s/should't/shouldn't/ and s/mistmatch/mismatch/ in comments.

Adapt to bignum representation of target.
Fix negotiation for mutual authentication.
Prepare for more CHAP types.
Fix crashes for invalid socket descriptors passed to kernel.
Protect usecount with connection mutex, avoids race on connection close.
Minor cosmetics.

branches: 1.13.28;
wether -> whether

Replace build option to enable hex encoded bignum parameters with a sysctl.

branches: 1.11.4;
- add a prefix to struct members (but not the ioctl ones because they affect
the API)
- use consistent variable names.

Several improvements to the ISCSI driver.

- Enable debug messages but set log level to be quiet. Provide a
system (hw.iscsi.debug) to set the log level at run time.
- Replace old tsleep/wakeup synchronization with mutexes and condvars.
- Defer actions from callouts (basically timeouts) to the cleanup thread.
- Protect lists and unique ids with mutexes. protect connection usecount
by using atomic operations.
- Assert kernel lock when calling into scsipi and network code.
- Use this to make send/receive/cleanup threads MPSAFE.

- Fix handling of out-of-CCB/out-of-PDU conditions against the scsipi layer.
- Bump number of PDUs to 128 to avoid virtually all out-of-PDU conditions

- Make use of softc structure for attach/detach operations.
- Track open file handles to prevent detach when busy.

- Move some global variables to make them static.

- Fix 'Overlapping Commands Attempted' error by marking commands as
simply ordered (ATTR_SIMPLE) like FreeBSD.

Remove ISCSI_TEST_MODE and corresponding dev/iscsi_test.h header.

Drop conditional support for writing large numbers as hex.

branches: 1.7.6;
avoid buffer overflow

branches: 1.6.2; 1.6.4;
Don't use common variables, also prefix global variables to avoid
namespace pollution.

Add more debugging, fix filehandle usage, login negotiation and session
shutdown.
Add #ifdef'd code to send negotiation parameters in hex instead of base64,
so it works against older Linux targets.

Close file descriptor passed into the kernel on success.
Fix locking of file handle. More cleanup on error paths.
Keep track of CCBs, so they cannot be used after a session ends.
Handle CCB timeouts even when the connection is terminated.
Compute firstdata, firstimmed correctly.

branches: 1.3.2;

Separate /dev/random pseudodevice implemenation from kernel entropy pool
implementation. Rewrite pseudodevice code to use cprng_strong(9).

The new pseudodevice is cloning, so each caller gets bits from a stream
generated with its own key. Users of /dev/urandom get their generators
keyed on a "best effort" basis -- the kernel will rekey generators
whenever the entropy pool hits the high water mark -- while users of
/dev/random get their generators rekeyed every time key-length bits
are output.

The underlying cprng_strong API can use AES-256 or AES-128, but we use
AES-128 because of concerns about related-key attacks on AES-256. This
improves performance (and reduces entropy pool depletion) significantly
for users of /dev/urandom but does cause users of /dev/random to rekey
twice as often.

Also fixes various bugs (including some missing locking and a reseed-counter
overflow in the CTR_DRBG code) found while testing this.

For long reads, this generator is approximately 20 times as fast as the
old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of
2.5MB/sec) and also uses a separate mutex per instance so concurrency
is greatly improved. For reads of typical key sizes for modern
cryptosystems (16-32 bytes) performance is about the same as the old
code: a little better for 32 bytes, a little worse for 16 bytes.

branches: 1.2.2;
Remove rnd_extract_data from the public kernel API (it is for use by the
stream generators only). Clean up some related minor issues.

branches: 1.1.2;
Start to move the in-kernel iSCSI initiator, kindly contributed to the
NetBSD Foundation by Wasabi Systems, from

othersrc/external/bsd/iscsi/sys/dev/iscsi

to

src/sys/dev/iscsi

Adapt to bignum representation of target.
Fix negotiation for mutual authentication.
Prepare for more CHAP types.
Fix crashes for invalid socket descriptors passed to kernel.
Protect usecount with connection mutex, avoids race on connection close.
Minor cosmetics.

wether -> whether

Replace build option to enable hex encoded bignum parameters with a sysctl.

branches: 1.11.4;
- add a prefix to struct members (but not the ioctl ones because they affect
the API)
- use consistent variable names.

Several improvements to the ISCSI driver.

