svn commit: r261548 - in user/ae/inet6: crypto/openssh etc/devd lib/libc/net lib/libstand lib/libvmmapi release/doc/en_US.ISO8859-1/hardware release/doc/share/misc sbin/etherswitchcfg sbin/hastd sb...
Andrey V. Elsukov
ae at FreeBSD.org
Thu Feb 6 11:40:05 UTC 2014
Author: ae
Date: Thu Feb 6 11:40:01 2014
New Revision: 261548
URL: http://svnweb.freebsd.org/changeset/base/261548
Log:
Merge from head/.
Added:
user/ae/inet6/sys/boot/userboot/userboot/biossmap.c
- copied unchanged from r261546, head/sys/boot/userboot/userboot/biossmap.c
user/ae/inet6/sys/dev/ofw/ofwbus.c
- copied unchanged from r261546, head/sys/dev/ofw/ofwbus.c
user/ae/inet6/sys/dev/usb/net/if_urndis.c
- copied unchanged from r261546, head/sys/dev/usb/net/if_urndis.c
user/ae/inet6/sys/dev/usb/net/if_urndisreg.h
- copied unchanged from r261546, head/sys/dev/usb/net/if_urndisreg.h
user/ae/inet6/sys/modules/usb/urndis/
- copied from r261546, head/sys/modules/usb/urndis/
Deleted:
user/ae/inet6/sys/dev/fdt/fdtbus.c
user/ae/inet6/sys/dev/ofw/ofw_nexus.c
user/ae/inet6/sys/dev/ofw/ofw_nexus.h
Modified:
user/ae/inet6/crypto/openssh/sandbox-capsicum.c
user/ae/inet6/etc/devd/usb.conf
user/ae/inet6/lib/libc/net/ip6opt.c
user/ae/inet6/lib/libstand/sbrk.c
user/ae/inet6/lib/libstand/zalloc.c
user/ae/inet6/lib/libstand/zalloc_defs.h
user/ae/inet6/lib/libstand/zalloc_mem.h
user/ae/inet6/lib/libvmmapi/vmmapi.h
user/ae/inet6/lib/libvmmapi/vmmapi_freebsd.c
user/ae/inet6/release/doc/en_US.ISO8859-1/hardware/article.xml
user/ae/inet6/release/doc/share/misc/dev.archlist.txt
user/ae/inet6/sbin/etherswitchcfg/etherswitchcfg.8
user/ae/inet6/sbin/hastd/refcnt.h
user/ae/inet6/sbin/mount_udf/mount_udf.c
user/ae/inet6/sbin/ping/Makefile
user/ae/inet6/sbin/ping/ping.c
user/ae/inet6/share/man/man3/stdarg.3
user/ae/inet6/share/man/man4/Makefile
user/ae/inet6/share/man/man4/mfi.4
user/ae/inet6/sys/amd64/include/vmm.h (contents, props changed)
user/ae/inet6/sys/amd64/include/vmm_instruction_emul.h (contents, props changed)
user/ae/inet6/sys/amd64/vmm/intel/vmx.c
user/ae/inet6/sys/amd64/vmm/vmm.c
user/ae/inet6/sys/amd64/vmm/vmm_instruction_emul.c
user/ae/inet6/sys/arm/arm/nexus.c
user/ae/inet6/sys/arm/broadcom/bcm2835/bcm2835_fb.c
user/ae/inet6/sys/arm/broadcom/bcm2835/bcm2835_fbd.c
user/ae/inet6/sys/arm/freescale/imx/tzic.c
user/ae/inet6/sys/arm/mv/mv_localbus.c
user/ae/inet6/sys/arm/mv/mv_pci.c
user/ae/inet6/sys/boot/common/load_elf32.c
user/ae/inet6/sys/boot/common/load_elf32_obj.c
user/ae/inet6/sys/boot/fdt/dts/bindings-gpio.txt
user/ae/inet6/sys/boot/i386/cdboot/cdboot.S
user/ae/inet6/sys/boot/i386/gptboot/gptboot.8
user/ae/inet6/sys/boot/i386/pxeldr/pxeldr.S
user/ae/inet6/sys/boot/userboot/userboot/Makefile
user/ae/inet6/sys/boot/userboot/userboot/bootinfo32.c
user/ae/inet6/sys/boot/userboot/userboot/bootinfo64.c
user/ae/inet6/sys/boot/userboot/userboot/elf32_freebsd.c
user/ae/inet6/sys/boot/userboot/userboot/libuserboot.h
user/ae/inet6/sys/cam/ctl/ctl_backend_block.c
user/ae/inet6/sys/conf/Makefile.amd64
user/ae/inet6/sys/conf/Makefile.arm
user/ae/inet6/sys/conf/Makefile.i386
user/ae/inet6/sys/conf/Makefile.ia64
user/ae/inet6/sys/conf/Makefile.mips
user/ae/inet6/sys/conf/Makefile.pc98
user/ae/inet6/sys/conf/Makefile.powerpc
user/ae/inet6/sys/conf/Makefile.sparc64
user/ae/inet6/sys/conf/NOTES
user/ae/inet6/sys/conf/files
user/ae/inet6/sys/conf/files.powerpc
user/ae/inet6/sys/dev/cxgbe/adapter.h
user/ae/inet6/sys/dev/cxgbe/common/t4_hw.c
user/ae/inet6/sys/dev/cxgbe/t4_main.c
user/ae/inet6/sys/dev/cxgbe/t4_sge.c
user/ae/inet6/sys/dev/drm2/radeon/r600.c
user/ae/inet6/sys/dev/drm2/radeon/rv770.c
user/ae/inet6/sys/dev/ed/if_ed.c
user/ae/inet6/sys/dev/ed/if_ed_hpp.c
user/ae/inet6/sys/dev/fdt/simplebus.c
user/ae/inet6/sys/dev/isp/isp_library.c
user/ae/inet6/sys/dev/mfi/mfi_pci.c
user/ae/inet6/sys/dev/mfi/mfi_tbolt.c
user/ae/inet6/sys/dev/mfi/mfivar.h
user/ae/inet6/sys/dev/pci/pci.c
user/ae/inet6/sys/dev/pci/pci_pci.c
user/ae/inet6/sys/dev/pci/pci_subr.c
user/ae/inet6/sys/dev/pci/vga_pci.c
user/ae/inet6/sys/dev/powermac_nvram/powermac_nvram.c
user/ae/inet6/sys/dev/re/if_re.c
user/ae/inet6/sys/dev/sound/pci/hda/hdaa_patches.c
user/ae/inet6/sys/dev/sound/pci/hda/hdac.h
user/ae/inet6/sys/dev/usb/usb.h
user/ae/inet6/sys/dev/usb/usb_busdma.c
user/ae/inet6/sys/dev/usb/wlan/if_urtwn.c
user/ae/inet6/sys/dev/watchdog/watchdog.c
user/ae/inet6/sys/kern/kern_ktr.c
user/ae/inet6/sys/kern/kern_rwlock.c
user/ae/inet6/sys/kern/subr_lock.c
user/ae/inet6/sys/kern/subr_sleepqueue.c
user/ae/inet6/sys/kern/subr_smp.c
user/ae/inet6/sys/mips/beri/beri_simplebus.c
user/ae/inet6/sys/mips/mips/nexus.c
user/ae/inet6/sys/modules/usb/Makefile
user/ae/inet6/sys/pci/if_rlreg.h
user/ae/inet6/sys/powerpc/mambo/mambo.c
user/ae/inet6/sys/powerpc/mpc85xx/lbc.c
user/ae/inet6/sys/powerpc/mpc85xx/pci_mpc85xx.c
user/ae/inet6/sys/powerpc/ofw/ofw_cpu.c
