Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 Aug 2006 18:54:32 GMT
From:      Paolo Pisati <piso@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 104973 for review
Message-ID:  <200608241854.k7OIsWqY024602@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=104973

Change 104973 by piso@piso_newluxor on 2006/08/24 18:53:46

	IFC

Affected files ...

.. //depot/projects/soc2005/libalias/Makefile.inc1#4 integrate
.. //depot/projects/soc2005/libalias/gnu/usr.bin/Makefile#3 integrate
.. //depot/projects/soc2005/libalias/share/man/man4/fast_ipsec.4#3 integrate
.. //depot/projects/soc2005/libalias/share/man/man4/ipsec.4#2 integrate
.. //depot/projects/soc2005/libalias/share/mk/bsd.port.mk#2 integrate
.. //depot/projects/soc2005/libalias/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c#3 integrate
.. //depot/projects/soc2005/libalias/sys/security/audit/audit_pipe.c#2 integrate

Differences ...

==== //depot/projects/soc2005/libalias/Makefile.inc1#4 (text+ko) ====

@@ -1,5 +1,5 @@
 #
-# $FreeBSD: src/Makefile.inc1,v 1.553 2006/08/22 07:51:05 ru Exp $
+# $FreeBSD: src/Makefile.inc1,v 1.554 2006/08/24 17:02:26 imp Exp $
 #
 # Make command line options:
 #	-DNO_CLEANDIR run ${MAKE} clean, instead of ${MAKE} cleandir
@@ -1032,8 +1032,9 @@
 .for _lib in ${_startup_libs} ${_prebuild_libs:Nlib/libpam} ${_generic_libs}
 ${_lib}__L: .PHONY
 .if exists(${.CURDIR}/${_lib})
-	${_+_}@${ECHODIR} "===> ${_lib} (depend,all,install)"; \
+	${_+_}@${ECHODIR} "===> ${_lib} (obj,depend,all,install)"; \
 		cd ${.CURDIR}/${_lib}; \
+		${MAKE} DIRPRFX=${_lib}/ obj; \
 		${MAKE} DIRPRFX=${_lib}/ depend; \
 		${MAKE} DIRPRFX=${_lib}/ all; \
 		${MAKE} DIRPRFX=${_lib}/ install
@@ -1044,8 +1045,9 @@
 # static PAM library, and dynamic PAM library before dynamic PAM
 # modules.
 lib/libpam__L: .PHONY
-	${_+_}@${ECHODIR} "===> lib/libpam (depend,all,install)"; \
+	${_+_}@${ECHODIR} "===> lib/libpam (obj,depend,all,install)"; \
 		cd ${.CURDIR}/lib/libpam; \
+		${MAKE} DIRPRFX=lib/libpam/ obj; \
 		${MAKE} DIRPRFX=lib/libpam/ depend; \
 		${MAKE} DIRPRFX=lib/libpam/ -D_NO_LIBPAM_SO_YET all; \
 		${MAKE} DIRPRFX=lib/libpam/ -D_NO_LIBPAM_SO_YET install

==== //depot/projects/soc2005/libalias/gnu/usr.bin/Makefile#3 (text+ko) ====

@@ -1,4 +1,4 @@
-# $FreeBSD: src/gnu/usr.bin/Makefile,v 1.89 2006/08/21 18:25:43 marcel Exp $
+# $FreeBSD: src/gnu/usr.bin/Makefile,v 1.90 2006/08/24 15:46:29 marcel Exp $
 
 .include <bsd.own.mk>
 
@@ -24,7 +24,7 @@
 	sort \
 	${_texinfo}
  
-.if ${MACHINE_ARCH} == "arm" || ${MACHINE_ARCH} == "powerpc"
+.if ${MACHINE_ARCH} == "arm"
 MK_GDB=	no	# not yet
 .endif
 

==== //depot/projects/soc2005/libalias/share/man/man4/fast_ipsec.4#3 (text+ko) ====

