PERFORCE change 127778 for review
    Robert Watson 
    rwatson at FreeBSD.org
       
    Fri Oct 19 07:35:09 PDT 2007
    
    
  
http://perforce.freebsd.org/chv.cgi?CH=127778
Change 127778 by rwatson at rwatson_zoo on 2007/10/19 14:34:32
	Integrate TrustedBSD audit3 branch from TrustedBSD base branch
	through @127777.
Affected files ...
.. //depot/projects/trustedbsd/audit3/etc/rc.d/kerberos#5 integrate
.. //depot/projects/trustedbsd/audit3/lib/libbsm/Makefile#24 integrate
.. //depot/projects/trustedbsd/audit3/lib/libc/stdlib/atoi.3#3 integrate
.. //depot/projects/trustedbsd/audit3/sbin/ipfw/ipfw2.c#19 integrate
.. //depot/projects/trustedbsd/audit3/sbin/mount/mount.8#12 integrate
.. //depot/projects/trustedbsd/audit3/share/man/man5/nsswitch.conf.5#6 integrate
.. //depot/projects/trustedbsd/audit3/share/man/man5/src.conf.5#10 integrate
.. //depot/projects/trustedbsd/audit3/sys/amd64/conf/GENERIC#19 integrate
.. //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_denode.c#10 integrate
.. //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_lookup.c#6 integrate
.. //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_vfsops.c#16 integrate
.. //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_vnops.c#12 integrate
.. //depot/projects/trustedbsd/audit3/sys/i386/conf/GENERIC#20 integrate
.. //depot/projects/trustedbsd/audit3/sys/netinet/ip.h#5 integrate
.. //depot/projects/trustedbsd/audit3/sys/netinet/tcp_syncache.c#22 integrate
.. //depot/projects/trustedbsd/audit3/sys/netinet/tcp_usrreq.c#18 integrate
.. //depot/projects/trustedbsd/audit3/sys/vm/vm_object.c#19 integrate
.. //depot/projects/trustedbsd/audit3/usr.sbin/adduser/rmuser.sh#3 integrate
Differences ...
==== //depot/projects/trustedbsd/audit3/etc/rc.d/kerberos#5 (text+ko) ====
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $FreeBSD: src/etc/rc.d/kerberos,v 1.6 2007/05/17 11:33:08 mtm Exp $
+# $FreeBSD: src/etc/rc.d/kerberos,v 1.7 2007/10/19 08:59:59 mtm Exp $
 #
 
 # PROVIDE: kerberos
@@ -14,4 +14,5 @@
 
 load_rc_config $name
 command="${kerberos5_server}"
+kerberos5_flags="${kerberos5_server_flags}"
 run_rc_command "$1"
==== //depot/projects/trustedbsd/audit3/lib/libbsm/Makefile#24 (text+ko) ====
@@ -1,5 +1,5 @@
 #
-# $FreeBSD: src/lib/libbsm/Makefile,v 1.7 2007/05/21 02:49:03 deischen Exp $
+# $FreeBSD: src/lib/libbsm/Makefile,v 1.8 2007/10/19 10:37:34 rwatson Exp $
 #
 
 OPENBSMDIR=		${.CURDIR}/../../contrib/openbsm
==== //depot/projects/trustedbsd/audit3/lib/libc/stdlib/atoi.3#3 (text+ko) ====
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)atoi.3	8.1 (Berkeley) 6/4/93
-.\" $FreeBSD: src/lib/libc/stdlib/atoi.3,v 1.13 2007/01/09 00:28:09 imp Exp $
+.\" $FreeBSD: src/lib/libc/stdlib/atoi.3,v 1.14 2007/10/19 06:23:39 davidxu Exp $
 .\"
 .Dd June 4, 1993
 .Dt ATOI 3
@@ -59,10 +59,6 @@
 .Bd -literal -offset indent
 (int)strtol(nptr, (char **)NULL, 10);
 .Ed
-.Sh IMPLEMENTATION NOTES
-The
-.Fn atoi
-function is not thread-safe and also not async-cancel safe.
 .Pp
 The
 .Fn atoi
==== //depot/projects/trustedbsd/audit3/sbin/ipfw/ipfw2.c#19 (text+ko) ====
@@ -17,7 +17,7 @@
  *
  * NEW command line interface for IP firewall facility
  *
- * $FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.108 2007/09/23 16:29:22 maxim Exp $
+ * $FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.109 2007/10/19 12:48:02 rpaulo Exp $
  */
 