user/ae/inet6/sys/powerpc/ofw/openpic_ofw.c
user/ae/inet6/sys/powerpc/powermac/cpcht.c
user/ae/inet6/sys/powerpc/powermac/grackle.c
user/ae/inet6/sys/powerpc/powermac/smu.c
user/ae/inet6/sys/powerpc/powermac/uninorth.c
user/ae/inet6/sys/powerpc/powermac/uninorthpci.c
user/ae/inet6/sys/powerpc/powerpc/nexus.c
user/ae/inet6/sys/powerpc/pseries/rtas_dev.c
user/ae/inet6/sys/powerpc/pseries/rtas_pci.c
user/ae/inet6/sys/powerpc/pseries/vdevice.c
user/ae/inet6/sys/powerpc/pseries/xics.c
user/ae/inet6/sys/powerpc/psim/iobus.c
user/ae/inet6/sys/sys/_rwlock.h
user/ae/inet6/sys/sys/refcount.h
user/ae/inet6/sys/sys/rwlock.h
user/ae/inet6/sys/sys/sleepqueue.h
user/ae/inet6/sys/sys/turnstile.h
user/ae/inet6/sys/x86/acpica/madt.c
user/ae/inet6/sys/x86/include/apicvar.h
user/ae/inet6/sys/x86/isa/atpic.c
user/ae/inet6/sys/x86/isa/elcr.c
user/ae/inet6/sys/x86/x86/intr_machdep.c
user/ae/inet6/sys/x86/x86/io_apic.c
user/ae/inet6/sys/x86/x86/local_apic.c
user/ae/inet6/sys/x86/x86/mptable_pci.c
user/ae/inet6/tools/build/mk/OptionalObsoleteFiles.inc
user/ae/inet6/tools/tools/cxgbetool/cxgbetool.c
user/ae/inet6/usr.bin/netstat/inet.c
user/ae/inet6/usr.bin/nfsstat/nfsstat.c
user/ae/inet6/usr.sbin/bhyveload/bhyveload.c
user/ae/inet6/usr.sbin/config/configvers.h
user/ae/inet6/usr.sbin/config/mkmakefile.c
user/ae/inet6/usr.sbin/pwd_mkdb/pwd_mkdb.8
Directory Properties:
user/ae/inet6/ (props changed)
user/ae/inet6/crypto/openssh/ (props changed)
user/ae/inet6/etc/ (props changed)
user/ae/inet6/lib/libc/ (props changed)
user/ae/inet6/lib/libvmmapi/ (props changed)
user/ae/inet6/sbin/ (props changed)
user/ae/inet6/share/man/man4/ (props changed)
user/ae/inet6/sys/ (props changed)
user/ae/inet6/sys/amd64/vmm/ (props changed)
user/ae/inet6/sys/boot/ (props changed)
user/ae/inet6/sys/conf/ (props changed)
user/ae/inet6/usr.sbin/bhyveload/ (props changed)
user/ae/inet6/usr.sbin/jail/ (props changed)
Modified: user/ae/inet6/crypto/openssh/sandbox-capsicum.c
==============================================================================
--- user/ae/inet6/crypto/openssh/sandbox-capsicum.c Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/crypto/openssh/sandbox-capsicum.c Thu Feb 6 11:40:01 2014 (r261548)
@@ -94,10 +94,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo
fatal("can't limit stderr: %m");
cap_rights_init(&rights, CAP_READ, CAP_WRITE);
- if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1)
+ if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1 &&
+ errno != ENOSYS)
fatal("%s: failed to limit the network socket", __func__);
cap_rights_init(&rights, CAP_WRITE);
- if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1)
+ if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1 &&
+ errno != ENOSYS)
fatal("%s: failed to limit the logging socket", __func__);
if (cap_enter() < 0 && errno != ENOSYS)
fatal("%s: failed to enter capability mode", __func__);
Modified: user/ae/inet6/etc/devd/usb.conf
==============================================================================
--- user/ae/inet6/etc/devd/usb.conf Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/etc/devd/usb.conf Thu Feb 6 11:40:01 2014 (r261548)
@@ -5313,6 +5313,24 @@ nomatch 32 {
nomatch 32 {
match "bus" "uhub[0-9]+";
match "mode" "host";
+ match "intclass" "0xe0";
+ match "intsubclass" "0x01";
+ match "intprotocol" "0x03";
+ action "kldload -n if_urndis";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0xef";
+ match "intsubclass" "0x01";
+ match "intprotocol" "0x01";
+ action "kldload -n if_urndis";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
match "intclass" "0xff";
match "intsubclass" "0x5d";
match "intprotocol" "0x01";
@@ -5381,5 +5399,5 @@ nomatch 32 {
action "kldload -n umass";
};
-# 2619 USB entries processed
+# 2621 USB entries processed
Modified: user/ae/inet6/lib/libc/net/ip6opt.c
==============================================================================
--- user/ae/inet6/lib/libc/net/ip6opt.c Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/lib/libc/net/ip6opt.c Thu Feb 6 11:40:01 2014 (r261548)
@@ -382,7 +382,7 @@ inet6_opt_init(void *extbuf, socklen_t e
struct ip6_ext *ext = (struct ip6_ext *)extbuf;
if (ext) {
- if (extlen == 0 || (extlen % 8))
+ if (extlen <= 0 || (extlen % 8))
return(-1);
ext->ip6e_len = (extlen >> 3) - 1;
}
Modified: user/ae/inet6/lib/libstand/sbrk.c
==============================================================================
--- user/ae/inet6/lib/libstand/sbrk.c Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/lib/libstand/sbrk.c Thu Feb 6 11:40:01 2014 (r261548)
@@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$");
#include <string.h>
#include "stand.h"
+#include "zalloc_defs.h"
static size_t maxheap, heapsize = 0;
static void *heapbase;
@@ -40,8 +41,9 @@ static void *heapbase;
void
setheap(void *base, void *top)