- Enable debug messages but set log level to be quiet. Provide a
system (hw.iscsi.debug) to set the log level at run time.
- Replace old tsleep/wakeup synchronization with mutexes and condvars.
- Defer actions from callouts (basically timeouts) to the cleanup thread.
- Protect lists and unique ids with mutexes. protect connection usecount
by using atomic operations.
- Assert kernel lock when calling into scsipi and network code.
- Use this to make send/receive/cleanup threads MPSAFE.

- Fix handling of out-of-CCB/out-of-PDU conditions against the scsipi layer.
- Bump number of PDUs to 128 to avoid virtually all out-of-PDU conditions

- Make use of softc structure for attach/detach operations.
- Track open file handles to prevent detach when busy.

- Move some global variables to make them static.

- Fix 'Overlapping Commands Attempted' error by marking commands as
simply ordered (ATTR_SIMPLE) like FreeBSD.

Remove ISCSI_TEST_MODE and corresponding dev/iscsi_test.h header.

Drop conditional support for writing large numbers as hex.

branches: 1.7.6;
avoid buffer overflow

branches: 1.6.2; 1.6.4;
Don't use common variables, also prefix global variables to avoid
namespace pollution.

Add more debugging, fix filehandle usage, login negotiation and session
shutdown.
Add #ifdef'd code to send negotiation parameters in hex instead of base64,
so it works against older Linux targets.

Close file descriptor passed into the kernel on success.
Fix locking of file handle. More cleanup on error paths.
Keep track of CCBs, so they cannot be used after a session ends.
Handle CCB timeouts even when the connection is terminated.
Compute firstdata, firstimmed correctly.

branches: 1.3.2;

Separate /dev/random pseudodevice implemenation from kernel entropy pool
implementation. Rewrite pseudodevice code to use cprng_strong(9).

The new pseudodevice is cloning, so each caller gets bits from a stream
generated with its own key. Users of /dev/urandom get their generators
keyed on a "best effort" basis -- the kernel will rekey generators
whenever the entropy pool hits the high water mark -- while users of
/dev/random get their generators rekeyed every time key-length bits
are output.

The underlying cprng_strong API can use AES-256 or AES-128, but we use
AES-128 because of concerns about related-key attacks on AES-256. This
improves performance (and reduces entropy pool depletion) significantly
for users of /dev/urandom but does cause users of /dev/random to rekey
twice as often.

Also fixes various bugs (including some missing locking and a reseed-counter
overflow in the CTR_DRBG code) found while testing this.

For long reads, this generator is approximately 20 times as fast as the
old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of
2.5MB/sec) and also uses a separate mutex per instance so concurrency
is greatly improved. For reads of typical key sizes for modern
cryptosystems (16-32 bytes) performance is about the same as the old
code: a little better for 32 bytes, a little worse for 16 bytes.

branches: 1.2.2;
Remove rnd_extract_data from the public kernel API (it is for use by the
stream generators only). Clean up some related minor issues.

branches: 1.1.2;
Start to move the in-kernel iSCSI initiator, kindly contributed to the
NetBSD Foundation by Wasabi Systems, from

othersrc/external/bsd/iscsi/sys/dev/iscsi

to

src/sys/dev/iscsi

wether -> whether

Replace build option to enable hex encoded bignum parameters with a sysctl.

- add a prefix to struct members (but not the ioctl ones because they affect
the API)
- use consistent variable names.

Several improvements to the ISCSI driver.

- Enable debug messages but set log level to be quiet. Provide a
system (hw.iscsi.debug) to set the log level at run time.
- Replace old tsleep/wakeup synchronization with mutexes and condvars.
- Defer actions from callouts (basically timeouts) to the cleanup thread.
- Protect lists and unique ids with mutexes. protect connection usecount
by using atomic operations.
- Assert kernel lock when calling into scsipi and network code.
- Use this to make send/receive/cleanup threads MPSAFE.

- Fix handling of out-of-CCB/out-of-PDU conditions against the scsipi layer.
- Bump number of PDUs to 128 to avoid virtually all out-of-PDU conditions

- Make use of softc structure for attach/detach operations.
- Track open file handles to prevent detach when busy.

- Move some global variables to make them static.

- Fix 'Overlapping Commands Attempted' error by marking commands as
simply ordered (ATTR_SIMPLE) like FreeBSD.

Remove ISCSI_TEST_MODE and corresponding dev/iscsi_test.h header.

