| Age | Commit message (Collapse) | Author |
|---|
|
pseudo-device, get rid of the option. Enabling kcov now requires the following
line to be added to the kernel config:
pseudo-device kcov 1
This is how pseudo devices are enabled in general. A side-effect of this change
is that dev/kcov.c will no longer be compiled by default.
Prodded by deraadt@; ok mpi@ visa@
|
|
This brings unveil into the tree, disabled by default - Currently
this will return EPERM on all attempts to use it until we are
fully certain it is ready for people to start using, but this
now allows for others to do more tweaking and experimentation.
Still needs to send the unveil's across forks and execs before
fully enabling.
Many thanks to robert@ and deraadt@ for extensive testing.
ok deraadt@
|
|
OK mpi@
|
|
ok mlarkin@, patrick@
|
|
the hardware provides crypto offload, zlib offload, and an rng.
this code only supports the rng at the moment.
this device is present on their amd seatlle platforms, and very
present on their epyc stuff.
ok kettenis@ jmatthew@
|
|
ok krw@ mpi@
|
|
|
|
having mobileip in gre makes it hard to cut gre up. the current mobileip
code is also broken, so this is def and improvement. it also makes it
easy to disable and remove mobileip in the future.
ok claudio@ henning@
|
|
when syncookies are on, pf will blindly answer each and every SYN with a
syncookie-SYNACK. Upon reception of the ACK completing the 3WHS, pf will
reconstruct the original SYN, shove it through pf_test, where state will
be created if the ruleset permits it. Then massage the freshly created state
(we won't see the SYNACK), set up the sequence number modulator, and call
into the existing synproxy code to start the 3WHS with the backend host.
Add an - somewhat basic for now - adaptive mode where syncookies get enabled
if a certain percentage of the state table is filled up with half-open tcp
connections. This makes pf firewalls resilient against large synflood
attacks.
syncookies are off by default until we gained more experience, considered
experimental for now.
see http://bulabula.org/papers/2017/bsdcan/ for more details.
joint work with sashan@, widely discussed and with lots of input by many
|
|
ok kettenis
|
|
the code has rotted, and obviously hasnt been used for ages. it is
also hard to make mpsafe. if we need something like this again it
would be better to do it from scratch.
ok tedu@ visa@
|
|
Suggested by and OK mpi, OK visa
|
|
FullMAC, in comparison to SoftMAC, does most WiFi handling in the
firmware that's running on the controller. This means we have to
work around the net80211 stack while still implementing all the
WiFi interfaces to userland.
This driver is still in early development. So far it can connect
to open WiFis over the USB bus. SDIO and PCIe support, for devices
like the Raspberry Pi 3 or the Macbooks, is not yet implemented.
Also mbufs on the transmit path leak and are not yet freed.
ok stsp@
|
|
functionnalities are available in GENERIC.
ok jasper@, deraadt@, guenther@, dlg@
|
|
|
|
if we compile pf, ipsec, pipex or nfsserver.
Suggested by mpi some time ago.
Tweak & OK bluhm
deraadt assumes it's fair
|
|
Prompted by a bugreport by naddy that IPv6 autoconfiguration is broken
in the installer.
OK mpi, "go for it" deraadt
|
|
Discussed with and OK henning@ at d2k17 as a part of a larger diff.
|
|
only active during hibernation, preallocating the the submission and completion
queues during attach as they need to be page-aligned.
tested on an x270 that successfully hibernates now.
ok dlg@
|
|
abstraction. First step of making PF_KEY a bit more like PF_ROUTE.
OK mpi@
|
|
OK sthen, visa
|
|
This introduces a 32-bit constant time AES implementation from
Thomas Pornin originally for BearSSL and then adjusted by Thomas
and myself to fit OpenBSD kernel. One of the additional features
is an API for encryption and decryption subkey expansion in the
format specified by NIST in FIPS 197.
Tested by myself and naddy@, ok djm@
|
|
It doesn't compile und hasn't been working during the last decade.
ok kettenis@, deraadt@
|
|
The syscall is marked NOLOCK and only FUTEX_WAIT grabs the KERNEL_LOCK()
because of PCATCH and the signal nightmare.
Serialization of threads is currently done with a global & exclusive
rwlock.
Note that the current implementation still use copyin(9) which is not
guaranteed to be atomic. Committing now such that remaining issues can
be addressed in-tree.