{
- /* Align start address to 16 bytes for the malloc code. Sigh. */
- heapbase = (void *)(((uintptr_t)base + 15) & ~15);
+ /* Align start address for the malloc code. Sigh. */
+ heapbase = (void *)(((uintptr_t)base + MALLOCALIGN_MASK) &
+ ~MALLOCALIGN_MASK);
maxheap = (char *)top - (char *)heapbase;
}
Modified: user/ae/inet6/lib/libstand/zalloc.c
==============================================================================
--- user/ae/inet6/lib/libstand/zalloc.c Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/lib/libstand/zalloc.c Thu Feb 6 11:40:01 2014 (r261548)
@@ -71,6 +71,15 @@ __FBSDID("$FreeBSD$");
#include "zalloc_defs.h"
/*
+ * Objects in the pool must be aligned to at least the size of struct MemNode.
+ * They must also be aligned to MALLOCALIGN, which should normally be larger
+ * than the struct, so assert that to be so at compile time.
+ */
+typedef char assert_align[(sizeof(struct MemNode) <= MALLOCALIGN) ? 1 : -1];
+
+#define MEMNODE_SIZE_MASK MALLOCALIGN_MASK
+
+/*
* znalloc() - allocate memory (without zeroing) from pool. Call reclaim
* and retry if appropriate, return NULL if unable to allocate
* memory.
Modified: user/ae/inet6/lib/libstand/zalloc_defs.h
==============================================================================
--- user/ae/inet6/lib/libstand/zalloc_defs.h Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/lib/libstand/zalloc_defs.h Thu Feb 6 11:40:01 2014 (r261548)
@@ -52,18 +52,26 @@
#define BLKEXTENDMASK (BLKEXTEND - 1)
/*
- * required malloc alignment. Just hardwire to 16.
+ * Required malloc alignment.
*
- * Note: if we implement a more sophisticated realloc, we should ensure that
- * MALLOCALIGN is at least as large as MemNode.
+ * Embedded platforms using the u-boot API drivers require that all I/O buffers
+ * be on a cache line sized boundary. The worst case size for that is 64 bytes.
+ * For other platforms, 16 bytes works fine. The alignment also must be at
+ * least sizeof(struct MemNode); this is asserted in zalloc.c.
*/
+#if defined(__arm__) || defined(__mips__) || defined(__powerpc__)
+#define MALLOCALIGN 64
+#else
+#define MALLOCALIGN 16
+#endif
+#define MALLOCALIGN_MASK (MALLOCALIGN - 1)
+
typedef struct Guard {
size_t ga_Bytes;
size_t ga_Magic; /* must be at least 32 bits */
} Guard;
-#define MALLOCALIGN 16
#define GAMAGIC 0x55FF44FD
#define GAFREE 0x5F54F4DF
Modified: user/ae/inet6/lib/libstand/zalloc_mem.h
==============================================================================
--- user/ae/inet6/lib/libstand/zalloc_mem.h Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/lib/libstand/zalloc_mem.h Thu Feb 6 11:40:01 2014 (r261548)
@@ -48,8 +48,6 @@ typedef struct MemPool {
uintptr_t mp_Used;
} MemPool;
-#define MEMNODE_SIZE_MASK ((sizeof(MemNode) <= 8) ? 7 : 15)
-
#define ZNOTE_FREE 0
#define ZNOTE_REUSE 1
Modified: user/ae/inet6/lib/libvmmapi/vmmapi.h
==============================================================================
--- user/ae/inet6/lib/libvmmapi/vmmapi.h Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/lib/libvmmapi/vmmapi.h Thu Feb 6 11:40:01 2014 (r261548)
@@ -111,5 +111,8 @@ int vcpu_reset(struct vmctx *ctx, int vc
int vm_setup_freebsd_registers(struct vmctx *ctx, int vcpu,
uint64_t rip, uint64_t cr3, uint64_t gdtbase,
uint64_t rsp);
+int vm_setup_freebsd_registers_i386(struct vmctx *vmctx, int vcpu,
+ uint32_t eip, uint32_t gdtbase,
+ uint32_t esp);
void vm_setup_freebsd_gdt(uint64_t *gdtr);
#endif /* _VMMAPI_H_ */
Modified: user/ae/inet6/lib/libvmmapi/vmmapi_freebsd.c
==============================================================================
--- user/ae/inet6/lib/libvmmapi/vmmapi_freebsd.c Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/lib/libvmmapi/vmmapi_freebsd.c Thu Feb 6 11:40:01 2014 (r261548)
@@ -35,14 +35,176 @@ __FBSDID("$FreeBSD$");
#include <machine/segments.h>
#include <machine/vmm.h>
+#include <errno.h>
+#include <string.h>
+
#include "vmmapi.h"
+#define I386_TSS_SIZE 104
+
+#define DESC_PRESENT 0x00000080
+#define DESC_LONGMODE 0x00002000
+#define DESC_DEF32 0x00004000
+#define DESC_GRAN 0x00008000
#define DESC_UNUSABLE 0x00010000
#define GUEST_NULL_SEL 0
#define GUEST_CODE_SEL 1
#define GUEST_DATA_SEL 2
-#define GUEST_GDTR_LIMIT (3 * 8 - 1)
+#define GUEST_TSS_SEL 3
+#define GUEST_GDTR_LIMIT64 (3 * 8 - 1)
+
+static struct segment_descriptor i386_gdt[] = {
+ {}, /* NULL */
+ { .sd_lolimit = 0xffff, .sd_type = SDT_MEMER, /* CODE */
+ .sd_p = 1, .sd_hilimit = 0xf, .sd_def32 = 1, .sd_gran = 1 },
+ { .sd_lolimit = 0xffff, .sd_type = SDT_MEMRW, /* DATA */
+ .sd_p = 1, .sd_hilimit = 0xf, .sd_def32 = 1, .sd_gran = 1 },
+ { .sd_lolimit = I386_TSS_SIZE - 1, /* TSS */
+ .sd_type = SDT_SYS386TSS, .sd_p = 1 }
+};
+
+/*
+ * Setup the 'vcpu' register set such that it will begin execution at
+ * 'eip' in flat mode.
