| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
connections. Including a flag to instead output a sequence of tcpdrop(8)
invocations that would accomplish the same thing, which is convenient for
scripting.
o) Make tcpdrop complain if the addresses given to it are entirely in different
address families, rather than failing silently.
o) When cross-referencing httpd(8), do not explicitly specify the apache2 port,
since the example in question is generic.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Enable WARNS?=6.
- Include missing headers.
- Mark prog and pidfile as static. Remove unneeded initializer.
- Use ANSI prototypes.
- Remove unneeded fp variable.
- snprintf() guarantees the buffer to be null terminated. Remove
unneeded - 1 and bzero call.
- Remove unneeded casting.
Submitted by: Pawel Worach, Christoph Mallon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lots of new features compared to 9.4.x, including:
Full NSEC3 support
Automatic zone re-signing
New update-policy methods tcp-self and 6to4-self
DHCID support.
More detailed statistics counters including those supported in BIND 8.
Faster ACL processing.
Efficient LRU cache-cleaning mechanism.
NSID support.
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Mark internal routines as static;
- Eliminate unused parameters where possible, mark __unused for others;
- Remove unused variables;
- Use %jd for int64_t values in printf();
- Add appropriate %d for printf to match its parameter;
- Rename a variable to resolve conflict with revoke(2);
Reviewed by: rmacklem
Tested with: make universe (bugs are mine)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The system hostname is now stored in prison0, and the global variable
"hostname" has been removed, as has the hostname_mtx mutex. Jails may
have their own host information, or they may inherit it from the
parent/system. The proper way to read the hostname is via
getcredhostname(), which will copy either the hostname associated with
the passed cred, or the system hostname if you pass NULL. The system
hostname can still be accessed directly (and without locking) at
prison0.pr_host, but that should be avoided where possible.
The "similar information" referred to is domainname, hostid, and
hostuuid, which have also become prison parameters and had their
associated global variables removed.
Approved by: bz (mentor)
|
|
|
|
| |
Approved by: bz (mentor)
|
|
|
|
|
|
|
| |
confusion, since it does not refer to IPv4 nor NFSv4, but to
running the experimental server instead of the regular one.
Approved by: kib (mentor)
|
|
|
|
|
|
|
|
|
|
|
|
| |
regular one. It now takes a "-4" command line argument to force it
to use the experimental server. Otherwise it will use the regular
server unless the experimental server is the only one linked into
the kernel. A third kind of line has been added to /etc/exports,
which is specific to NFSv4 and defines where the NFSv4 tree root is
and can be used to limit access to NFSv4 state handling operations
that do not use any file handle.
Approved by: kib (mentor)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ip6_input.c, in6.h:
* Add netinet6-specific mbuf flag M_RTALERT_MLD, shadowing M_PROTO6.
* Always set this flag if HBH Router Alert option is present for MLD,
even when not forwarding.
icmp6.c:
* In icmp6_input(), spell m->m_pkthdr.rcvif as ifp to be consistent.
* Use scope ID for verifying input. Do not apply SSM filters here, no inpcb.
* Check for M_RTALERT_MLD when validating MLD traffic, as we can't see
IPv6 hop options outside of ip6_input().
in6_mcast.c:
* Use KAME scope/zone ID in in6_multi.
* Update net.inet6.ip6.mcast.filters implementation to use scope IDs
for comparisons.
* Fix scope ID treatment in multicast socket option processing.
Scope IDs passed in from userland will be ignored as other less
ambiguous APIs exist for specifying the link.
* Tighten userland input checks in IPv6 SSM delta and full-state ops.
* Source filter embedded scope IDs need to be revisited, for now
just clear them and ignore them on input.
* Adapt KAME behaviour of looking up the scope ID in the default zone
for multicast leaves, when the interface is ambiguous.
mld6.c:
* Tighten origin checks on MLD traffic as per RFC3810 Section 6.2:
* ip6_src MAY be the unspecified address for MLDv1 reports.
* ip6_src MAY have link-local address scope for MLDv1 reports,
MLDv1 queries, and MLDv2 queries.
* Perform address field validation *before* accepting queries.
* Use KAME scope/zone ID in query/report processing.
* Break const correctness for mld_v1_input_report(), mld_v1_input_query()
as we temporarily modify the input mbuf chain.
* Clear the scope ID before handoff to userland MLD daemon.
* Fix MLDv1 old querier present timer processing.
With the protocol defaults, hosts should revert to MLDv2 after 260s.
