summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Some integrated Davicom cards in sparc64 boxes have an all zerosMaxime Henrion2004-01-084-0/+54
| | | | | | | | | | | | | MAC address in the EEPROM, and we need to get it from OpenFirmware. This isn't very pretty but time is lacking to do this in a better way this near 5.2-RELEASE. This is a RELENG_5_2 candidate. Original version by: Marius Strobl <marius@alchemy.franken.de> Tested by: Pete Bentley <pete@sorted.org> Reviewed by: jake Notes: svn path=/head/; revision=124259
* Limiters and sanity checks for TCP MSS (maximum segement size)Andre Oppermann2004-01-088-4/+200
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | resource exhaustion attacks. For network link optimization TCP can adjust its MSS and thus packet size according to the observed path MTU. This is done dynamically based on feedback from the remote host and network components along the packet path. This information can be abused to pretend an extremely low path MTU. The resource exhaustion works in two ways: o during tcp connection setup the advertized local MSS is exchanged between the endpoints. The remote endpoint can set this arbitrarily low (except for a minimum MTU of 64 octets enforced in the BSD code). When the local host is sending data it is forced to send many small IP packets instead of a large one. For example instead of the normal TCP payload size of 1448 it forces TCP payload size of 12 (MTU 64) and thus we have a 120 times increase in workload and packets. On fast links this quickly saturates the local CPU and may also hit pps processing limites of network components along the path. This type of attack is particularly effective for servers where the attacker can download large files (WWW and FTP). We mitigate it by enforcing a minimum MTU settable by sysctl net.inet.tcp.minmss defaulting to 256 octets. o the local host is reveiving data on a TCP connection from the remote host. The local host has no control over the packet size the remote host is sending. The remote host may chose to do what is described in the first attack and send the data in packets with an TCP payload of at least one byte. For each packet the tcp_input() function will be entered, the packet is processed and a sowakeup() is signalled to the connected process. For example an attack with 2 Mbit/s gives 4716 packets per second and the same amount of sowakeup()s to the process (and context switches). This type of attack is particularly effective for servers where the attacker can upload large amounts of data. Normally this is the case with WWW server where large POSTs can be made. We mitigate this by calculating the average MSS payload per second. If it goes below 'net.inet.tcp.minmss' and the pps rate is above 'net.inet.tcp.minmssoverload' defaulting to 1000 this particular TCP connection is resetted and dropped. MITRE CVE: CAN-2004-0002 Reviewed by: sam (mentor) MFC after: 1 day Notes: svn path=/head/; revision=124258
* Add the PCI ID for yet another bge chip: the Altima 1002.Bill Paul2004-01-082-0/+3
| | | | | | | Submitted by: Pavel Gubin <pg@rainbow.ie.tusur.ru> Notes: svn path=/head/; revision=124257
* Add the NDISAPI option.Bill Paul2004-01-081-0/+1
| | | | Notes: svn path=/head/; revision=124256
* Always clean all files, including ones under ACPI_DEBUG when doing aNate Lawson2004-01-081-7/+9
| | | | | | | "make clean". Notes: svn path=/head/; revision=124255
* MFlibpthread: Add a simple work-around for deadlocking on recursiveDaniel Eischen2004-01-082-44/+82
| | | | | | | readlocks on a rwlock while there are writers waiting. Notes: svn path=/head/; revision=124253
* Add a simple work-around for deadlocking on recursive read locksDaniel Eischen2004-01-086-96/+172