+ */
+int
+vm_setup_freebsd_registers_i386(struct vmctx *vmctx, int vcpu, uint32_t eip,
+ uint32_t gdtbase, uint32_t esp)
+{
+ uint64_t cr0, rflags, desc_base;
+ uint32_t desc_access, desc_limit, tssbase;
+ uint16_t gsel;
+ struct segment_descriptor *gdt;
+ int error, tmp;
+
+ /* A 32-bit guest requires unrestricted mode. */
+ error = vm_get_capability(vmctx, vcpu, VM_CAP_UNRESTRICTED_GUEST, &tmp);
+ if (error)
+ goto done;
+ error = vm_set_capability(vmctx, vcpu, VM_CAP_UNRESTRICTED_GUEST, 1);
+ if (error)
+ goto done;
+
+ cr0 = CR0_PE | CR0_NE;
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_CR0, cr0)) != 0)
+ goto done;
+
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_CR4, 0)) != 0)
+ goto done;
+
+ /*
+ * Forcing EFER to 0 causes bhyve to clear the "IA-32e guest
+ * mode" entry control.
+ */
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_EFER, 0)))
+ goto done;
+
+ gdt = vm_map_gpa(vmctx, gdtbase, 0x1000);
+ if (gdt == NULL)
+ return (EFAULT);
+ memcpy(gdt, i386_gdt, sizeof(i386_gdt));
+ desc_base = gdtbase;
+ desc_limit = sizeof(i386_gdt) - 1;
+ error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_GDTR,
+ desc_base, desc_limit, 0);
+ if (error != 0)
+ goto done;
+
+ /* Place the TSS one page above the GDT. */
+ tssbase = gdtbase + 0x1000;
+ gdt[3].sd_lobase = tssbase;
+
+ rflags = 0x2;
+ error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_RFLAGS, rflags);
+ if (error)
+ goto done;
+
+ desc_base = 0;
+ desc_limit = 0xffffffff;
+ desc_access = DESC_GRAN | DESC_DEF32 | DESC_PRESENT | SDT_MEMERA;
+ error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_CS,
+ desc_base, desc_limit, desc_access);
+
+ desc_access = DESC_GRAN | DESC_DEF32 | DESC_PRESENT | SDT_MEMRWA;
+ error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_DS,
+ desc_base, desc_limit, desc_access);
+ if (error)
+ goto done;
+
+ error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_ES,
+ desc_base, desc_limit, desc_access);
+ if (error)
+ goto done;
+
+ error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_FS,
+ desc_base, desc_limit, desc_access);
+ if (error)
+ goto done;
+
+ error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_GS,
+ desc_base, desc_limit, desc_access);
+ if (error)
+ goto done;
+
+ error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_SS,
+ desc_base, desc_limit, desc_access);
+ if (error)
+ goto done;
+
+ desc_base = tssbase;
+ desc_limit = I386_TSS_SIZE - 1;
+ desc_access = DESC_PRESENT | SDT_SYS386BSY;
+ error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_TR,
+ desc_base, desc_limit, desc_access);
+ if (error)
+ goto done;
+
+
+ error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_LDTR, 0, 0,
+ DESC_UNUSABLE);
+ if (error)
+ goto done;
+
+ gsel = GSEL(GUEST_CODE_SEL, SEL_KPL);
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_CS, gsel)) != 0)
+ goto done;
+
+ gsel = GSEL(GUEST_DATA_SEL, SEL_KPL);
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_DS, gsel)) != 0)
+ goto done;
+
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_ES, gsel)) != 0)
+ goto done;
+
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_FS, gsel)) != 0)
+ goto done;
+
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_GS, gsel)) != 0)
+ goto done;
+
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_SS, gsel)) != 0)
+ goto done;
+
+ gsel = GSEL(GUEST_TSS_SEL, SEL_KPL);
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_TR, gsel)) != 0)
+ goto done;
+
+ /* LDTR is pointing to the null selector */
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_LDTR, 0)) != 0)
+ goto done;
+
+ /* entry point */
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_RIP, eip)) != 0)
+ goto done;
+
+ if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_RSP, esp)) != 0)
+ goto done;
+
+ error = 0;
+done:
+ return (error);
+}
void
vm_setup_freebsd_gdt(uint64_t *gdtr)
@@ -168,7 +330,7 @@ vm_setup_freebsd_registers(struct vmctx
goto done;
desc_base = gdtbase;
- desc_limit = GUEST_GDTR_LIMIT;
+ desc_limit = GUEST_GDTR_LIMIT64;
error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_GDTR,
desc_base, desc_limit, 0);
if (error != 0)
Modified: user/ae/inet6/release/doc/en_US.ISO8859-1/hardware/article.xml
==============================================================================
--- user/ae/inet6/release/doc/en_US.ISO8859-1/hardware/article.xml Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/release/doc/en_US.ISO8859-1/hardware/article.xml Thu Feb 6 11:40:01 2014 (r261548)
@@ -893,6 +893,10 @@
&hwlist.qlxgb;
+ &hwlist.qlxgbe;
+
+ &hwlist.qlxge;
+
&hwlist.re;
&hwlist.rl;
Modified: user/ae/inet6/release/doc/share/misc/dev.archlist.txt
==============================================================================
--- user/ae/inet6/release/doc/share/misc/dev.archlist.txt Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/release/doc/share/misc/dev.archlist.txt Thu Feb 6 11:40:01 2014 (r261548)
@@ -105,6 +105,8 @@ oltr i386
pcn i386,pc98,ia64,amd64
pst i386
qlxgb amd64
+qlxgbe amd64
+qlxge amd64
rc i386
ral i386,amd64
rue i386,pc98,amd64
Modified: user/ae/inet6/sbin/etherswitchcfg/etherswitchcfg.8
==============================================================================
--- user/ae/inet6/sbin/etherswitchcfg/etherswitchcfg.8 Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/sbin/etherswitchcfg/etherswitchcfg.8 Thu Feb 6 11:40:01 2014 (r261548)
@@ -1,4 +1,29 @@
+.\" Copyright (c) 2011-2012 Stefan Bethke.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
.\" $FreeBSD$
+.\"
.Dd September 20, 2013
.Dt ETHERSWITCHCFG 8
.Os
@@ -35,13 +60,14 @@ The
utility is used to configure an Ethernet switch built into the system.