* Add net.inet6.mld.v1enable sysctl, default to on.
ifmcstat.c:
* Use sysctl by default; -K requests kvm(3) if so compiled.
mld.4:
* Connect man page to build.
Tested using PCS.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and jail_get(2). Jail(8) can now create jails using a "name=value"
format instead of just specifying a limited set of fixed parameters; it
can also modify parameters of existing jails. Jls(8) can display all
parameters of jails, or a specified set of parameters. The available
parameters are gathered from the kernel, and not hard-coded into these
programs.
Small patches on killall(1) and jexec(8) to support jail names with
jail_get(2).
Approved by: bz (mentor)
|
|
|
|
|
|
| |
- Clarify the license for the tzcode: public domain
MFC after: 1 month
|
|
|
|
|
|
|
|
|
|
|
|
| |
are specifically used by the experimental nfsv4 subsystem.
nfscbd - The NFSv4 client callback daemon.
nfsuserd - The NFSv4 daemon that maps between user and group name
and their corresponding uid/gid numbers.
nfsdumpstate - A utility that dumps out the NFSv4 Open/Lock state.
nfsrevoke - Administratively revokes an NFSv4 client, releasing all
NFSv4 Open/Lock state it holds on the server.
Approved by: kib (mentor)
|
|
|
|
|
|
|
|
|
|
|
| |
timer with a <0.05 second delta next to it.
This is done by avoiding the possibility of updating the first residual
time delta in the timer list to zero.
PR: 102747
Submitted by: Sergey Zaharchenko - doublef-ctm at yandex dot ru
MFC after: 3 weeks
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes the addition of a new flag "-4" that will force
use of the experimental server with nfsv4 support in it. This
commit also adds two new man pages to the repository that are
NFSv4 specific. One describes the file used by the server to
restart nfsv4 services safely. The other is a brief overview
of nfsv4 and its setup.
Reviewed by: dfr
Approved by: kib (mentor)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade of the tzcode from 2004a to 2009e.
Changes are numerous, but include...
- New format of the output of zic, which supports both 32 and 64
bit time_t formats.
- zdump on 64 bit platforms will actually produce some output instead
of doing nothing for a looooooooong time.
- linux_base-fX, with X >= at least 8, will work without problems related
to the local time again.
The original patch, based on the 2008e, has been running for a long
time on both my laptop and desktop machine and have been tested by
other people.
After the installation of this code and the running of zic(8), you
need to run tzsetup(8) again to install the new datafile.
Approved by: wollman@ for usr.sbin/zic
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
asked to verify a passwd file (pwd_mkdb -C).
Entries with oversized usernames are still permitted when building
the passwd database.
When entries are >= MAXLOGNAME in length, they are correctly stored
in passwd, pwd.db and spwd.db but are only correctly retrieved by
getpwent*() and getpwuid*(). getpwnam*() truncates to MAXLOGNAME - 1
when reading from a file (breaking at least sh, tcsh and bash)
and utilities such as su(1) check, complain and fail if the
passed name is >= MAXLOGNAME in length.
MFC after: 3 weeks
|
|
|
|
|
| |
Submitted by: pav
MFC after: 1 week
|
|
|
|
|
| |
Tested by: Daniel O'Connor <doconnor -at- gsoft -dot- com -dot- au>
MFC after: 3 days
|
|
|
|
|
| |
PR: bin/129360
Submitted by: Ulrich Spoerlein
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. In several places make sure that the mtree database is not empty using
the -s argument to test instead of -f. (I thought I'd already changed this,
but obviously not.)
2. When deriving the list of changed files use a colon-delimited list.
3. If the list of changed files is empty, unset the variable, and test
for a non-empty CHANGED in diff_loop() before entering that routine.
Enhance the speed of the -U option by using an internal case statement
instead of echoing the variable to an external grep for every file.
Fix indentation on one line.
|
|
|
|
|
|
| |
in "Service jails."
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
|
|
|
|
|
|
|
| |
netDev option in install.cfg.
Submitted by: randi
MFC after: 1 week
|
|
|
|
| |
Reviewed by: cperciva
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
import from p4 bms_netdev. Summary of changes:
* Connect netinet6/in6_mcast.c to build.
The legacy KAME KPIs are mostly preserved.
* Eliminate now dead code from ip6_output.c.
Don't do mbuf bingo, we are not going to do RFC 2292 style
CMSG tricks for multicast options as they are not required
by any current IPv6 normative reference.
* Refactor transports (UDP, raw_ip6) to do own mcast filtering.
SCTP, TCP unaffected by this change.