@@ -22,9 +22,9 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 .\" THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $FreeBSD: src/share/man/man4/fast_ipsec.4,v 1.4 2006/06/26 22:30:07 thompsa Exp $
+.\" $FreeBSD: src/share/man/man4/fast_ipsec.4,v 1.5 2006/08/24 17:07:19 danger Exp $
 .\"
-.Dd January 20, 2003
+.Dd August 24, 2006
 .Dt FAST_IPSEC 4
 .Os
 .Sh NAME
@@ -32,6 +32,7 @@
 .Nd hardware-accelerated IP Security Protocols
 .Sh SYNOPSIS
 .Cd "options FAST_IPSEC"
+.Cd "options IPSEC_FILTERGIF"
 .Cd "device crypto"
 .Pp
 .Bl -item -compact
@@ -69,6 +70,11 @@
 The user should refer to
 .Xr ipsec 4
 for basic information on setting up and using these protocols.
+Note that it is not currently possible to use
+.Nm
+in conjuction with the
+.Tn "KAME IPsec"
+implementation.
 .Pp
 System configuration requires the
 .Xr crypto 4
@@ -83,6 +89,12 @@
 .Dq enc0 ,
 to perform packet filtering before outbound encryption and after decapsulation
 inbound.
+.Pp
+To properly filter 
+.Xr gif 4
+tunnels with firewalls, add
+.Cd "options IPSEC_FILTERGIF"
+to the kernel configuration file.
 .Sh DIAGNOSTICS
 To be added.
 .Sh SEE ALSO

==== //depot/projects/soc2005/libalias/share/man/man4/ipsec.4#2 (text+ko) ====

@@ -27,9 +27,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $FreeBSD: src/share/man/man4/ipsec.4,v 1.18 2006/02/14 13:20:09 gnn Exp $
+.\" $FreeBSD: src/share/man/man4/ipsec.4,v 1.19 2006/08/24 17:07:19 danger Exp $
 .\"
-.Dd February 14, 2006
+.Dd August 24, 2006
 .Dt IPSEC 4
 .Os
 .Sh NAME
@@ -39,6 +39,10 @@
 .In sys/types.h
 .In netinet/in.h
 .In netinet6/ipsec.h
+.Cd "options IPSEC"
+.Cd "options IPSEC_DEBUG"
+.Cd "options IPSEC_ESP"
+.Cd "options IPSEC_FILTERGIF"
 .Sh DESCRIPTION
 .Nm
 is a security protocol implemented within the Internet Protocol layer
@@ -253,6 +257,7 @@
 .Xr ioctl 2 ,
 .Xr socket 2 ,
 .Xr ipsec_set_policy 3 ,
+.Xr fast_ipsec 4 ,
 .Xr icmp6 4 ,
 .Xr intro 4 ,
 .Xr ip6 4 ,

==== //depot/projects/soc2005/libalias/share/mk/bsd.port.mk#2 (text+ko) ====

@@ -1,7 +1,10 @@
-# $FreeBSD: src/share/mk/bsd.port.mk,v 1.307 2004/07/02 20:47:18 eik Exp $
+# $FreeBSD: src/share/mk/bsd.port.mk,v 1.308 2006/08/24 18:04:49 obrien Exp $
 
 PORTSDIR?=	/usr/ports
 BSDPORTMK?=	${PORTSDIR}/Mk/bsd.port.mk
 
+# Needed to keep bsd.own.mk from reading in /etc/src.conf when building ports.
+SRCCONF=	/dev/null
+
 .include <bsd.own.mk>
 .include "${BSDPORTMK}"

==== //depot/projects/soc2005/libalias/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c#3 (text+ko) ====

@@ -28,7 +28,7 @@
  * SUCH DAMAGE.
  *
  * $Id: ng_btsocket_rfcomm.c,v 1.28 2003/09/14 23:29:06 max Exp $
- * $FreeBSD: src/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c,v 1.22 2006/07/24 15:20:07 rwatson Exp $
+ * $FreeBSD: src/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c,v 1.23 2006/08/24 16:51:02 emax Exp $
  */
 
 #include <sys/param.h>
@@ -1220,7 +1220,8 @@
 	ng_btsocket_rfcomm_session_p	s = NULL;
 	struct sockaddr_l2cap		l2sa;
 	struct sockopt			l2sopt;
-	int				mtu, error;
+	int				error;
+	u_int16_t			mtu;
 
 	mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED);
 

==== //depot/projects/soc2005/libalias/sys/security/audit/audit_pipe.c#2 (text) ====

@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $FreeBSD: src/sys/security/audit/audit_pipe.c,v 1.7 2006/06/05 14:48:17 rwatson Exp $
+ * $FreeBSD: src/sys/security/audit/audit_pipe.c,v 1.8 2006/08/24 17:42:38 rwatson Exp $
  */
 
 #include <sys/param.h>
@@ -172,6 +172,7 @@
 static d_read_t		audit_pipe_read;
 static d_ioctl_t	audit_pipe_ioctl;
 static d_poll_t		audit_pipe_poll;
+static d_kqfilter_t	audit_pipe_kqfilter;
 
 static struct cdevsw	audit_pipe_cdevsw = {
 	.d_version =	D_VERSION,
@@ -181,9 +182,20 @@
 	.d_read =	audit_pipe_read,
 	.d_ioctl =	audit_pipe_ioctl,
 	.d_poll =	audit_pipe_poll,
+	.d_kqfilter =	audit_pipe_kqfilter,
 	.d_name =	AUDIT_PIPE_NAME,
 };
 