 #include <sys/param.h>
@@ -179,8 +179,8 @@
 	{ "throughput",	IPTOS_THROUGHPUT},
 	{ "reliability", IPTOS_RELIABILITY},
 	{ "mincost",	IPTOS_MINCOST},
-	{ "congestion",	IPTOS_CE},
-	{ "ecntransport", IPTOS_ECT},
+	{ "congestion",	IPTOS_ECN_CE},
+	{ "ecntransport", IPTOS_ECN_ECT0},
 	{ "ip tos option", 0},
 	{ NULL,	0 }
 };
==== //depot/projects/trustedbsd/audit3/sbin/mount/mount.8#12 (text+ko) ====
@@ -26,7 +26,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)mount.8	8.8 (Berkeley) 6/16/94
-.\" $FreeBSD: src/sbin/mount/mount.8,v 1.82 2007/06/25 05:06:54 rafan Exp $
+.\" $FreeBSD: src/sbin/mount/mount.8,v 1.83 2007/10/19 05:29:18 rodrigc Exp $
 .\"
 .Dd July 12, 2006
 .Dt MOUNT 8
@@ -510,7 +510,6 @@
 .Xr mount_nwfs 8 ,
 .Xr mount_portalfs 8 ,
 .Xr mount_smbfs 8 ,
-.Xr mount_std 8 ,
 .Xr mount_udf 8 ,
 .Xr mount_unionfs 8 ,
 .Xr umount 8
==== //depot/projects/trustedbsd/audit3/share/man/man5/nsswitch.conf.5#6 (text+ko) ====
@@ -31,7 +31,7 @@
 .\" TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 .\" USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $FreeBSD: src/share/man/man5/nsswitch.conf.5,v 1.17 2007/01/22 11:45:25 bms Exp $
+.\" $FreeBSD: src/share/man/man5/nsswitch.conf.5,v 1.18 2007/10/19 00:16:29 bushman Exp $
 .\"
 .Dd January 22, 2007
 .Dt NSSWITCH.CONF 5
@@ -95,7 +95,7 @@
 If this is present, it must be the only source for that entry.
 .It cache
 makes use of the
-.Xr cached 8
+.Xr nscd 8
 daemon.
 .El
 .Ss Databases
@@ -218,7 +218,7 @@
 .Xr nsswitch.conf 5
 file.
 You should also enable caching for this database in
-.Xr cached.conf 5 .
+.Xr nscd.conf 5 .
 If for the particular query
 .Dq cache
 source returns success, no further sources are queried.
@@ -228,7 +228,7 @@
 Note, that
 .Dq cache
 requires
-.Xr cached 8
+.Xr nscd 8
 daemon to be running.
 .Ss Compat mode: +/- syntax
 In historical multi-source implementations, the
@@ -353,9 +353,9 @@
 databases.
 .Sh SEE ALSO
 .Xr nsdispatch 3 ,
-.Xr cached.conf 5 ,
+.Xr nscd.conf 5 ,
 .Xr resolv.conf 5 ,
-.Xr cached 8 ,
+.Xr nscd 8 ,
 .Xr named 8 ,
 .Xr ypbind 8
 .Sh HISTORY
==== //depot/projects/trustedbsd/audit3/share/man/man5/src.conf.5#10 (text) ====
@@ -1,6 +1,6 @@
 .\" DO NOT EDIT-- this file is automatically generated.
 .\" from FreeBSD: src/tools/build/options/makeman,v 1.6 2006/09/11 13:39:44 ru Exp
-.\" $FreeBSD: src/share/man/man5/src.conf.5,v 1.18 2007/10/10 06:04:43 ru Exp $
+.\" $FreeBSD: src/share/man/man5/src.conf.5,v 1.19 2007/10/19 00:16:29 bushman Exp $
 .Dd October 10, 2007
 .Dt SRC.CONF 5
 .Os
@@ -457,7 +457,7 @@
 .Pa nsswitch
 subsystem.
 The generic caching daemon,
-.Xr cached 8 ,
+.Xr nscd 8 ,
 will not be built either if this option is set.
 .It Va WITHOUT_OBJC
 .\" from FreeBSD: src/tools/build/options/WITHOUT_OBJC,v 1.1 2006/03/21 07:50:50 ru Exp
==== //depot/projects/trustedbsd/audit3/sys/amd64/conf/GENERIC#19 (text+ko) ====
@@ -16,7 +16,7 @@
 # If you are in doubt as to the purpose or necessity of a line, check first
 # in NOTES.
 #
-# $FreeBSD: src/sys/amd64/conf/GENERIC,v 1.484 2007/09/26 20:05:06 brueffer Exp $
+# $FreeBSD: src/sys/amd64/conf/GENERIC,v 1.485 2007/10/19 12:30:33 kensmith Exp $
 