.Nm
accepts a number of options:
+.Pp
.Bl -tag -width ".Fl f" -compact
.It Fl "f control file"
Specifies the
.Xr etherswitch 4
control file that represents the switch to be configured.
It defaults to
-.Li /dev/etherswitch0 .
+.Pa /dev/etherswitch0 .
.It Fl m
When reporting port information, also list available media options for
that port.
@@ -54,6 +80,7 @@ options are omitted.
The config command provides access to global switch configuration
parameters.
It support the following commands:
+.Pp
.Bl -tag -width ".Ar vlan_mode mode" -compact
.It Ar vlan_mode mode
Sets the switch VLAN mode (depends on the hardware).
@@ -74,6 +101,7 @@ To set the register value, use the form
.Ss port
The port command selects one of the ports of the switch.
It supports the following commands:
+.Pp
.Bl -tag -width ".Ar pvid number" -compact
.It Ar pvid number
Sets the default port VID that is used to process incoming frames that are not tagged.
@@ -88,8 +116,10 @@ for details on
and
.Ar mediaopt .
.El
+.Pp
And the following flags (please note that not all flags
-are supporterd by all switch drivers):
+are supported by all switch drivers):
+.Pp
.Bl -tag -width ".Ar addtag" -compact
.It Ar addtag
Add VLAN tag to each packet sent by the port.
@@ -100,7 +130,7 @@ Strip the VLAN tags from the packets sen
.It Ar -striptag
Disable the strip VLAN tag option.
.It Ar firstlock
-This options makes the switch port lock on the first MAC address it seems.
+This options makes the switch port lock on the first MAC address it sees.
After that, usually you need to reset the switch to learn different
MAC addresses.
.It Ar -firstlock
@@ -125,6 +155,7 @@ The reg command provides access to the r
.Ss vlangroup
The vlangroup command selects one of the VLAN groups for configuration.
It supports the following commands:
+.Pp
.Bl -tag -width ".Ar vlangroup" -compact
.It Ar vlan VID
Sets the VLAN ID (802.1q VID) for this VLAN group.
@@ -142,13 +173,14 @@ to indicate that frames on this port are
.Sh FILES
.Bl -tag -width /dev/etherswitch? -compact
.It Pa /dev/etherswitch?
-Control file for the ethernet switch driver.
+Control file for the Ethernet switch driver.
.El
.Sh EXAMPLES
Configure VLAN group 1 with a VID of 2 and make ports 0 and 5 its members
while excluding all other ports.
Port 5 will send and receive tagged frames while port 0 will be untagged.
Incoming untagged frames on port 0 are assigned to vlangroup1.
+.Pp
.Dl # etherswitchcfg vlangroup1 vlan 2 members 0,5t port0 pvid 2
.Sh SEE ALSO
.Xr etherswitch 4
Modified: user/ae/inet6/sbin/hastd/refcnt.h
==============================================================================
--- user/ae/inet6/sbin/hastd/refcnt.h Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/sbin/hastd/refcnt.h Thu Feb 6 11:40:01 2014 (r261548)
@@ -10,9 +10,6 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the author nor the names of any co-contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
Modified: user/ae/inet6/sbin/mount_udf/mount_udf.c
==============================================================================
--- user/ae/inet6/sbin/mount_udf/mount_udf.c Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/sbin/mount_udf/mount_udf.c Thu Feb 6 11:40:01 2014 (r261548)
@@ -77,9 +77,9 @@ main(int argc, char **argv)
char fstype[] = "udf";
struct iovec *iov;
char *cs_disk, *cs_local, *dev, *dir;
- int ch, i, iovlen, mntflags, udf_flags, verbose;
+ int ch, iovlen, mntflags, udf_flags, verbose;
- i = iovlen = mntflags = udf_flags = verbose = 0;
+ iovlen = mntflags = udf_flags = verbose = 0;
cs_disk = cs_local = NULL;
iov = NULL;
while ((ch = getopt(argc, argv, "o:vC:")) != -1)
@@ -129,7 +129,7 @@ main(int argc, char **argv)
build_iovec(&iov, &iovlen, "cs_disk", cs_disk, (size_t)-1);
build_iovec(&iov, &iovlen, "cs_local", cs_local, (size_t)-1);
}
- if (nmount(iov, i, mntflags) < 0)
+ if (nmount(iov, iovlen, mntflags) < 0)
err(1, "%s", dev);
exit(0);
}
Modified: user/ae/inet6/sbin/ping/Makefile
==============================================================================
--- user/ae/inet6/sbin/ping/Makefile Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/sbin/ping/Makefile Thu Feb 6 11:40:01 2014 (r261548)
@@ -1,6 +1,8 @@
# @(#)Makefile 8.1 (Berkeley) 6/5/93
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ping
MAN= ping.8
BINOWN= root
@@ -9,6 +11,12 @@ WARNS?= 2
DPADD= ${LIBM}
LDADD= -lm
+.if ${MK_CASPER} != "no" && !defined(RESCUE)
+DPADD+= ${LIBCAPSICUM}
+LDADD+= -lcapsicum
+CFLAGS+=-DHAVE_LIBCAPSICUM
+.endif
+
.if !defined(RELEASE_CRUNCH)
CFLAGS+=-DIPSEC
DPADD+= ${LIBIPSEC}
Modified: user/ae/inet6/sbin/ping/ping.c
==============================================================================
