuid(uid);
+	endpwent();
 	if (pw == NULL) {
 		syslog(LOG_ERR, "cannot find user for uid %u", uid);
 		goto die;
 	}
-	if (strcmp(pw->pw_shell, PATH_AUTHPF_SHELL)) {
+
+	if ((lc = login_getclass(pw->pw_class)) != NULL)
+		shell = (char *)login_getcapstr(lc, "shell", pw->pw_shell,
+		    pw->pw_shell);
+	else
+		shell = pw->pw_shell;
+
+	login_close(lc);
+
+	if (strcmp(shell, PATH_AUTHPF_SHELL)) {
 		syslog(LOG_ERR, "wrong shell for user %s, uid %u",
 		    pw->pw_name, pw->pw_uid);
+		if (shell != pw->pw_shell)
+			free(shell);
 		goto die;
 	}
 
+	if (shell != pw->pw_shell)
+		free(shell);
+
 	/*
 	 * Paranoia, but this data _does_ come from outside authpf, and
 	 * truncation would be bad.
@@ -155,11 +175,11 @@
 	}
 
 	if ((n = snprintf(rulesetname, sizeof(rulesetname), "%s(%ld)",
-	    luser, (long)getpid())) < 0 || n >= sizeof(rulesetname)) {
+	    luser, (long)getpid())) < 0 || (u_int)n >= sizeof(rulesetname)) {
 		syslog(LOG_INFO, "%s(%ld) too large, ruleset name will be %ld",
 		    luser, (long)getpid(), (long)getpid());
 		if ((n = snprintf(rulesetname, sizeof(rulesetname), "%ld",
-		    (long)getpid())) < 0 || n >= sizeof(rulesetname)) {
+		    (long)getpid())) < 0 || (u_int)n >= sizeof(rulesetname)) {
 			syslog(LOG_ERR, "pid too large for ruleset name");
 			goto die;
 		}
@@ -269,12 +289,17 @@
 	rewind(pidfp);
 	fprintf(pidfp, "%ld\n%s\n", (long)getpid(), luser);
 	fflush(pidfp);
-	(void) ftruncate(fileno(pidfp), ftell(pidfp));
+	(void) ftruncate(fileno(pidfp), ftello(pidfp));
 
 	if (change_filter(1, luser, ipsrc) == -1) {
 		printf("Unable to modify filters\r\n");
 		do_death(0);
 	}
+	if (change_table(1, luser, ipsrc) == -1) {
+		printf("Unable to modify table\r\n");
+		change_filter(0, luser, ipsrc);
+		do_death(0);
+	}
 
 	signal(SIGTERM, need_death);
 	signal(SIGINT, need_death);
@@ -284,7 +309,7 @@
 	signal(SIGSTOP, need_death);
 	signal(SIGTSTP, need_death);
 	while (1) {
-		printf("\r\nHello %s, ", luser);
+		printf("\r\nHello %s. ", luser);
 		printf("You are authenticated from host \"%s\"\r\n", ipsrc);
 		setproctitle("%s@%s", luser, ipsrc);
 		print_message(PATH_MESSAGE);
@@ -359,6 +384,11 @@
 			    sizeof(anchorname)) >= sizeof(anchorname))
 				goto parse_error;
 		}
+		if (strcasecmp(pair[0], "table") == 0) {
+			if (!pair[1][0] || strlcpy(tablename, pair[1],
+			    sizeof(tablename)) >= sizeof(tablename))
+				goto parse_error;
+		}
 	} while (!feof(f) && !ferror(f));
 	fclose(f);
 	return (0);
@@ -542,12 +572,10 @@
 remove_stale_rulesets(void)
 {
 	struct pfioc_ruleset	 prs;
-	const int		 action[PF_RULESET_MAX] = { PF_SCRUB,
-				    PF_PASS, PF_NAT, PF_BINAT, PF_RDR };
 	u_int32_t		 nr, mnr;
 
 	memset(&prs, 0, sizeof(prs));
-	strlcpy(prs.anchor, anchorname, sizeof(prs.anchor));
+	strlcpy(prs.path, anchorname, sizeof(prs.path));
 	if (ioctl(dev, DIOCGETRULESETS, &prs)) {
 		if (errno == EINVAL)
 			return (0);
@@ -574,20 +602,25 @@
 		    (*s && (t == prs.name || *s != ')')))
 			return (1);
 		if (kill(pid, 0) && errno != EPERM) {
-			int i;
+			int			i;
+			struct pfioc_trans_e	t_e[PF_RULESET_MAX+1];
+			struct pfioc_trans	t;
 
-			for (i = 0; i < PF_RULESET_MAX; ++i) {
-				struct pfioc_rule pr;
-
-				memset(&pr, 0, sizeof(pr));
-				memcpy(pr.anchor, prs.anchor, sizeof(pr.anchor));
-				memcpy(pr.ruleset, prs.name, sizeof(pr.ruleset));
-				pr.rule.action = action[i];
-				if ((ioctl(dev, DIOCBEGINRULES, &pr) ||
-				    ioctl(dev, DIOCCOMMITRULES, &pr)) &&
-				    errno != EINVAL)
-					return (1);
+			bzero(&t, sizeof(t));
+			bzero(t_e, sizeof(t_e));
+			t.size = PF_RULESET_MAX+1;
+			t.esize = sizeof(t_e[0]);
+			t.array = t_e;
+			for (i = 0; i < PF_RULESET_MAX+1; ++i) {
+				t_e[i].rs_num = i;
+				snprintf(t_e[i].anchor, sizeof(t_e[i].anchor),
+				    "%s/%s", anchorname, prs.name);
 			}
+			t_e[PF_RULESET_MAX].rs_num = PF_RULESET_TABLE;
+			if ((ioctl(dev, DIOCXBEGIN, &t) ||
+			    ioctl(dev, DIOCXCOMMIT, &t)) &&
+			    errno != EINVAL)
+				return (1);
 			mnr--;
 		} else
 			nr++;
@@ -601,85 +634,67 @@
 static int
 change_filter(int add, const char *luser, const char *ipsrc)
 {
-	char			 fn[MAXPATHLEN];
-	FILE			*f = NULL;
-	struct pfctl		 pf;
-	struct pfr_buffer	 t;
-	int			 i;
+	char	*pargv[13] = {
+		"pfctl", "-p", "/dev/pf", "-q", "-a", "anchor/ruleset",
+		"-D", "user_ip=X", "-D", "user_id=X", "-f",
+		"file", NULL
+	};
+	char	*fdpath = NULL, *userstr = NULL, *ipstr = NULL;
+	char	*rsn = NULL, *fn = NULL;
+	pid_t	pid;
+	int	s;
 