 cpu		HAMMER
 ident		GENERIC
@@ -26,7 +26,7 @@
 
 makeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols
 
-options 	SCHED_4BSD		# 4BSD scheduler
+options 	SCHED_ULE		# ULE scheduler
 options 	PREEMPTION		# Enable kernel thread preemption
 options 	INET			# InterNETworking
 options 	INET6			# IPv6 communications protocols
==== //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_denode.c#10 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_denode.c,v 1.97 2007/08/07 03:59:49 bde Exp $ */
+/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_denode.c,v 1.98 2007/10/19 12:23:25 bde Exp $ */
 /*	$NetBSD: msdosfs_denode.c,v 1.28 1998/02/10 14:10:00 mrg Exp $	*/
 
 /*-
@@ -429,7 +429,7 @@
 	if (allerror)
 		printf("detrunc(): vtruncbuf error %d\n", allerror);
 #endif
-	error = deupdat(dep, 1);
+	error = deupdat(dep, !(DETOV(dep)->v_mount->mnt_flag & MNT_ASYNC));
 	if (error != 0 && allerror == 0)
 		allerror = error;
 #ifdef MSDOSFS_DEBUG
@@ -508,7 +508,7 @@
 	}
 	dep->de_FileSize = length;
 	dep->de_flag |= DE_UPDATE | DE_MODIFIED;
-	return (deupdat(dep, 1));
+	return (deupdat(dep, !(DETOV(dep)->v_mount->mnt_flag & MNT_ASYNC)));
 }
 
 /*
==== //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_lookup.c#6 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_lookup.c,v 1.51 2007/08/31 22:29:55 bde Exp $ */
+/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_lookup.c,v 1.52 2007/10/19 12:23:25 bde Exp $ */
 /*	$NetBSD: msdosfs_lookup.c,v 1.37 1997/11/17 15:36:54 ws Exp $	*/
 
 /*-
@@ -625,7 +625,9 @@
 
 		while (--ddep->de_fndcnt >= 0) {
 			if (!(ddep->de_fndoffset & pmp->pm_crbomask)) {
-				if ((error = bwrite(bp)) != 0)
+				if (DETOV(ddep)->v_mount->mnt_flag & MNT_ASYNC)
+					bdwrite(bp);
+				else if ((error = bwrite(bp)) != 0)
 					return error;
 
 				ddep->de_fndoffset -= sizeof(struct direntry);
@@ -653,7 +655,9 @@
 		}
 	}
 
-	if ((error = bwrite(bp)) != 0)
+	if (DETOV(ddep)->v_mount->mnt_flag & MNT_ASYNC)
+		bdwrite(bp);
+	else if ((error = bwrite(bp)) != 0)
 		return error;
 
 	/*
@@ -951,7 +955,9 @@
 			    || ep->deAttributes != ATTR_WIN95)
 				break;
 		}
-		if ((error = bwrite(bp)) != 0)
+		if (DETOV(pdep)->v_mount->mnt_flag & MNT_ASYNC)
+			bdwrite(bp);
+		else if ((error = bwrite(bp)) != 0)
 			return error;
 	} while (!(pmp->pm_flags & MSDOSFSMNT_NOWIN95)
 	    && !(offset & pmp->pm_crbomask)
==== //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_vfsops.c#16 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_vfsops.c,v 1.177 2007/10/18 16:25:47 bde Exp $ */
+/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_vfsops.c,v 1.178 2007/10/19 12:23:25 bde Exp $ */
 /*	$NetBSD: msdosfs_vfsops.c,v 1.51 1997/11/17 15:36:58 ws Exp $	*/
 
