Date: Thu, 24 Aug 2006 20:04:05 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 104983 for review Message-ID: <200608242004.k7OK45Qu031134@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=104983 Change 104983 by rwatson@rwatson_zoo on 2006/08/24 20:03:28 Integrate TrustedBSD audit3 branch from TrustedBSD base branch: - Loop back audit pipe kqueue support. Affected files ... .. //depot/projects/trustedbsd/audit3/Makefile.inc1#14 integrate .. //depot/projects/trustedbsd/audit3/gnu/usr.bin/Makefile#8 integrate .. //depot/projects/trustedbsd/audit3/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#16 integrate .. //depot/projects/trustedbsd/audit3/sbin/fsdb/fsdb.8#6 integrate .. //depot/projects/trustedbsd/audit3/share/man/man4/fast_ipsec.4#4 integrate .. //depot/projects/trustedbsd/audit3/share/man/man4/ipsec.4#4 integrate .. //depot/projects/trustedbsd/audit3/share/mk/bsd.port.mk#3 integrate .. //depot/projects/trustedbsd/audit3/sys/kern/vfs_mount.c#18 integrate .. //depot/projects/trustedbsd/audit3/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c#7 integrate .. //depot/projects/trustedbsd/audit3/sys/netgraph/ng_fec.c#6 integrate .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#28 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/Makefile.inc1#14 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $FreeBSD: src/Makefile.inc1,v 1.553 2006/08/22 07:51:05 ru Exp $ +# $FreeBSD: src/Makefile.inc1,v 1.554 2006/08/24 17:02:26 imp Exp $ # # Make command line options: # -DNO_CLEANDIR run ${MAKE} clean, instead of ${MAKE} cleandir @@ -1032,8 +1032,9 @@ .for _lib in ${_startup_libs} ${_prebuild_libs:Nlib/libpam} ${_generic_libs} ${_lib}__L: .PHONY .if exists(${.CURDIR}/${_lib}) - ${_+_}@${ECHODIR} "===> ${_lib} (depend,all,install)"; \ + ${_+_}@${ECHODIR} "===> ${_lib} (obj,depend,all,install)"; \ cd ${.CURDIR}/${_lib}; \ + ${MAKE} DIRPRFX=${_lib}/ obj; \ ${MAKE} DIRPRFX=${_lib}/ depend; \ ${MAKE} DIRPRFX=${_lib}/ all; \ ${MAKE} DIRPRFX=${_lib}/ install @@ -1044,8 +1045,9 @@ # static PAM library, and dynamic PAM library before dynamic PAM # modules. lib/libpam__L: .PHONY - ${_+_}@${ECHODIR} "===> lib/libpam (depend,all,install)"; \ + ${_+_}@${ECHODIR} "===> lib/libpam (obj,depend,all,install)"; \ cd ${.CURDIR}/lib/libpam; \ + ${MAKE} DIRPRFX=lib/libpam/ obj; \ ${MAKE} DIRPRFX=lib/libpam/ depend; \ ${MAKE} DIRPRFX=lib/libpam/ -D_NO_LIBPAM_SO_YET all; \ ${MAKE} DIRPRFX=lib/libpam/ -D_NO_LIBPAM_SO_YET install ==== //depot/projects/trustedbsd/audit3/gnu/usr.bin/Makefile#8 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/gnu/usr.bin/Makefile,v 1.89 2006/08/21 18:25:43 marcel Exp $ +# $FreeBSD: src/gnu/usr.bin/Makefile,v 1.90 2006/08/24 15:46:29 marcel Exp $ .include <bsd.own.mk> @@ -24,7 +24,7 @@ sort \ ${_texinfo} -.if ${MACHINE_ARCH} == "arm" || ${MACHINE_ARCH} == "powerpc" +.if ${MACHINE_ARCH} == "arm" MK_GDB= no # not yet .endif ==== //depot/projects/trustedbsd/audit3/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#16 (text+ko) ==== @@ -3,7 +3,7 @@ <corpauthor>The &os; Project</corpauthor> - <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.963 2006/08/23 03:42:36 gshapiro Exp $</pubdate> + <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.964 2006/08/24 14:45:56 bmah Exp $</pubdate> <copyright> <year>2000</year> @@ -350,9 +350,9 @@ implemented.</para> <para>&os; now runs on the Xbox, whose architecture is nearly identical - to the i386. For details of the latest development, - see <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>; - and <ulink url="http://xbox-bsd.nl"></ulink>.