| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
| |
Approved by: re (kib)
MFC after: 2 weeks
|
|
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
PR: 129554
Submitted by: gavin
MFC after: 3 weeks
|
|
|
|
|
|
| |
style(9) violations.
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
|
|
| |
Generate prototypes for our hash table.
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
|
|
|
| |
when debugging is turned off.
Rename debugging functions due to namespace violation.
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
|
|
| |
it just needs to have external linkage.
MFC after: 1 week
|
|
|
|
|
|
|
|
|
| |
choice of variable names for rc.conf and option name for the
experimental server.
Also replace the inaccurate description of the nfsv4 root lines
in /etc/exports, mostly with a reference to exports(5).
Approved by: kib (mentor)
|
|
|
|
|
|
|
| |
security.* and console.* are moved out of ftpd program block
Approved by: jhb (mentor)
MFC after: 2 weeks
|
|
|
|
|
|
|
| |
- While here, eliminate the check for len > 0 in ttymode_sysctl
as the code is able to handle this case well.
Reviewed by: ed (initial version)
|
| |
|
|
|
|
|
|
|
| |
Not only mark the strings inside the array as const, but do the same for
the elements of the array itself.
Submitted by: Christoph Mallon
|
|
|
|
|
| |
There is still an issue with the nlists, which I'm not quite sure how to
solve, so I'm leaving WARNS set to 3 right now.
|
|
|
|
|
| |
was never updated. Also, clean up the macro that caused the warning in the
first place (no functional changes, just wrapped and reindented).
|
|
|
|
|
|
| |
security.jail.* sysctls since jail_set(2) doesn't do it implicitly.
Approved by: bz (mentor)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
not exist to let the user know that it will be created for the next run.
2. Delete more stuff we're not going to use from the temproot prior to
creating the mtree database to dramatically reduce its size (162K -> 37K).
3. We've been deleting the zero-size files from temproot for a long time
now, so remove the spurious "-size +0" from the find command in the
comparison loop, and remove what is now a really stale comment.
|
| |
|
| |
|
|
|
|
| |
Submitted by: richardtoohey at paradise dot net dot nz on -doc
|
|
|
|
|
|
| |
set for RPC UDP sockets. Mountd uses internal libc fuctions
directly and bypasses generic socket initialization completely,
so we need to set IP_RECVDSTADDR here to match the libc behavior.
|
| |
|
|
|
|
|
|
|
|
|
| |
could be handled w/o fragmentation but clobbers user-specified values
such as those required when the interface is bridged.
Submitted by: jim@netgate.com
Reviewed by: Jouni Malinen
MFC after: 3 days
|
|
|
|
|
|
| |
new line.
Approved by: kib (mentor)
|
| |
|
|
|
|
|
|
|
| |
WITH_BIND_IDN
WITH_BIND_LARGE_FILE
WITH_BIND_SIGCHASE
WITH_BIND_XML
|
|
|
|
|
|
|
| |
PR: bin/133473
Submitted by: Rafal Grodzinski
Approved by: ed (mentor)
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
| |
connections. Including a flag to instead output a sequence of tcpdrop(8)
invocations that would accomplish the same thing, which is convenient for
scripting.
o) Make tcpdrop complain if the addresses given to it are entirely in different
address families, rather than failing silently.
o) When cross-referencing httpd(8), do not explicitly specify the apache2 port,
since the example in question is generic.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Enable WARNS?=6.
- Include missing headers.
- Mark prog and pidfile as static. Remove unneeded initializer.
- Use ANSI prototypes.
- Remove unneeded fp variable.
- snprintf() guarantees the buffer to be null terminated. Remove
unneeded - 1 and bzero call.
- Remove unneeded casting.
Submitted by: Pawel Worach, Christoph Mallon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lots of new features compared to 9.4.x, including:
Full NSEC3 support
Automatic zone re-signing
New update-policy methods tcp-self and 6to4-self
DHCID support.
More detailed statistics counters including those supported in BIND 8.
Faster ACL processing.
Efficient LRU cache-cleaning mechanism.
NSID support.