 /*-
@@ -76,7 +76,7 @@
 
 /* Mount options that we support. */
 static const char *msdosfs_opts[] = {
-	"noatime", "noclusterr", "noclusterw",
+	"async", "noatime", "noclusterr", "noclusterw",
 	"export", "force", "from", "sync",
 	"cs_dos", "cs_local", "cs_win", "dirmask",
 	"gid", "kiconv", "large", "longname",
==== //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_vnops.c#12 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_vnops.c,v 1.180 2007/10/18 07:26:21 bde Exp $ */
+/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_vnops.c,v 1.181 2007/10/19 12:23:25 bde Exp $ */
 /*	$NetBSD: msdosfs_vnops.c,v 1.68 1998/02/10 14:10:04 mrg Exp $	*/
 
 /*-
@@ -1265,8 +1265,9 @@
 		putushort(dotdotp->deStartCluster, dp->de_StartCluster);
 		if (FAT32(pmp))
 			putushort(dotdotp->deHighClust, dp->de_StartCluster >> 16);
-		error = bwrite(bp);
-		if (error) {
+		if (fvp->v_mount->mnt_flag & MNT_ASYNC)
+			bdwrite(bp);
+		else if ((error = bwrite(bp)) != 0) {
 			/* XXX should downgrade to ro here, fs is corrupt */
 			VOP_UNLOCK(fvp, 0, td);
 			goto bad;
@@ -1390,8 +1391,9 @@
 		putushort(denp[1].deHighClust, pdep->de_StartCluster >> 16);
 	}
 
-	error = bwrite(bp);
-	if (error)
+	if (ap->a_dvp->v_mount->mnt_flag & MNT_ASYNC)
+		bdwrite(bp);
+	else if ((error = bwrite(bp)) != 0)
 		goto bad;
 
 	/*
==== //depot/projects/trustedbsd/audit3/sys/i386/conf/GENERIC#20 (text+ko) ====
@@ -16,7 +16,7 @@
 # If you are in doubt as to the purpose or necessity of a line, check first
 # in NOTES.
 #
-# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474 2007/09/26 20:05:07 brueffer Exp $
+# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.475 2007/10/19 12:30:33 kensmith Exp $
 
 cpu		I486_CPU
 cpu		I586_CPU
@@ -28,7 +28,7 @@
 
 makeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols
 
-options 	SCHED_4BSD		# 4BSD scheduler
+options 	SCHED_ULE		# ULE scheduler
 options 	PREEMPTION		# Enable kernel thread preemption
 options 	INET			# InterNETworking
 options 	INET6			# IPv6 communications protocols
==== //depot/projects/trustedbsd/audit3/sys/netinet/ip.h#5 (text+ko) ====
@@ -28,7 +28,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip.h	8.2 (Berkeley) 6/1/94
- * $FreeBSD: src/sys/netinet/ip.h,v 1.31 2007/05/11 11:00:48 rwatson Exp $
+ * $FreeBSD: src/sys/netinet/ip.h,v 1.32 2007/10/19 12:46:15 rpaulo Exp $
  */
 
 #ifndef _NETINET_IP_H_
@@ -82,11 +82,6 @@
 #define	IPTOS_THROUGHPUT	0x08
 #define	IPTOS_RELIABILITY	0x04
 #define	IPTOS_MINCOST		0x02
-#if 1
-/* ECN RFC3168 obsoletes RFC2481, and these will be deprecated soon. */
-#define	IPTOS_CE		0x01
-#define	IPTOS_ECT		0x02
-#endif
 
 /*
  * Definitions for IP precedence (also in ip_tos) (hopefully unused).
==== //depot/projects/trustedbsd/audit3/sys/netinet/tcp_syncache.c#22 (text+ko) ====
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/netinet/tcp_syncache.c,v 1.130 2007/10/07 20:44:24 silby Exp $");
+__FBSDID("$FreeBSD: src/sys/netinet/tcp_syncache.c,v 1.131 2007/10/19 08:53:14 silby Exp $");
 
 #include "opt_inet.h"
 #include "opt_inet6.h"
@@ -1139,17 +1139,28 @@
 			int wscale = 0;
 
