happen in the TCP stack, this interface calls the specified callback to
handle the situation according to the currently selected congestion
control algorithm.
A new sysctl node was created: net.inet.tcp.congctl.{available,selected}
with obvious meanings.
The old net.inet.tcp.newreno MIB was removed.
The API is discussed in tcp_congctl(9).
In the near future, it will be possible to selected a congestion control
algorithm on a per-socket basis.
Discussed on tech-net and reviewed by <yamt>.
subsystems, based on work by YAMAMOTO Takashi. This is intended to
be used by other subsystems (such as the proc_*() or lwp_*() routines)
rather than directly by consumers.
instead you have config_search_{loc,ia}. Add documentation for
config_finalize_regsiter, too. Mostly fixes PR#32106 by Gavan Fantom, as I
think the cfdriver_* and cfattach_* stuff should be documented too, but I'm
not entirely sure where yet.
I have commited a different version than in the PR, it lacks a license
but if it warrants one we can stick the TNF standard on it. It's just
a main() routine that calls revoke(2).
plist-based messages and to eliminate looping previously required to
receive a plist from the kernel:
- prop_dictionary_copyin_ioctl() and prop_dictionary_copyout_ioctl()
now take the cmd argument rather than the file open flag. The
read-ness or write-ness of an ioctl command is checked by these
routines to ensure that information is being passed to/from the
userland component properly.
- prop_dictionary_copyout_ioctl() now allocates the memory for the
XML plist on behalf of the userland component by way of uvm_mmap().
The XML plist is copied out to the newly-mapped anonymous region,
and the pointer returned via the plistref.
- prop_dictionary_recv_ioctl() is responsible for munmap()'ing the
region after parsing the XML plist into internal represenatation.
- A new prop_dictionary_sendrecv_ioctl() is added, allowing user space
code to send a dictionary to the kernel and receive one back as a
reply.
Update users of prop_kern for the API changes (Bluetooth).
This constitutes an ABI / protocol change -- but this will also be put
into NetBSD 4.0 so that the first proplib release will implement the new
scheme.
Fleming.
This one has some nice options -- for example, an admin can run right
after installing a system:
fpgen -D
and it will fingerprint a set of "common" system directories to the
default loaction. See the man-page for more stuff.
Performance-wise, here are results for both fpgen.sh (old) and this
new tool:
474.599u 574.335s 13:53.05 125.9% 0+0k 0+307io 0pf+0w
0.424u 0.131s 0:00.56 98.2% 0+0k 0+2io 0pf+0w
...guess which is which? (that's ~1500 times *faster*)
super-user and securelevel.
The securelevel part was compiled of text from both init(8) and OpenBSD's
securelevel(7), and brought in-sync with what we really do.
- have checkflist do a second possibly case insensitive check for
files which are missing from DESTDIR
- have postinstall require exact case matches for obsolete files
remove pseudo-device btdev(4) and inherent limitations
add bthub(4) which autoconfigures at bluetooth controllers as they
are enabled. bluetooth devices now attach here.
btdevctl(8) and its cache is updated to handle new semantics
etc/rc.d/btdevctl is updated to configure devices from a list
in /etc/bluetooth/btdevctl.conf
- Add a few scopes to the kernel: system, network, and machdep.
- Add a few more actions/sub-actions (requests), and start using them as
opposed to the KAUTH_GENERIC_ISSUSER place-holders.
- Introduce a basic set of listeners that implement our "traditional"
security model, called "bsd44". This is the default (and only) model we
have at the moment.
- Update all relevant documentation.
- Add some code and docs to help folks who want to actually use this stuff:
* There's a sample overlay model, sitting on-top of "bsd44", for
fast experimenting with tweaking just a subset of an existing model.
This is pretty cool because it's *really* straightforward to do stuff
you had to use ugly hacks for until now...
* And of course, documentation describing how to do the above for quick
reference, including code samples.
All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:
http://kauth.linbsd.org/kauthwiki
NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:
- Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
- Checks 'securelevel' directly,
- Checks a uid/gid directly.
(or if you feel you have to, contact me first)
This is still work in progress; It's far from being done, but now it'll
be a lot easier.
Relevant mailing list threads:
http://mail-index.netbsd.org/tech-security/2006/01/25/0011.htmlhttp://mail-index.netbsd.org/tech-security/2006/03/24/0001.htmlhttp://mail-index.netbsd.org/tech-security/2006/04/18/0000.htmlhttp://mail-index.netbsd.org/tech-security/2006/05/15/0000.htmlhttp://mail-index.netbsd.org/tech-security/2006/08/01/0000.htmlhttp://mail-index.netbsd.org/tech-security/2006/08/25/0000.html
Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).
Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.
Happy birthday Randi! :)