| | | | | | | | | | | | | on a rwlock while there are writers waiting. We normally favor writers but when a reader already has at least one other read lock, we favor the reader. We don't track all the rwlocks owned by a thread, nor all the threads that own a rwlock -- we just keep a count of all the read locks owned by a thread. PR: 24641 Notes: svn path=/head/; revision=124252
* * firewireHidetoshi Shimokawa2004-01-083-18/+34
| | | | | | | | | | | | | Add tcode_str[] and improve debug message. * sbp If max_speed is negative, use the maximum speed which the ohci chip supports. The default max_speed is -1. * if_fwe If tx_speed is negative, use the maximum speed which the ohci chip supports. The default tx_speed is 2. Notes: svn path=/head/; revision=124251
* Cosmetics: rearrange the dependency list to match that of ssh and sshd.Ruslan Ermilov2004-01-081-2/+5
| | | | | | | Reviewed by: des Notes: svn path=/head/; revision=124250
* Fixed static linkage.Ruslan Ermilov2004-01-082-4/+10
| | | | | | | Reviewed by: des Notes: svn path=/head/; revision=124249
* If path mtu discovery is enabled set the DF bit in all cases weAndre Oppermann2004-01-082-0/+8
| | | | | | | | | | | send packets on a tcp connection. PR: kern/60889 Tested by: Richard Wendland <richard@wendland.org.uk> Approved by: re (scottl) Notes: svn path=/head/; revision=124248
* Do not set the ip_id to zero when DF is set on packet andAndre Oppermann2004-01-081-12/+6
| | | | | | | | | | | | | | | | | restore the general pre-randomid behaviour. Setting the ip_id to zero causes several problems with packet reassembly when a device along the path removes the DF bit for some reason. Other BSD and Linux have found and fixed the same issues. PR: kern/60889 Tested by: Richard Wendland <richard@wendland.org.uk> Approved by: re (scottl) Notes: svn path=/head/; revision=124247
* Correct the definition of the ndis_miniport_interrupt structure:Bill Paul2004-01-083-10/+45
| | | | | | | | | | | | | | | | | the ni_dpccountlock member is an ndis_kspin_lock, not an ndis_spin_lock (the latter is too big). Run if_ndis.c:ndis_tick() via taskqueue_schedule(). Also run ndis_start() via taskqueue in certain circumstances. Using these tweaks, I can now get the Broadcom BCM5701 NDIS driver to load and run. Unfortunately, the version I have seems to suffer from the same bug as the SMC 83820 driver, which is that it creates a spinlock during its DriverEntry() routine. I'm still debating the right way to deal with this. Notes: svn path=/head/; revision=124246
* Use += instead of = with DPADD / LDADD.Dag-Erling Smørgrav2004-01-081-2/+2
| | | | Notes: svn path=/head/; revision=124245
* Regenerate config.h; I don't know why this didn't hit CVS yesterday.Dag-Erling Smørgrav2004-01-081-36/+107
| | | | Notes: svn path=/head/; revision=124244
* Enable GSSAPI support. [1]Dag-Erling Smørgrav2004-01-083-8/+10
| | | | | | | | | Also remove some duplicates from ssh's SRCS. Submitted by: [1] Björn Grönvall <bg@sics.se> Notes: svn path=/head/; revision=124242
* fixed improper routing-message flagSUZUKI Shinsuke2004-01-081-1/+1
| | | | | | | Obtained from: KAME Notes: svn path=/head/; revision=124241
* The transmit frame status is stored in the last transmit descriptor for theDon Lewis2004-01-084-6/+10
| | | | | | | | | | | | | | | | | | | | | | | | frame, not the first. It is probably also not safe to free the mbuf chain as soon as the OWN bit is cleared on the first descriptor since the chip may not be done copying the frame into the transmit FIFO. Revert the part of of busdma conversion (if_dc.c rev 1.115) which changed dc_txeof() to look for the status in the first descriptor and free the mbuf chain when processing the first descriptor for the frame, and revert the matching changes elsewhere in the driver. This part of the busdma change caused the driver to report spurious collisions and output errors, even when running in full-duplex mode. Reverting the mbuf chain handling slightly complicates dc_dma_map_txbuf(), since it is responsible for setting the OWN bits on the descriptors, but does not normally have direct access to the mbuf chain. Tested by: Dejan Lesjak <dejan.lesjak at ijs.si> alpha/<Intel 21143 10/100BaseTX> "Xin LI" <delphij at frontfree.net> i386/<Macronix 98713 10/100BaseTX> Wiktor Niesiobedzki <bsd at w.evip.pl> i386/<3Com OfficeConnect 10/100B> Reviewed by: mux Notes: svn path=/head/; revision=124240