* Add ip6_msource, in6_msource structs to in6_var.h.
* Hookup mld_ifinfo state to in6_ifextra, allocate from
domifattach path.
* Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
Kernel consumers which need this should use in6m_lookup().
* Refactor IPv6 socket group memberships to use a vector (like IPv4).
* Update ifmcstat(8) for IPv6 SSM.
* Add witness lock order for IN6_MULTI_LOCK.
* Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
* Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
* Update carp(4) for new IPv6 SSM KPIs.
* Virtualize ip6_mrouter socket.
Changes mostly localized to IPv6 MROUTING.
* Don't do a local group lookup in MROUTING.
* Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
* Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
* Bump __FreeBSD_version to 800084.
* Update UPDATING.
NOTE WELL:
* This code hasn't been tested against real MLDv2 queriers
(yet), although the on-wire protocol has been verified in Wireshark.
* There are a few unresolved issues in the socket layer APIs to
do with scope ID propagation.
* There is a LOR present in ip6_output()'s use of
in6_setscope() which needs to be resolved. See comments in mld6.c.
This is believed to be benign and can't be avoided for the moment
without re-introducing an indirect netisr.
This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
|
|
|
|
|
|
|
| |
to a 2 clause BSD license.
Approved by: phk
Approved by: bz (mentor)
|
| |
|
|
|
|
|
|
| |
PR: docs/134053
Submitted by: Bob Van Zant <bob@veznat.com>
MFC after: 1 week
|
|
|
|
|
|
| |
PR: docs/134070
Submitted by: Frank Shute <frank@shute.org.uk>
MFC after: 1 week
|
|
|
|
|
|
|
|
| |
appeared in FreeBSD.
PR: 133785
Submitted by: Ulrich Spoerlein <uqs@spoerlein.net>
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
| |
so that a ppp running in `receiver' (server) mode can properly
update routes, for example to update the MTU.
Submitted by: loos.br gmail.com (Luiz Otavio O Souza)
PR: bin/130159
PR: kern/125079, kern/122068, bin/126892
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
stability, check for gw to be set before adding the flag and the address
to the routing message.
r186308, backed out in r191305, already tried to do that, and in addition
ignore AF_LINK types of gateway addresses to work around a problem that
r167797 had introduced on the kernel side always setting RTF_GATEWAY if a
gateway address was passed into the kernel.
The proper solution for this is still under discussion so I am hesitant to
re-add the special AF_LINK treatment for now.
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
| |
in case of AF_LINK, which the kernel still returns for an RTAX_GATEWAY
as an empty sockaddr_dl in the classic tun<n> case.
Copying the address into the message payload, but not the RTA_GATEWAY
flag results in rt_xaddrs() in the kernel tripping over that and parsing
the next attribute set with a flag, i.e. RTA_NETMASK, with the gateway
address, resulting in bogus route entry.
MFC after: 3 days
|
|
|
|
| |
MFC after: 3 days
|
|
|
|
|
| |
Submitted by: mav
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
| |
registers.
- Cleanup PCI-X capability printf to not leave a dangling "supports" for
some PCI-X bridges.
- Display additional PCI express details including the negotiated and max
link width and the actual and maximum supported max payload.
MFC after: 1 month
|
| |
|
|
|
|
| |
Pointed out by: pluknet at gmail.com
|
| |
|
|
|
|
|
|
|
|
|
| |
we were not properly handling proxy arp. Make sure we (try to) add
the proxy arp entry/entries in this case as well.
PR: bin/131250
Submitted by: loos.br gmail.com (Luiz Otavio O Souza)
MFC after: 3 days
|
| |
|
|
|
|
| |
Reviewed by: brueffer
|
|
|
|
|
|
| |
machine-specific flags to match but ar5523.bin doesn't have.
Pointed by: marcel
|
|
|
|
| |
uath(4).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not only did these two drivers depend on IFF_NEEDSGIANT, they were
broken 7 months ago during the MPSAFE TTY import. if_ppp(4) has been
replaced by ppp(8). There is no replacement for if_sl(4).
If we see regressions in for example the ports tree, we should just use
__FreeBSD_version 800045 to check whether if_ppp(4) and if_sl(4) are
present. Version 800045 is used to denote the import of MPSAFE TTY.
Discussed with: rwatson, but also rwatson's IFF_NEEDSGIANT emails on the
lists.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Don't exit with a zero status code when no jails are configured
on a system.
- Style: simplify some code constructs.
- If a single jail cannot be found, let the caller print a nicer
diagnostic message.
Reviewed by: bz
MFC after: 3 days
|