Drop conditional support for writing large numbers as hex.

branches: 1.7.6;
avoid buffer overflow

branches: 1.6.2; 1.6.4;
Don't use common variables, also prefix global variables to avoid
namespace pollution.

Add more debugging, fix filehandle usage, login negotiation and session
shutdown.
Add #ifdef'd code to send negotiation parameters in hex instead of base64,
so it works against older Linux targets.

Close file descriptor passed into the kernel on success.
Fix locking of file handle. More cleanup on error paths.
Keep track of CCBs, so they cannot be used after a session ends.
Handle CCB timeouts even when the connection is terminated.
Compute firstdata, firstimmed correctly.

branches: 1.3.2;

Separate /dev/random pseudodevice implemenation from kernel entropy pool
implementation. Rewrite pseudodevice code to use cprng_strong(9).

The new pseudodevice is cloning, so each caller gets bits from a stream
generated with its own key. Users of /dev/urandom get their generators
keyed on a "best effort" basis -- the kernel will rekey generators
whenever the entropy pool hits the high water mark -- while users of
/dev/random get their generators rekeyed every time key-length bits
are output.

The underlying cprng_strong API can use AES-256 or AES-128, but we use
AES-128 because of concerns about related-key attacks on AES-256. This
improves performance (and reduces entropy pool depletion) significantly
for users of /dev/urandom but does cause users of /dev/random to rekey
twice as often.

Also fixes various bugs (including some missing locking and a reseed-counter
overflow in the CTR_DRBG code) found while testing this.

For long reads, this generator is approximately 20 times as fast as the
old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of
2.5MB/sec) and also uses a separate mutex per instance so concurrency
is greatly improved. For reads of typical key sizes for modern
cryptosystems (16-32 bytes) performance is about the same as the old
code: a little better for 32 bytes, a little worse for 16 bytes.

branches: 1.2.2;
Remove rnd_extract_data from the public kernel API (it is for use by the
stream generators only). Clean up some related minor issues.

branches: 1.1.2;
Start to move the in-kernel iSCSI initiator, kindly contributed to the
NetBSD Foundation by Wasabi Systems, from

othersrc/external/bsd/iscsi/sys/dev/iscsi

to

src/sys/dev/iscsi

- add a prefix to struct members (but not the ioctl ones because they affect
the API)
- use consistent variable names.

Several improvements to the ISCSI driver.

- Enable debug messages but set log level to be quiet. Provide a
system (hw.iscsi.debug) to set the log level at run time.
- Replace old tsleep/wakeup synchronization with mutexes and condvars.
- Defer actions from callouts (basically timeouts) to the cleanup thread.
- Protect lists and unique ids with mutexes. protect connection usecount
by using atomic operations.
- Assert kernel lock when calling into scsipi and network code.
- Use this to make send/receive/cleanup threads MPSAFE.

- Fix handling of out-of-CCB/out-of-PDU conditions against the scsipi layer.
- Bump number of PDUs to 128 to avoid virtually all out-of-PDU conditions

- Make use of softc structure for attach/detach operations.
- Track open file handles to prevent detach when busy.

- Move some global variables to make them static.

- Fix 'Overlapping Commands Attempted' error by marking commands as
simply ordered (ATTR_SIMPLE) like FreeBSD.

Remove ISCSI_TEST_MODE and corresponding dev/iscsi_test.h header.

Drop conditional support for writing large numbers as hex.

branches: 1.7.6;
avoid buffer overflow

branches: 1.6.2; 1.6.4;
Don't use common variables, also prefix global variables to avoid
namespace pollution.

Add more debugging, fix filehandle usage, login negotiation and session
shutdown.
Add #ifdef'd code to send negotiation parameters in hex instead of base64,
so it works against older Linux targets.

Close file descriptor passed into the kernel on success.
Fix locking of file handle. More cleanup on error paths.
Keep track of CCBs, so they cannot be used after a session ends.
Handle CCB timeouts even when the connection is terminated.
Compute firstdata, firstimmed correctly.

branches: 1.3.2;

Separate /dev/random pseudodevice implemenation from kernel entropy pool
implementation. Rewrite pseudodevice code to use cprng_strong(9).

The new pseudodevice is cloning, so each caller gets bits from a stream
generated with its own key. Users of /dev/urandom get their generators
keyed on a "best effort" basis -- the kernel will rekey generators
whenever the entropy pool hits the high water mark -- while users of
/dev/random get their generators rekeyed every time key-length bits
are output.