* Remove extraneous unlock. This fixes a panic seen when manipulating staticSam Leffler2004-01-071-1/+1
| | | | | | | entries in the ARP table. Notes: svn path=/head/; revision=124237
* Correct an instance of an erroneous "it's".Ceri Davies2004-01-071-1/+1
| | | | | | | | | PR: docs/59937 Submitted by: Ada Lim <ada@bsd.org> MFC After: 1 day Notes: svn path=/head/; revision=124236
* Comsetic tweaks: use PCPU_GET(cpumask) and CPU_ABSENT().John Baldwin2004-01-071-5/+5
| | | | | | | Tested by: Dejan Lesjak <dejan.lesjak@ijs.si> Notes: svn path=/head/; revision=124235
* Correct capitalization.Greg Lehey2004-01-071-1/+1
| | | | | | | Submitted by: ru Notes: svn path=/head/; revision=124234
* Add 'device wlan' to synopsis.Bill Paul2004-01-071-1/+2
| | | | Notes: svn path=/head/; revision=124233
* Netgear WG511T card is a CardBus not a PCI card.Marc Fonvieille2004-01-072-2/+2
| | | | | | | | PR: docs/61039 Submitted by: Michael Lestinsky <michael@lestinsky.de> Notes: svn path=/head/; revision=124232
* Correct and simplify the implementation of RtlEqualUnicodeString().Bill Paul2004-01-071-22/+23
| | | | Notes: svn path=/head/; revision=124231
* Add a tip on how to print a manual page.Marc Fonvieille2004-01-071-0/+7
| | | | | | | | PR: docs/61033 Submitted by: mi@ Notes: svn path=/head/; revision=124230
* man ftpd says that "by default, anonymous users cannot modify existing files."Eric Anholt2004-01-071-1/+1
| | | | | | | | | | | However, the code did allow deletion of files. Make deleting require the -m flag, too. PR: bin/60809 Submitted by: Alexander Melkov <melkov@comptek.ru> Notes: svn path=/head/; revision=124229
* It appears drivers may call NdisWriteErrorLogEntry() with locksBill Paul2004-01-071-3/+5
| | | | | | | | | | | held. However, if we need to translate a unicode message table message, ndis_unicode_to_ascii() might malloc() some memory, which causes a warning from witness. Avoid this by using some stack space to hold the translated message. (Also bounds check to make sure we don't overrun the stack buffer.) Notes: svn path=/head/; revision=124228
* When draining the tx queue reclaim any node references held in packets.Sam Leffler2004-01-071-1/+10
| | | | | | | | This fixes a problem when operating as an AP where clients would get stuck in the node table because the reference count never went to zero. Notes: svn path=/head/; revision=124225
* When ath_hal_stoptxdma returns an error dma is still likely stoppedSam Leffler2004-01-071-1/+1
| | | | | | | | so don't just stop trying to send a beacon frame or we'll be more likely to lose sync. This only seems to happen on some older chips. Notes: svn path=/head/; revision=124224
* use ath_reset instead of ath_init when recovering from a watchdog timeout:Sam Leffler2004-01-071-1/+1
| | | | | | | resetting the hardware is sufficient, no need to reset the 802.11 fsm Notes: svn path=/head/; revision=124223
* make hw.ath.debug a tunableSam Leffler2004-01-071-0/+1
| | | | Notes: svn path=/head/; revision=124222
* make hw.ath.outdoor and hw.ath.countrycode tunablesSam Leffler2004-01-071-0/+2
| | | | Notes: svn path=/head/; revision=124221
* split debugging messages up into classes;Sam Leffler2004-01-071-73/+109
| | | | | | | ah_debug is now treated as a bit vector Notes: svn path=/head/; revision=124220
* Lock p->p_textvp before calling vn_fullpath() on it. Note theRobert Watson2004-01-071-0/+2
