thing to do (might have just as well put it under vfs). It's maybe too
late to change the name/location, but at least make it attach as part
of net so that using bpf does not mandate linking in the dev faction.
using radix / Patricia tree. Universal IPv4/IPv6 comparator for ptree(3)
was contributed by Matt Thomas.
- NPF tables: update regression tests, improve npfctl(8) error messages.
- Fix few bugs when using kernel modules and handle module autounloader.
- Few other fixes and misc cleanups.
- Bump the version.
initial work, and every one else who has tested things for me.
this is largely my fault at this point :-)
the main changes are something like:
- usbd_bus_methods{} gains a get_lock() to enable the
host controller to provide a lock for the USB code.
if the lock isn't provided, old-style protection is
(partially) applied.
- ehci/ohci/uhci have been converted to the new
interfaces, including mutex/cv/etc conversion.
- usbdivar.h contains a discussion about locking and
what locks are held for which method calls. more
to come for usbdi(9) here.
- audio drivers (uaudio, umidi, auvitek) have been
properly SMPified now that USB is ready.
- scsi drivers have been modified to take the kernel
lock explicitly before calling into scsi code.
- usb pipes are associated with a lock, that is the
same as the controller lock. (this could be split
up further in the future.)
- several usbfoo_locked() or usbfoo_unlocked()
functions have been added to the usbdi(9) to
enable functionality with or without the USB
lock (per controller) already being held.
the TODO.usbmp file has specific details on what is left to
do, including what device-specific changes should be done now
that the whole framework is ready.
1) Move core entropy-pool code and source/sink/sample management code
to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout
source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to
avoid expensive operations on disabled entropy sources; make the
rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might
have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM
system events, and skew between clocks, with a sample implementation
for each.
ok releng to go in before the branch due to the difficulty of later
pullup (widespread #ifdef removal and moved files). Tested with release
builds on amd64 and evbarm and live testing on amd64.
an element of the SRCS list. This should fix a problem in which build
products were created in the source tree.
Also add a comment about where COMPAT_50 is defined.
implementation. Rewrite pseudodevice code to use cprng_strong(9).
The new pseudodevice is cloning, so each caller gets bits from a stream
generated with its own key. Users of /dev/urandom get their generators
keyed on a "best effort" basis -- the kernel will rekey generators
whenever the entropy pool hits the high water mark -- while users of
/dev/random get their generators rekeyed every time key-length bits
are output.
The underlying cprng_strong API can use AES-256 or AES-128, but we use
AES-128 because of concerns about related-key attacks on AES-256. This
improves performance (and reduces entropy pool depletion) significantly
for users of /dev/urandom but does cause users of /dev/random to rekey
twice as often.
Also fixes various bugs (including some missing locking and a reseed-counter
overflow in the CTR_DRBG code) found while testing this.
For long reads, this generator is approximately 20 times as fast as the
old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of
2.5MB/sec) and also uses a separate mutex per instance so concurrency
is greatly improved. For reads of typical key sizes for modern
cryptosystems (16-32 bytes) performance is about the same as the old
code: a little better for 32 bytes, a little worse for 16 bytes.