--- user/ae/inet6/sbin/ping/ping.c Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/sbin/ping/ping.c Thu Feb 6 11:40:01 2014 (r261548)
@@ -63,6 +63,7 @@ __FBSDID("$FreeBSD$");
*/
#include <sys/param.h> /* NB: we rely on this for <sys/types.h> */
+#include <sys/capability.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <sys/time.h>
@@ -74,6 +75,11 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_icmp.h>
#include <netinet/ip_var.h>
#include <arpa/inet.h>
+#ifdef HAVE_LIBCAPSICUM
+#include <libcapsicum.h>
+#include <libcapsicum_dns.h>
+#include <libcapsicum_service.h>
+#endif
#ifdef IPSEC
#include <netipsec/ipsec.h>
@@ -157,7 +163,8 @@ char rcvd_tbl[MAX_DUP_CHK / 8];
struct sockaddr_in whereto; /* who to ping */
int datalen = DEFDATALEN;
int maxpayload;
-int s; /* socket file descriptor */
+int ssend; /* send socket file descriptor */
+int srecv; /* receive socket file descriptor */
u_char outpackhdr[IP_MAXPACKET], *outpack;
char BBELL = '\a'; /* characters written for MISSED and AUDIBLE */
char BSPACE = '\b'; /* characters written for flood */
@@ -197,8 +204,15 @@ double tsumsq = 0.0; /* sum of all time
volatile sig_atomic_t finish_up; /* nonzero if we've been told to finish up */
volatile sig_atomic_t siginfo_p;
+#ifdef HAVE_LIBCAPSICUM
+static cap_channel_t *capdns;
+#endif
+
static void fill(char *, char *);
static u_short in_cksum(u_short *, int);
+#ifdef HAVE_LIBCAPSICUM
+static cap_channel_t *capdns_setup(void);
+#endif
static void check_status(void);
static void finish(void) __dead2;
static void pinger(void);
@@ -233,8 +247,8 @@ main(int argc, char *const *argv)
struct sockaddr_in *to;
double t;
u_long alarmtimeout, ultmp;
- int almost_done, ch, df, hold, i, icmp_len, mib[4], preload, sockerrno,
- tos, ttl;
+ int almost_done, ch, df, hold, i, icmp_len, mib[4], preload;
+ int ssend_errno, srecv_errno, tos, ttl;
char ctrl[CMSG_SPACE(sizeof(struct timeval))];
char hnamebuf[MAXHOSTNAMELEN], snamebuf[MAXHOSTNAMELEN];
#ifdef IP_OPTIONS
@@ -246,14 +260,26 @@ main(int argc, char *const *argv)
#ifdef IPSEC_POLICY_IPSEC
policy_in = policy_out = NULL;
#endif
+ cap_rights_t rights;
+ bool cansandbox;
/*
* Do the stuff that we need root priv's for *first*, and
* then drop our setuid bit. Save error reporting for
* after arg parsing.
+ *
+ * Historicaly ping was using one socket 's' for sending and for
+ * receiving. After capsicum(4) related changes we use two
+ * sockets. It was done for special ping use case - when user
+ * issue ping on multicast or broadcast address replies come
+ * from different addresses, not from the address we
+ * connect(2)'ed to, and send socket do not receive those
+ * packets.
*/
- s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
- sockerrno = errno;
+ ssend = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+ ssend_errno = errno;
+ srecv = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+ srecv_errno = errno;
if (setuid(getuid()) != 0)
err(EX_NOPERM, "setuid() failed");
@@ -527,13 +553,22 @@ main(int argc, char *const *argv)
if (options & F_PINGFILLED) {
fill((char *)datap, payload);
}
+#ifdef HAVE_LIBCAPSICUM
+ capdns = capdns_setup();
+#endif
if (source) {
bzero((char *)&sock_in, sizeof(sock_in));
sock_in.sin_family = AF_INET;
if (inet_aton(source, &sock_in.sin_addr) != 0) {
shostname = source;
} else {
- hp = gethostbyname2(source, AF_INET);
+#ifdef HAVE_LIBCAPSICUM
+ if (capdns != NULL)
+ hp = cap_gethostbyname2(capdns, source,
+ AF_INET);
+ else
+#endif
+ hp = gethostbyname2(source, AF_INET);
if (!hp)
errx(EX_NOHOST, "cannot resolve %s: %s",
source, hstrerror(h_errno));
@@ -549,7 +584,8 @@ main(int argc, char *const *argv)
snamebuf[sizeof(snamebuf) - 1] = '\0';
shostname = snamebuf;
}
- if (bind(s, (struct sockaddr *)&sock_in, sizeof sock_in) == -1)
+ if (bind(ssend, (struct sockaddr *)&sock_in, sizeof sock_in) ==
+ -1)
err(1, "bind");
}
@@ -560,7 +596,12 @@ main(int argc, char *const *argv)
if (inet_aton(target, &to->sin_addr) != 0) {
hostname = target;
} else {
- hp = gethostbyname2(target, AF_INET);
+#ifdef HAVE_LIBCAPSICUM
+ if (capdns != NULL)
+ hp = cap_gethostbyname2(capdns, target, AF_INET);
+ else
+#endif
+ hp = gethostbyname2(target, AF_INET);
if (!hp)
errx(EX_NOHOST, "cannot resolve %s: %s",
target, hstrerror(h_errno));
@@ -573,6 +614,30 @@ main(int argc, char *const *argv)
hostname = hnamebuf;
}
+#ifdef HAVE_LIBCAPSICUM
+ /* From now on we will use only reverse DNS lookups. */
+ if (capdns != NULL) {
+ const char *types[1];
+
+ types[0] = "ADDR";
+ if (cap_dns_type_limit(capdns, types, 1) < 0)
+ err(1, "unable to limit access to system.dns service");
+ }
+#endif
+
+ if (ssend < 0) {
+ errno = ssend_errno;
+ err(EX_OSERR, "ssend socket");
+ }
+