| | | | | | | | | | | potential lock order concern due to the vnode lock held simultaneously by the caller into procfs. Reported by: kuriyama Approved by: des Notes: svn path=/head/; revision=124219
* Move declarations of Procfd to a header file.David Malone2004-01-079-8/+2
| | | | Notes: svn path=/head/; revision=124217
* Fix a printf format warning.David Malone2004-01-071-1/+1
| | | | Notes: svn path=/head/; revision=124216
* Previous commit erroneously listed some sources with .o suffixes.Dag-Erling Smørgrav2004-01-071-1/+1
| | | | Notes: svn path=/head/; revision=124215
* Get moduli from the OpenSSH sources instead of keeping a local copy.Dag-Erling Smørgrav2004-01-072-159/+1
| | | | Notes: svn path=/head/; revision=124214
* Update to reflect changes since the last version.Dag-Erling Smørgrav2004-01-071-5/+10
| | | | Notes: svn path=/head/; revision=124213
* Update Makefiles for OpenSSH 3.7.1p2.Dag-Erling Smørgrav2004-01-0711-37/+37
| | | | Notes: svn path=/head/; revision=124212
* Resolve conflicts and remove obsolete files.Dag-Erling Smørgrav2004-01-0797-5970/+3388
| | | | | | | Sponsored by: registrar.no Notes: svn path=/head/; revision=124211
* This commit was generated by cvs2svn to compensate for changes in r124208,Dag-Erling Smørgrav2004-01-07155-3701/+8986
|\ | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=124209
| * Vendor import of OpenSSH 3.7.1p2.Dag-Erling Smørgrav2004-01-07216-7117/+12791
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=124208
* | Merge OpenSSH 3.7.1p2.Dag-Erling Smørgrav2004-01-071-73/+185
| | | | | | | | Notes: svn path=/head/; revision=124207
* | Fix a long-standing bug that had been introduced in rev 1.24 with theJoerg Wunsch2004-01-071-1/+4
| | | | | | | | | | | | | | | | | | replacement of struct proc by struct thread. This bug could cause a NULL pointer dereferencation under certain circumstances (e. g. while running /etc/rc.d/pcvt). Notes: svn path=/head/; revision=124206
* | Use atomic ops for the interlocked increment and decrement routinesBill Paul2004-01-072-14/+6
| | | | | | | | | | | | | | | | | | | | | | in subr_ndis and subr_ntoskrnl. This is faster and avoids potential LOR whinage from witness (an LOR couldn't happen with the old code since the interlocked inc/dec routines could not sleep with a lock held, but this will keep witness happy and it's more efficient anyway. I think.) Notes: svn path=/head/; revision=124203
* | In subr_ndis.c: correct ndis_interlock_inc() and ndis_interlock_dec()Bill Paul2004-01-072-26/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | so we increment the right thing. (All work and not enough parens make Bill something something...) This makes the RealTek 8139C+ driver work correctly. Also fix some mtx_lock_spin()s and mtx_unlock_spin()s that should have been just plain mtx_lock()s and mtx_unlock()s. In kern_ndis.c: remove duplicate code from ndis_send_packets() and just call the senddone handler (ndis_txeof()). Notes: svn path=/head/; revision=124202
* | Allow trailing slashes for MNT_UPDATE case (mount -u), too.Eric Anholt2004-01-071-1/+1
| | | | | | | | | | | | | | | | PR: bin/59144 Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at> Notes: svn path=/head/; revision=124201
* | From PR:Eric Anholt2004-01-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In fdformat.c a closing parenthesis is at the wrong place. Instead of adding sizeof _PATH_DEV + 1 to the length of argv[optind], the length of the string starting (sizeof _PATH_DEV + 1) characters after argv[optind]'s beginning (accessing junk memory if we jump over the terminating null character) is passed to malloc(). PR: bin/60026 Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at> Notes: svn path=/head/; revision=124200
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-07 09:04:17 +0000