The underlying cprng_strong API can use AES-256 or AES-128, but we use
AES-128 because of concerns about related-key attacks on AES-256. This
improves performance (and reduces entropy pool depletion) significantly
for users of /dev/urandom but does cause users of /dev/random to rekey
twice as often.

Also fixes various bugs (including some missing locking and a reseed-counter
overflow in the CTR_DRBG code) found while testing this.

For long reads, this generator is approximately 20 times as fast as the
old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of
2.5MB/sec) and also uses a separate mutex per instance so concurrency
is greatly improved. For reads of typical key sizes for modern
cryptosystems (16-32 bytes) performance is about the same as the old
code: a little better for 32 bytes, a little worse for 16 bytes.

branches: 1.2.2;
Remove rnd_extract_data from the public kernel API (it is for use by the
stream generators only). Clean up some related minor issues.

branches: 1.1.2;
Start to move the in-kernel iSCSI initiator, kindly contributed to the
NetBSD Foundation by Wasabi Systems, from

othersrc/external/bsd/iscsi/sys/dev/iscsi

to

src/sys/dev/iscsi

Several improvements to the ISCSI driver.

- Enable debug messages but set log level to be quiet. Provide a
system (hw.iscsi.debug) to set the log level at run time.
- Replace old tsleep/wakeup synchronization with mutexes and condvars.
- Defer actions from callouts (basically timeouts) to the cleanup thread.
- Protect lists and unique ids with mutexes. protect connection usecount
by using atomic operations.
- Assert kernel lock when calling into scsipi and network code.
- Use this to make send/receive/cleanup threads MPSAFE.

- Fix handling of out-of-CCB/out-of-PDU conditions against the scsipi layer.
- Bump number of PDUs to 128 to avoid virtually all out-of-PDU conditions

- Make use of softc structure for attach/detach operations.
- Track open file handles to prevent detach when busy.

- Move some global variables to make them static.

- Fix 'Overlapping Commands Attempted' error by marking commands as
simply ordered (ATTR_SIMPLE) like FreeBSD.

Remove ISCSI_TEST_MODE and corresponding dev/iscsi_test.h header.

Drop conditional support for writing large numbers as hex.

branches: 1.7.6;
avoid buffer overflow

branches: 1.6.2; 1.6.4;
Don't use common variables, also prefix global variables to avoid
namespace pollution.

Add more debugging, fix filehandle usage, login negotiation and session
shutdown.
Add #ifdef'd code to send negotiation parameters in hex instead of base64,
so it works against older Linux targets.

Close file descriptor passed into the kernel on success.
Fix locking of file handle. More cleanup on error paths.
Keep track of CCBs, so they cannot be used after a session ends.
Handle CCB timeouts even when the connection is terminated.
Compute firstdata, firstimmed correctly.

branches: 1.3.2;

Separate /dev/random pseudodevice implemenation from kernel entropy pool
implementation. Rewrite pseudodevice code to use cprng_strong(9).

The new pseudodevice is cloning, so each caller gets bits from a stream
generated with its own key. Users of /dev/urandom get their generators
keyed on a "best effort" basis -- the kernel will rekey generators
whenever the entropy pool hits the high water mark -- while users of
/dev/random get their generators rekeyed every time key-length bits
are output.

The underlying cprng_strong API can use AES-256 or AES-128, but we use
AES-128 because of concerns about related-key attacks on AES-256. This
improves performance (and reduces entropy pool depletion) significantly
for users of /dev/urandom but does cause users of /dev/random to rekey
twice as often.

Also fixes various bugs (including some missing locking and a reseed-counter
overflow in the CTR_DRBG code) found while testing this.

For long reads, this generator is approximately 20 times as fast as the
old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of
2.5MB/sec) and also uses a separate mutex per instance so concurrency
is greatly improved. For reads of typical key sizes for modern
cryptosystems (16-32 bytes) performance is about the same as the old
code: a little better for 32 bytes, a little worse for 16 bytes.

branches: 1.2.2;
Remove rnd_extract_data from the public kernel API (it is for use by the
stream generators only). Clean up some related minor issues.

branches: 1.1.2;
Start to move the in-kernel iSCSI initiator, kindly contributed to the
NetBSD Foundation by Wasabi Systems, from

othersrc/external/bsd/iscsi/sys/dev/iscsi

to

src/sys/dev/iscsi