+static int	audit_pipe_kqread(struct knote *note, long hint);
+static void	audit_pipe_kqdetach(struct knote *note);
+
+static struct filterops audit_pipe_read_filterops = {
+	.f_isfd =	1,
+	.f_attach =	NULL,
+	.f_detach =	audit_pipe_kqdetach,
+	.f_event =	audit_pipe_kqread,
+};
+
 /*
  * Some global statistics on audit pipes.
  */
@@ -425,6 +437,7 @@
 	ap->ap_inserts++;
 	ap->ap_qlen++;
 	selwakeuppri(&ap->ap_selinfo, PSOCK);
+	KNOTE_LOCKED(&ap->ap_selinfo.si_note, 0);
 	if (ap->ap_flags & AUDIT_PIPE_ASYNC)
 		pgsigio(&ap->ap_sigio, SIGIO, 0);
 }
@@ -520,6 +533,8 @@
 		return (NULL);
 	ap->ap_qlimit = AUDIT_PIPE_QLIMIT_DEFAULT;
 	TAILQ_INIT(&ap->ap_queue);
+	knlist_init(&ap->ap_selinfo.si_note, &audit_pipe_mtx, NULL, NULL,
+	    NULL);
 
 	/*
 	 * Default flags, naflags, and auid-specific preselection settings to
@@ -533,6 +548,9 @@
 	TAILQ_INIT(&ap->ap_preselect_list);
 	ap->ap_preselect_mode = AUDITPIPE_PRESELECT_MODE_TRAIL;
 
+	/*
+	 * Add to global list and update global statistics.
+	 */
 	TAILQ_INSERT_HEAD(&audit_pipe_list, ap, ap_list);
 	audit_pipe_count++;
 	audit_pipe_ever++;
@@ -572,6 +590,7 @@
 
 	audit_pipe_preselect_flush_locked(ap);
 	audit_pipe_flush(ap);
+	knlist_destroy(&ap->ap_selinfo.si_note);
 	TAILQ_REMOVE(&audit_pipe_list, ap, ap_list);
 	free(ap, M_AUDIT_PIPE);
 	audit_pipe_count--;
@@ -946,6 +965,71 @@
 }
 
 /*
+ * Audit pipe kqfilter.
+ */
+static int
+audit_pipe_kqfilter(struct cdev *dev, struct knote *kn)
+{
+	struct audit_pipe *ap;
+
+	ap = dev->si_drv1;
+	KASSERT(ap != NULL, ("audit_pipe_kqfilter: ap == NULL"));
+
+	if (kn->kn_filter != EVFILT_READ)
+		return (EINVAL);
+
+	kn->kn_fop = &audit_pipe_read_filterops;
+	kn->kn_hook = ap;
+
+	mtx_lock(&audit_pipe_mtx);
+	knlist_add(&ap->ap_selinfo.si_note, kn, 1);
+	mtx_unlock(&audit_pipe_mtx);
+	return (0);
+}
+
+/*
+ * Return true if there are records available for reading on the pipe.
+ */
+static int
+audit_pipe_kqread(struct knote *kn, long hint)
+{
+	struct audit_pipe_entry *ape;
+	struct audit_pipe *ap;
+
+	mtx_assert(&audit_pipe_mtx, MA_OWNED);
+
+	ap = (struct audit_pipe *)kn->kn_hook;
+	KASSERT(ap != NULL, ("audit_pipe_kqread: ap == NULL"));
+
+	if (ap->ap_qlen != 0) {
+		ape = TAILQ_FIRST(&ap->ap_queue);
+		KASSERT(ape != NULL, ("audit_pipe_kqread: ape == NULL"));
+
+		kn->kn_data = ape->ape_record_len;
+		return (1);
+	} else {
+		kn->kn_data = 0;
+		return (0);
+	}
+}
+
+/*
+ * Detach kqueue state from audit pipe.
+ */
+static void
+audit_pipe_kqdetach(struct knote *kn)
+{
+	struct audit_pipe *ap;
+
+	ap = (struct audit_pipe *)kn->kn_hook;
+	KASSERT(ap != NULL, ("audit_pipe_kqdetach: ap == NULL"));
+
+	mtx_lock(&audit_pipe_mtx);
+	knlist_remove(&ap->ap_selinfo.si_note, kn, 1);
+	mtx_unlock(&audit_pipe_mtx);
+}
+
+/*
  * Initialize the audit pipe system.
  */
 static void



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608241854.k7OIsWqY024602>