With inputs from guenther@, kettenis@ and visa@.
ok deraadt@, visa@
|
|
|
|
Go-ahead from kettenis@, guenther@, deraadt@
|
|
leaving out the size, so that
ELFNAME2(exec,makecmds)
becomes
exec_elf_makecmds
instead of
exec_elf{32,64}_makecmds
and then delete the ELFNAME2() and ELFNAMEEND() macros.
Move the prototypes for functions local to exec_elf.c to there from
exec_elf.h.
Simplify the SMALL_KERNEL conditionals around the ELF coredump code.
Change exec_conf.c to use the size-generic names and macros
Remove exec_elf{32,64}.c and just build exec_elf.c; delete the
_KERN_DO_ELF and _KERN_DO_ELF64 #defines.
ok jca@, encouragement from deraadt@ and tom@
|
|
This unbreaks build on archs that are non-pv but PCI because I moved
virtio out of files.pci but kept a virtio dependency for the
virtio_pci driver.
Issue report and fix suggested by visa@ and miod@
|
|
Should unbreak the tree on many platforms broken since athn(4) 11n commit.
|
|
It seems unlikely that any future new platform will ever need them.
OK mpi@
|
|
For now, only build mira if the iwm(4) or iwn(4) drivers are also
built since other wifi drivers don't even have 11n support yet.
This limits platforms affected by this change to i386 and amd64.
make release on i386/amd64 platforms tested by tb@ (thanks!)
ok tb@ mpi@ kettenis@
|
|
This code insn't used since ART is the default.
ok vgross@
|
|
both the cpumem and counters api simply allocates memory for each cpu in
the system that can be used for arbitrary per cpu data (via cpumem), or
a versioned set of counters per cpu (counters).
there is an alternate backend for uniprocessor systems that basically
turns the percpu data access into an immediate access to a single
allocation.
there is also support for percpu data structures that are available at
boot time by providing an allocation for the boot cpu. after autoconf,
these allocations have to be resized to provide for all cpus that were
enumerated by boot.
ok mpi@
|
|
to lookup the number of function parameters. however having this basic
facility allows us to expand it's usage.
currently hidden behind the (disabled) DDBCTF kernel option as some of the
required tools are not available in base yet. in addition to that one
also needs recent bootblocks that load the .SUNW_ctf kernel section.
discussed with mpi@ over many a cider and ale in cambridge
feedback and ok guenther@ mpi@
|
|
the problem with the .h file pulling in sys/param.h for NULL, which
in turn goes and pulls in a ton of MI insanity, has been fixed.
ok deraadt@
|
|
|
|
|
|
|
|
profiling framework.
Code patching is used to enable probes when entering functions. The
probes will call a mcount()-like function to match the behavior of a
GPROF kernel.
Currently only available on amd64 and guarded under DDBPROF. Support
for other archs will follow soon.
A new sysctl knob, ddb.console, need to be set to 1 in securelevel 0
to be able to use this feature.
Inputs and ok guenther@
|
|
OK claudio@, henning@
|
|
switch(4) currently supports OpenFlow 1.3.5.
Currently, it's disabled by the kernel config.
With help from yasuoka@ reyk@ jsg@.
ok deraadt@ yasuoka@ reyk@ henning@
|
|
GMAC core which is used on the Allwinner A20 SoCs and later SoCs in the
Allwinner family. Since this core is very likely to show up the base of
other devices, it gets to live here in dev/ic.
Ported from NetBSD (where it is named awge(4)) by patrick@. Some further
fixes by me.
ok deraadt@
|
|
ok mpi
|
|
involves turning sxiahci(4) into a real driver that dynamically attaches.
ehci(4) now also attaches dynamically.
ok jsg@, patrick@
|
|
|
|
ok mpi@ jca@ mglocker@
|
|
Use a new task that runs holding the KERNEL_LOCK to execute mp-unsafe
code. Our current goal is to progressively move input functions to the
unlocked task.
This gives a small performance boost confirmed by Hrvoje Popovski's
IPv4 forwarding measurement:
before: after:
send receive send receive
400kpps 400kpps 400kpps 400kpps
500kpps 500kpps 500kpps 500kpps
600kpps 600kpps 600kpps 600kpps
650kpps 650kpps 650kpps 640kpps
700kpps 700kpps 700kpps 700kpps
720kpps 640kpps 720kpps 710kpps
800kpps 640kpps 800kpps 650kpps
1.4Mpps 570kpps 1.4Mpps 590kpps
14Mpps 570kpps 14Mpps 590kpps
ok kettenis@, bluhm@, dlg@
|
|
|
|
with db_show_regs().
|
|
of three unused FS-related functions.
okay mpi@ and beck@
|