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Mark internal routines as static;
- Eliminate unused parameters where possible, mark __unused for others;
- Remove unused variables;
- Use %jd for int64_t values in printf();
- Add appropriate %d for printf to match its parameter;
- Rename a variable to resolve conflict with revoke(2);
Reviewed by: rmacklem
Tested with: make universe (bugs are mine)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The system hostname is now stored in prison0, and the global variable
"hostname" has been removed, as has the hostname_mtx mutex. Jails may
have their own host information, or they may inherit it from the
parent/system. The proper way to read the hostname is via
getcredhostname(), which will copy either the hostname associated with
the passed cred, or the system hostname if you pass NULL. The system
hostname can still be accessed directly (and without locking) at
prison0.pr_host, but that should be avoided where possible.
The "similar information" referred to is domainname, hostid, and
hostuuid, which have also become prison parameters and had their
associated global variables removed.
Approved by: bz (mentor)
|
|
|
|
| |
Approved by: bz (mentor)
|
|
|
|
|
|
|
| |
confusion, since it does not refer to IPv4 nor NFSv4, but to
running the experimental server instead of the regular one.
Approved by: kib (mentor)
|
|
|
|
|
|
|
|
|
|
|
|
| |
regular one. It now takes a "-4" command line argument to force it
to use the experimental server. Otherwise it will use the regular
server unless the experimental server is the only one linked into
the kernel. A third kind of line has been added to /etc/exports,
which is specific to NFSv4 and defines where the NFSv4 tree root is
and can be used to limit access to NFSv4 state handling operations
that do not use any file handle.
Approved by: kib (mentor)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ip6_input.c, in6.h:
* Add netinet6-specific mbuf flag M_RTALERT_MLD, shadowing M_PROTO6.
* Always set this flag if HBH Router Alert option is present for MLD,
even when not forwarding.
icmp6.c:
* In icmp6_input(), spell m->m_pkthdr.rcvif as ifp to be consistent.
* Use scope ID for verifying input. Do not apply SSM filters here, no inpcb.
* Check for M_RTALERT_MLD when validating MLD traffic, as we can't see
IPv6 hop options outside of ip6_input().
in6_mcast.c:
* Use KAME scope/zone ID in in6_multi.
* Update net.inet6.ip6.mcast.filters implementation to use scope IDs
for comparisons.
* Fix scope ID treatment in multicast socket option processing.
Scope IDs passed in from userland will be ignored as other less
ambiguous APIs exist for specifying the link.
* Tighten userland input checks in IPv6 SSM delta and full-state ops.
* Source filter embedded scope IDs need to be revisited, for now
just clear them and ignore them on input.
* Adapt KAME behaviour of looking up the scope ID in the default zone
for multicast leaves, when the interface is ambiguous.
mld6.c:
* Tighten origin checks on MLD traffic as per RFC3810 Section 6.2:
* ip6_src MAY be the unspecified address for MLDv1 reports.
* ip6_src MAY have link-local address scope for MLDv1 reports,
MLDv1 queries, and MLDv2 queries.
* Perform address field validation *before* accepting queries.
* Use KAME scope/zone ID in query/report processing.
* Break const correctness for mld_v1_input_report(), mld_v1_input_query()
as we temporarily modify the input mbuf chain.
* Clear the scope ID before handoff to userland MLD daemon.
* Fix MLDv1 old querier present timer processing.
With the protocol defaults, hosts should revert to MLDv2 after 260s.
* Add net.inet6.mld.v1enable sysctl, default to on.
ifmcstat.c:
* Use sysctl by default; -K requests kvm(3) if so compiled.
mld.4:
* Connect man page to build.
Tested using PCS.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and jail_get(2). Jail(8) can now create jails using a "name=value"
format instead of just specifying a limited set of fixed parameters; it
can also modify parameters of existing jails. Jls(8) can display all
parameters of jails, or a specified set of parameters. The available
parameters are gathered from the kernel, and not hard-coded into these
programs.
Small patches on killall(1) and jexec(8) to support jail names with
jail_get(2).
Approved by: bz (mentor)
|