+ if (srecv < 0) {
+ errno = srecv_errno;
+ err(EX_OSERR, "srecv socket");
+ }
+
+ if (connect(ssend, (struct sockaddr *)&whereto, sizeof(whereto)) != 0)
+ err(1, "connect");
+
if (options & F_FLOOD && options & F_INTERVAL)
errx(EX_USAGE, "-f and -i: incompatible options");
@@ -593,16 +658,15 @@ main(int argc, char *const *argv)
ident = getpid() & 0xFFFF;
- if (s < 0) {
- errno = sockerrno;
- err(EX_OSERR, "socket");
- }
hold = 1;
- if (options & F_SO_DEBUG)
- (void)setsockopt(s, SOL_SOCKET, SO_DEBUG, (char *)&hold,
+ if (options & F_SO_DEBUG) {
+ (void)setsockopt(ssend, SOL_SOCKET, SO_DEBUG, (char *)&hold,
sizeof(hold));
+ (void)setsockopt(srecv, SOL_SOCKET, SO_DEBUG, (char *)&hold,
+ sizeof(hold));
+ }
if (options & F_SO_DONTROUTE)
- (void)setsockopt(s, SOL_SOCKET, SO_DONTROUTE, (char *)&hold,
+ (void)setsockopt(ssend, SOL_SOCKET, SO_DONTROUTE, (char *)&hold,
sizeof(hold));
#ifdef IPSEC
#ifdef IPSEC_POLICY_IPSEC
@@ -612,7 +676,7 @@ main(int argc, char *const *argv)
buf = ipsec_set_policy(policy_in, strlen(policy_in));
if (buf == NULL)
errx(EX_CONFIG, "%s", ipsec_strerror());
- if (setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY,
+ if (setsockopt(srecv, IPPROTO_IP, IP_IPSEC_POLICY,
buf, ipsec_get_policylen(buf)) < 0)
err(EX_CONFIG,
"ipsec policy cannot be configured");
@@ -623,7 +687,7 @@ main(int argc, char *const *argv)
buf = ipsec_set_policy(policy_out, strlen(policy_out));
if (buf == NULL)
errx(EX_CONFIG, "%s", ipsec_strerror());
- if (setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY,
+ if (setsockopt(ssend, IPPROTO_IP, IP_IPSEC_POLICY,
buf, ipsec_get_policylen(buf)) < 0)
err(EX_CONFIG,
"ipsec policy cannot be configured");
@@ -644,7 +708,7 @@ main(int argc, char *const *argv)
if (sysctl(mib, 4, &ttl, &sz, NULL, 0) == -1)
err(1, "sysctl(net.inet.ip.ttl)");
}
- setsockopt(s, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold));
+ setsockopt(ssend, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold));
ip->ip_v = IPVERSION;
ip->ip_hl = sizeof(struct ip) >> 2;
ip->ip_tos = tos;
@@ -655,6 +719,35 @@ main(int argc, char *const *argv)
ip->ip_src.s_addr = source ? sock_in.sin_addr.s_addr : INADDR_ANY;
ip->ip_dst = to->sin_addr;
}
+
+ if (options & F_NUMERIC)
+ cansandbox = true;
+#ifdef HAVE_LIBCAPSICUM
+ else if (capdns != NULL)
+ cansandbox = true;
+#endif
+ else
+ cansandbox = false;
+
+ /*
+ * Here we enter capability mode. Further down access to global
+ * namespaces (e.g filesystem) is restricted (see capsicum(4)).
+ * We must connect(2) our socket before this point.
+ */
+ if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
+ err(1, "cap_enter");
+
+ if (cap_sandboxed())
+ fprintf(stderr, "capability mode sandbox enabled\n");
+
+ cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT);
+ if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS)
+ err(1, "cap_rights_limit srecv");
+
+ cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT);
+ if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS)
+ err(1, "cap_rights_limit ssend");
+
/* record route option */
if (options & F_RROUTE) {
#ifdef IP_OPTIONS
@@ -663,7 +756,7 @@ main(int argc, char *const *argv)
rspace[IPOPT_OLEN] = sizeof(rspace) - 1;
rspace[IPOPT_OFFSET] = IPOPT_MINOFF;
rspace[sizeof(rspace) - 1] = IPOPT_EOL;
- if (setsockopt(s, IPPROTO_IP, IP_OPTIONS, rspace,
+ if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace,
sizeof(rspace)) < 0)
err(EX_OSERR, "setsockopt IP_OPTIONS");
#else
@@ -673,32 +766,32 @@ main(int argc, char *const *argv)
}
if (options & F_TTL) {
- if (setsockopt(s, IPPROTO_IP, IP_TTL, &ttl,
+ if (setsockopt(ssend, IPPROTO_IP, IP_TTL, &ttl,
sizeof(ttl)) < 0) {
err(EX_OSERR, "setsockopt IP_TTL");
}
}
if (options & F_NOLOOP) {
- if (setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP, &loop,
+ if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_LOOP, &loop,
sizeof(loop)) < 0) {
err(EX_OSERR, "setsockopt IP_MULTICAST_LOOP");
}
}
if (options & F_MTTL) {
- if (setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL, &mttl,
+ if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_TTL, &mttl,
sizeof(mttl)) < 0) {
err(EX_OSERR, "setsockopt IP_MULTICAST_TTL");
}
}
if (options & F_MIF) {
- if (setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr,
+ if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr,
sizeof(ifaddr)) < 0) {
err(EX_OSERR, "setsockopt IP_MULTICAST_IF");
}
}
#ifdef SO_TIMESTAMP
{ int on = 1;
- if (setsockopt(s, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)) < 0)
+ if (setsockopt(srecv, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)) < 0)
err(EX_OSERR, "setsockopt SO_TIMESTAMP");
}
#endif
@@ -733,11 +826,19 @@ main(int argc, char *const *argv)
* as well.