 			/*
-			 * Compute proper scaling value from buffer space.
-			 * Leave enough room for the socket buffer to grow
-			 * with auto sizing.  This allows us to scale the
-			 * receive buffer over a wide range while not losing
-			 * any efficiency or fine granularity.
+			 * Pick the smallest possible scaling factor that
+			 * will still allow us to scale up to sb_max, aka
+			 * kern.ipc.maxsockbuf.
+			 *
+			 * We do this because there are broken firewalls that
+			 * will corrupt the window scale option, leading to
+			 * the other endpoint believing that our advertised
+			 * window is unscaled.  At scale factors larger than
+			 * 5 the unscaled window will drop below 1500 bytes,
+			 * leading to serious problems when traversing these
+			 * broken firewalls.
+			 *
+			 * With the default maxsockbuf of 256K, a scale factor
+			 * of 3 will be chosen by this algorithm.  Those who
+			 * choose a larger maxsockbuf should watch out
+			 * for the compatiblity problems mentioned above.
 			 *
 			 * RFC1323: The Window field in a SYN (i.e., a <SYN>
 			 * or <SYN,ACK>) segment itself is never scaled.
 			 */
 			while (wscale < TCP_MAX_WINSHIFT &&
-			    (0x1 << wscale) < tcp_minmss)
+			    (TCP_MAXWIN << wscale) < sb_max)
 				wscale++;
 			sc->sc_requested_r_scale = wscale;
 			sc->sc_requested_s_scale = to->to_wscale;
==== //depot/projects/trustedbsd/audit3/sys/netinet/tcp_usrreq.c#18 (text+ko) ====
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/netinet/tcp_usrreq.c,v 1.163 2007/10/07 20:44:24 silby Exp $");
+__FBSDID("$FreeBSD: src/sys/netinet/tcp_usrreq.c,v 1.164 2007/10/19 08:53:14 silby Exp $");
 
 #include "opt_ddb.h"
 #include "opt_inet.h"
@@ -1110,10 +1110,9 @@
 	 * Compute window scaling to request:
 	 * Scale to fit into sweet spot.  See tcp_syncache.c.
 	 * XXX: This should move to tcp_output().
-	 * XXX: This should be based on the actual MSS.
 	 */
 	while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
-	    (0x1 << tp->request_r_scale) < tcp_minmss)
+	    (TCP_MAXWIN << tp->request_r_scale) < sb_max)
 		tp->request_r_scale++;
 
 	soisconnecting(so);
==== //depot/projects/trustedbsd/audit3/sys/vm/vm_object.c#19 (text+ko) ====
@@ -63,7 +63,7 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/vm/vm_object.c,v 1.385 2007/09/27 04:21:59 alc Exp $");
+__FBSDID("$FreeBSD: src/sys/vm/vm_object.c,v 1.386 2007/10/18 23:02:18 alc Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -1800,7 +1800,7 @@
 
 	VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
 	if (object->resident_page_count == 0)
-		return;
+		goto skipmemq;
 
 	/*
 	 * Since physically-backed objects do not use managed pages, we can't
@@ -1849,6 +1849,7 @@
 	}
 	vm_page_unlock_queues();
 	vm_object_pip_wakeup(object);
+skipmemq:
 	if (__predict_false(object->cache != NULL))
 		vm_page_cache_free(object, start, end);
 }
==== //depot/projects/trustedbsd/audit3/usr.sbin/adduser/rmuser.sh#3 (text+ko) ====
@@ -24,7 +24,7 @@
 #
 #	Email: Mike Makonnen <mtm at FreeBSD.Org>
 #
-# $FreeBSD: src/usr.sbin/adduser/rmuser.sh,v 1.9 2005/05/24 04:50:07 adamw Exp $
+# $FreeBSD: src/usr.sbin/adduser/rmuser.sh,v 1.10 2007/10/19 07:18:56 mtm Exp $
 #
 
 ATJOBDIR="/var/at/jobs"
@@ -86,10 +86,10 @@
 		    echo -n " mailspool"
 		rm ${MAILSPOOL}/$login
 	fi
-	if [ -f ${MAILSPOOL}/${login}.pop ]; then
-		verbose && echo -n " ${MAILSPOOL}/${login}.pop" ||
+	if [ -f ${MAILSPOOL}/.${login}.pop ]; then
+		verbose && echo -n " ${MAILSPOOL}/.${login}.pop" ||
 		    echo -n " pop3"
-		rm ${MAILSPOOL}/${login}.pop
+		rm ${MAILSPOOL}/.${login}.pop
 	fi
 	verbose && echo '.'
 }
    
    
More information about the p4-projects
mailing list