root is allowed to create raw sockets, then they will be able to create
routing sockets, too. However prison-root is not able to manipulate
routing tables. So when route(8) attempts to write to a routing
socket and recieves EPERM from the kernel, exit rather than moving
on with execution.
Approved by: bmilekic (mentor)
violate POLA a little less by not requiring exactly two spaces in front
of the entry (and silently discarding any non-matching entry). We now
recognize anything starting with a letter followed by a colon as the
first non-space chars as a partition entry.
depending on namespace pollution in <sys/stat.h>. struct bintime is
only needed to satisfy leakage of kernel interfaces to userland and
namespace bugs in those interfaces...
This little thing can cause a deadlock, because taste mechanism start
to work after creation of ggate provider and I/O requests are sent from
other classes from the g_event thread, so number of pending events isn't 0.
Now ggatec(8) start second handshake and ggated(8) is trying to open
GEOM provider (for example md(4)) and it can't, because it hangs on
g_waitidle() in g_dev_open(). g_waitidle() cannot finish because
there is a pending read on event queue, and this read can't be
finished, because ggated(8) can't open target device.
GEOM Gate will recover from this deadlock, because requests will
timeout, but it of course isn't the best solution and I don't know
better one for now, so we should avoid opening GEOM providers while
there are pending requests in event queue.
not endian agnostic and thus will create big-endian GPTs on sparc64.
This we don't support. So, before gpt(8) can be used on a big-endian
machine, it has to deal with the endianness.
prior sysctl due to the structure growing between calls try again.
Also try again for deleting routes if things fail. We've seen
route -f fail this way which does not actually flush all routes.
This fixes it. It will whine but it will do the work.
PR: 56732
Obtained from: IronPort
libufs, which only works for Charlie root.
This change reverts the introduction of libufs and moves the
check into the kernel. Since the f_fstypename is the same
for both ufs and ufs2, we check fs_magic for presence of
ufs2 and copy "ufs2" explicitly instead.
Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
source address of a packet exists in the routing table. The
default route is ignored because it would match everything and
render the check pointless.
This option is very useful for routers with a complete view of
the Internet (BGP) in the routing table to reject packets with
spoofed or unrouteable source addresses.
Example:
ipfw add 1000 deny ip from any to any not versrcreach
also known in Cisco-speak as:
ip verify unicast source reachable-via any
Reviewed by: luigi
use backup methods other than files and tapes. The -P argument is
a normal sh(1) pipeline with either $DUMP_VOLUME or $RESTORE_VOLUME
defined in the environment, respectively.
For example, I can back up my home to three DVD+R[W]s as so:
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad0s2e 40028550 10093140 26733126 27% /home
green# dump -0 -L -C16 -B4589840 -P 'growisofs -Z /dev/cd0=/dev/fd/0' /home
the NOKERNINFO flag only marginally de-clutters the output and
has a number of unwanted side effects:
o The kernel info might be what you want to see
o ^T is left non-functional if ping is killed non-cleanly
o "ping -q foo &" gets suspended on tty output
Encouraged by: bde
Now, if we have for example: ad0s1 ad0s1c ad2s1 ad2s1c and we will try
to do: gconcat label foo /dev/ad0s1 /dev/ad2s1 we'll get a panic:
panic: spoiled but dcr = 1
for inside of geom_slice class, backtrace shows:
g_access()
g_slice_access()
g_access()
g_concat_read_metadata()
We need to get a proper fix for this race before geom(8) will be committed.
WARNS=6. I don't change the WARNS level in the Makefile because I
didn't tested this on other archs.
The fs.h fix was suggested by: marcel
Reviewed by: md5(1)
- Use the %jd format and a cast to intmax_t to print an int64_t.
- The return type of getopt() is an int, not a char.
This fixes some warnings but there's still much more work to do here.