*/
hold = IP_MAXPACKET + 128;
- (void)setsockopt(s, SOL_SOCKET, SO_RCVBUF, (char *)&hold,
+ (void)setsockopt(srecv, SOL_SOCKET, SO_RCVBUF, (char *)&hold,
sizeof(hold));
+ /* CAP_SETSOCKOPT removed */
+ cap_rights_init(&rights, CAP_RECV, CAP_EVENT);
+ if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS)
+ err(1, "cap_rights_limit srecv setsockopt");
if (uid == 0)
- (void)setsockopt(s, SOL_SOCKET, SO_SNDBUF, (char *)&hold,
+ (void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold,
sizeof(hold));
+ /* CAP_SETSOCKOPT removed */
+ cap_rights_init(&rights, CAP_SEND);
+ if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS)
+ err(1, "cap_rights_limit ssend setsockopt");
if (to->sin_family == AF_INET) {
(void)printf("PING %s (%s)", hostname,
@@ -817,10 +918,10 @@ main(int argc, char *const *argv)
int cc, n;
check_status();
- if ((unsigned)s >= FD_SETSIZE)
+ if ((unsigned)srecv >= FD_SETSIZE)
errx(EX_OSERR, "descriptor too large");
FD_ZERO(&rfds);
- FD_SET(s, &rfds);
+ FD_SET(srecv, &rfds);
(void)gettimeofday(&now, NULL);
timeout.tv_sec = last.tv_sec + intvl.tv_sec - now.tv_sec;
timeout.tv_usec = last.tv_usec + intvl.tv_usec - now.tv_usec;
@@ -834,7 +935,7 @@ main(int argc, char *const *argv)
}
if (timeout.tv_sec < 0)
timerclear(&timeout);
- n = select(s + 1, &rfds, NULL, NULL, &timeout);
+ n = select(srecv + 1, &rfds, NULL, NULL, &timeout);
if (n < 0)
continue; /* Must be EINTR. */
if (n == 1) {
@@ -845,7 +946,7 @@ main(int argc, char *const *argv)
msg.msg_controllen = sizeof(ctrl);
#endif
msg.msg_namelen = sizeof(from);
- if ((cc = recvmsg(s, &msg, 0)) < 0) {
+ if ((cc = recvmsg(srecv, &msg, 0)) < 0) {
if (errno == EINTR)
continue;
warn("recvmsg");
@@ -981,9 +1082,7 @@ pinger(void)
ip->ip_sum = in_cksum((u_short *)outpackhdr, cc);
packet = outpackhdr;
}
- i = sendto(s, (char *)packet, cc, 0, (struct sockaddr *)&whereto,
- sizeof(whereto));
-
+ i = send(ssend, (char *)packet, cc, 0);
if (i < 0 || i != cc) {
if (i < 0) {
if (options & F_FLOOD && errno == ENOBUFS) {
@@ -1604,12 +1703,21 @@ pr_addr(struct in_addr ina)
struct hostent *hp;
static char buf[16 + 3 + MAXHOSTNAMELEN];
- if ((options & F_NUMERIC) ||
- !(hp = gethostbyaddr((char *)&ina, 4, AF_INET)))
+ if (options & F_NUMERIC)
return inet_ntoa(ina);
+
+#ifdef HAVE_LIBCAPSICUM
+ if (capdns != NULL)
+ hp = cap_gethostbyaddr(capdns, (char *)&ina, 4, AF_INET);
else
- (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
- inet_ntoa(ina));
+#endif
+ hp = gethostbyaddr((char *)&ina, 4, AF_INET);
+
+ if (hp == NULL)
+ return inet_ntoa(ina);
+
+ (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
+ inet_ntoa(ina));
return(buf);
}
@@ -1682,6 +1790,36 @@ fill(char *bp, char *patp)
}
}
+#ifdef HAVE_LIBCAPSICUM
+static cap_channel_t *
+capdns_setup(void)
+{
+ cap_channel_t *capcas, *capdnsloc;
+ const char *types[2];
+ int families[1];
+
+ capcas = cap_init();
+ if (capcas == NULL) {
+ warn("unable to contact casperd");
+ return (NULL);
+ }
+ capdnsloc = cap_service_open(capcas, "system.dns");
+ /* Casper capability no longer needed. */
+ cap_close(capcas);
+ if (capdnsloc == NULL)
+ err(1, "unable to open system.dns service");
+ types[0] = "NAME";
+ types[1] = "ADDR";
+ if (cap_dns_type_limit(capdnsloc, types, 2) < 0)
+ err(1, "unable to limit access to system.dns service");
+ families[0] = AF_INET;
+ if (cap_dns_family_limit(capdnsloc, families, 1) < 0)
+ err(1, "unable to limit access to system.dns service");
+
+ return (capdnsloc);
+}
+#endif /* HAVE_LIBCAPSICUM */
+
#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
#define SECOPT " [-P policy]"
#else
Modified: user/ae/inet6/share/man/man3/stdarg.3
==============================================================================
--- user/ae/inet6/share/man/man3/stdarg.3 Thu Feb 6 11:38:39 2014 (r261547)
+++ user/ae/inet6/share/man/man3/stdarg.3 Thu Feb 6 11:40:01 2014 (r261548)
@@ -59,7 +59,7 @@ The include file
.In stdarg.h
declares a type
.Pq Em va_list
-and defines three macros for stepping
+and defines four macros for stepping
through a list of arguments whose number and types are not known to
the called function.
.Pp
@@ -77,7 +77,8 @@ The
macro initializes
.Fa ap
for subsequent use by
-.Fn va_arg
+.Fn va_arg ,
+.Fn va_copy ,
and
.Fn va_end ,
and must be called first.
@@ -93,10 +94,6 @@ macro, it should not be declared as a re
function or an array type.
.Pp
The
-.Fn va_start
-macro returns no value.
-.Pp
-The
.Fn va_arg
macro expands to an expression that has the type and value of the next
argument in the call.
@@ -105,7 +102,9 @@ The parameter
is the
.Em va_list Fa ap
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list