</para>; + to the i386. For details of the latest development, see + <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>. + &merged; </para> <sect3 id="boot"> <title>Boot Loader Changes</title> @@ -767,6 +767,13 @@ for example, by using <literal>tagged</literal> rule option. For more details, see &man.ipfw.8;.</para> + <para>The <literal>IPFIREWALL_FORWARD_EXTENDED</literal> kernel + option has been removed. This option was used to permit + &man.ipfw.4; to redirect packets with local destinations. + This behavior is now always enabled when + the <literal>IPFIREWALL_FORWARD</literal> kernel option is + enabled. &merged;</para> + <para>The ip6fw(8) packet filter has been removed. Since &man.ipfw.4; has gained IPv6 support, it should be used instead. Please note that some rules might need to be adjusted.</para> @@ -1084,6 +1091,10 @@ flag, which causes it to ignore files and directories with the <literal>nodump</literal> flag set. &merged;</para> + <para>The &man.fsdb.8; utility now supports changing the birth + time of files on UFS2 file systems using the new + the <literal>btime</literal> command.</para> + <para>The &man.find.1; program now supports <option>-Btime</option> and other related primaries, which can be used to create expressions based on a file's creation time. &merged;</para> @@ -1557,7 +1568,7 @@ &merged;</para> <para><application>IPFilter</application> has been updated from - 4.1.8 to 4.1.13.</para> + 4.1.8 to 4.1.13. &merged;</para> <para><application>less</application> has been updated from v381 to v394.</para> ==== //depot/projects/trustedbsd/audit3/sbin/fsdb/fsdb.8#6 (text+ko) ==== @@ -26,9 +26,9 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $FreeBSD: src/sbin/fsdb/fsdb.8,v 1.30 2006/08/23 22:44:00 ceri Exp $ +.\" $FreeBSD: src/sbin/fsdb/fsdb.8,v 1.31 2006/08/24 09:14:02 ceri Exp $ .\" -.Dd August 23, 2006 +.Dd August 24, 2006 .Dt FSDB 8 .Os .Sh NAME @@ -224,6 +224,9 @@ or .Va atimensec field will be set to zero. +Note that +.Cm btime +is available on UFS2 file systems only. .Pp .It Cm quit , q , exit , Em <EOF> Exit the program. ==== //depot/projects/trustedbsd/audit3/share/man/man4/fast_ipsec.4#4 (text+ko) ==== @@ -22,9 +22,9 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF .\" THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $FreeBSD: src/share/man/man4/fast_ipsec.4,v 1.4 2006/06/26 22:30:07 thompsa Exp $ +.\" $FreeBSD: src/share/man/man4/fast_ipsec.4,v 1.5 2006/08/24 17:07:19 danger Exp $ .\" -.Dd January 20, 2003 +.Dd August 24, 2006 .Dt FAST_IPSEC 4 .Os .Sh NAME @@ -32,6 +32,7 @@ .Nd hardware-accelerated IP Security Protocols .Sh SYNOPSIS .Cd "options FAST_IPSEC" +.Cd "options IPSEC_FILTERGIF" .Cd "device crypto" .Pp .Bl -item -compact @@ -69,6 +70,11 @@ The user should refer to .Xr ipsec 4 for basic information on setting up and using these protocols. +Note that it is not currently possible to use +.Nm +in conjuction with the +.Tn "KAME IPsec" +implementation. .Pp System configuration requires the .Xr crypto 4 @@ -83,6 +89,12 @@ .Dq enc0 , to perform packet filtering before outbound encryption and after decapsulation inbound. +.Pp +To properly filter +.Xr gif 4 +tunnels with firewalls, add +.Cd "options IPSEC_FILTERGIF" +to the kernel configuration file. .Sh DIAGNOSTICS To be added. .Sh SEE ALSO ==== //depot/projects/trustedbsd/audit3/share/man/man4/ipsec.4#4 (text+ko) ==== @@ -27,9 +27,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/share/man/man4/ipsec.4,v 1.18 2006/02/14 13:20:09 gnn Exp $ +.\" $FreeBSD: src/share/man/man4/ipsec.4,v 1.19 2006/08/24 17:07:19 danger Exp $ .