 	if (luser == NULL || !luser[0] || ipsrc == NULL || !ipsrc[0]) {
 		syslog(LOG_ERR, "invalid luser/ipsrc");
 		goto error;
 	}
 
+	if (asprintf(&rsn, "%s/%s", anchorname, rulesetname) == -1)
+		goto no_mem;
+	if (asprintf(&fdpath, "/dev/fd/%d", dev) == -1)
+		goto no_mem;
+	if (asprintf(&ipstr, "user_ip=%s", ipsrc) == -1)
+		goto no_mem;
+	if (asprintf(&userstr, "user_id=%s", luser) == -1)
+		goto no_mem;
+
 	if (add) {
-		if ((i = snprintf(fn, sizeof(fn), "%s/%s/authpf.rules",
-		    PATH_USER_DIR, luser)) < 0 || i >= sizeof(fn)) {
-			syslog(LOG_ERR, "user rule path too long");
-			goto error;
-		}
-		if ((f = fopen(fn, "r")) == NULL && errno != ENOENT) {
-			syslog(LOG_ERR, "cannot open %s (%m)", fn);
-			goto error;
-		}
-		if (f == NULL) {
-			if (strlcpy(fn, PATH_PFRULES, sizeof(fn)) >=
-			    sizeof(fn)) {
-				syslog(LOG_ERR, "rule path too long");
-				goto error;
-			}
-			if ((f = fopen(fn, "r")) == NULL) {
-				syslog(LOG_ERR, "cannot open %s (%m)", fn);
-				goto error;
-			}
+		struct stat sb;
+
+		if (asprintf(&fn, "%s/%s/authpf.rules", PATH_USER_DIR, luser)
+		    == -1)
+			goto no_mem;
+		if (stat(fn, &sb) == -1) {
+			free(fn);
+			if ((fn = strdup(PATH_PFRULES)) == NULL)
+				goto no_mem;
 		}
 	}
+	pargv[2] = fdpath;
+	pargv[5] = rsn;
+	pargv[7] = userstr;
+	pargv[9] = ipstr;
+	if (!add)
+		pargv[11] = "/dev/null";
+	else
+		pargv[11] = fn;
 
-	if (pfctl_load_fingerprints(dev, 0)) {
-		syslog(LOG_ERR, "unable to load kernel's OS fingerprints");
-		goto error;
-	}
-	bzero(&t, sizeof(t));
-	t.pfrb_type = PFRB_TRANS;
-	memset(&pf, 0, sizeof(pf));
-	for (i = 0; i < PF_RULESET_MAX; ++i) {
-		if (pfctl_add_trans(&t, i, anchorname, rulesetname)) {
-			syslog(LOG_ERR, "pfctl_add_trans %m");
-			goto error;
-		}
-	}
-	if (pfctl_trans(dev, &t, DIOCXBEGIN, 0)) {
-		syslog(LOG_ERR, "DIOCXBEGIN (%s) %m", add?"add":"remove");
-		goto error;
+	switch (pid = fork()) {
+	case -1:
+		err(1, "fork failed");
+	case 0:
+		execvp(PATH_PFCTL, pargv);
+		warn("exec of %s failed", PATH_PFCTL);
+		_exit(1);
 	}
 
-	if (add) {
-		if (symset("user_ip", ipsrc, 0) ||
-		    symset("user_id", luser, 0)) {
-			syslog(LOG_ERR, "symset");
-			goto error;
-		}
-
-		pf.dev = dev;
-		pf.trans = &t;
-		pf.anchor = anchorname;
-		pf.ruleset = rulesetname;
-
-		infile = fn;
-		if (parse_rules(f, &pf) < 0) {
-			syslog(LOG_ERR, "syntax error in rule file: "
-			    "authpf rules not loaded");
+	/* parent */
+	waitpid(pid, &s, 0);
+	if (s != 0) {
+		if (WIFEXITED(s)) {
+			syslog(LOG_ERR, "pfctl exited abnormally");
 			goto error;
 		}
-
-		infile = NULL;
-		fclose(f);
-		f = NULL;
-	}
-
-	if (pfctl_trans(dev, &t, DIOCXCOMMIT, 0)) {
-		syslog(LOG_ERR, "DIOCXCOMMIT (%s) %m", add?"add":"remove");
-		goto error;
 	}
 
 	if (add) {
@@ -691,18 +706,63 @@
 		    ipsrc, luser, Tend.tv_sec - Tstart.tv_sec);
 	}
 	return (0);
-
+no_mem:
+	syslog(LOG_ERR, "malloc failed");
 error:
-	if (f != NULL)

>>> TRUNCATED FOR MAIL (1000 lines) <<<