\" -.Dd February 14, 2006 +.Dd August 24, 2006 .Dt IPSEC 4 .Os .Sh NAME @@ -39,6 +39,10 @@ .In sys/types.h .In netinet/in.h .In netinet6/ipsec.h +.Cd "options IPSEC" +.Cd "options IPSEC_DEBUG" +.Cd "options IPSEC_ESP" +.Cd "options IPSEC_FILTERGIF" .Sh DESCRIPTION .Nm is a security protocol implemented within the Internet Protocol layer @@ -253,6 +257,7 @@ .Xr ioctl 2 , .Xr socket 2 , .Xr ipsec_set_policy 3 , +.Xr fast_ipsec 4 , .Xr icmp6 4 , .Xr intro 4 , .Xr ip6 4 , ==== //depot/projects/trustedbsd/audit3/share/mk/bsd.port.mk#3 (text+ko) ==== @@ -1,7 +1,10 @@ -# $FreeBSD: src/share/mk/bsd.port.mk,v 1.307 2004/07/02 20:47:18 eik Exp $ +# $FreeBSD: src/share/mk/bsd.port.mk,v 1.308 2006/08/24 18:04:49 obrien Exp $ PORTSDIR?= /usr/ports BSDPORTMK?= ${PORTSDIR}/Mk/bsd.port.mk +# Needed to keep bsd.own.mk from reading in /etc/src.conf when building ports. +SRCCONF= /dev/null + .include <bsd.own.mk> .include "${BSDPORTMK}" ==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_mount.c#18 (text+ko) ==== @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/vfs_mount.c,v 1.228 2006/06/27 14:46:31 jhb Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/vfs_mount.c,v 1.229 2006/08/24 18:52:28 marius Exp $"); #include <sys/param.h> #include <sys/conf.h> @@ -694,14 +694,13 @@ if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt) && errmsg_len > 0 && errmsg != NULL) { if (fsoptions->uio_segflg == UIO_SYSSPACE) { - strncpy(fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, - errmsg, + bcopy(errmsg, + fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); } else { - copystr(errmsg, + copyout(errmsg, fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, - fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len, - NULL); + fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); } } ==== //depot/projects/trustedbsd/audit3/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c#7 (text+ko) ==== @@ -28,7 +28,7 @@ * SUCH DAMAGE. * * $Id: ng_btsocket_rfcomm.c,v 1.28 2003/09/14 23:29:06 max Exp $ - * $FreeBSD: src/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c,v 1.22 2006/07/24 15:20:07 rwatson Exp $ + * $FreeBSD: src/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c,v 1.23 2006/08/24 16:51:02 emax Exp $ */ #include <sys/param.h> @@ -1220,7 +1220,8 @@ ng_btsocket_rfcomm_session_p s = NULL; struct sockaddr_l2cap l2sa; struct sockopt l2sopt; - int mtu, error; + int error; + u_int16_t mtu; mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED); ==== //depot/projects/trustedbsd/audit3/sys/netgraph/ng_fec.c#6 (text+ko) ==== @@ -34,7 +34,7 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF * THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/netgraph/ng_fec.c,v 1.26 2005/11/11 16:04:57 ru Exp $ + * $FreeBSD: src/sys/netgraph/ng_fec.c,v 1.27 2006/08/24 19:50:00 ru Exp $ */ /*- * Copyright (c) 1996-1999 Whistle Communications, Inc. @@ -1093,6 +1093,7 @@ char ifname[NG_FEC_FEC_NAME_MAX + 1]; struct ifnet *ifp; priv_p priv; + const uint8_t eaddr[ETHER_ADDR_LEN] = {0, 0, 0, 0, 0, 0}; struct ng_fec_bundle *b; int error = 0; @@ -1143,7 +1144,7 @@ log(LOG_WARNING, "%s: can't acquire netgraph name\n", ifname); /* Attach the interface */ - ether_ifattach(ifp, IF_LLADDR(priv->ifp)); + ether_ifattach(ifp, eaddr); callout_handle_init(&priv->fec_ch); /* Override output method with our own */ ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#28 (text+ko) ==== @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/audit/audit_pipe.c,v 1.7 2006/06/05 14:48:17 rwatson Exp $ + * $FreeBSD: src/sys/security/audit/audit_pipe.c,v 1.8 2006/08/24 17:42:38 rwatson Exp $ */ #include <sys/param.h>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608242004.k7OK45Qu031134>