"workstation" firewall types to be set from rc.conf so that rc.firewall
no longer needs local patching to be usable for those types. For now
I've set the variables in /etc/defaults/rc.conf to the previous defaults
in /etc/rc.firewall.
PR: bin/65258
Submitted by: Valentin Nechayev netch of netch.kiev.ua
Silence from: net
MFC after: 2 weeks
and "mask" variables into a single "net" variable that contains a full
network address (including either a netmask or prefix length at the user's
choice). Update the example settings to match.
MFC after: 2 weeks
Now we have a single /dev/snp device node, which can be opened by
watch(8) multiple times. Even though snp(4) will be dead as of next
week, it's nice having this in SVN, because:
- We may want to MFC it to RELENG_7.
- By the time we fix snp(4) again, it's already there, existing watch(8)
binaries should already work.
Just like bpf(4), I'm adding a symlink from snp0 to snp to remain binary
compatible.
This can be used to disable the 80pin cable check on systems which forget to
set the bit -- such as certain laptops and Soekris boards.
PR: kern/114605 (somewhat reworked)
Submitted by: marck
MFC after: 1 week
uuid_dec_be() functions. These routines are not part of the
DCE RPC API. They are provided for convenience.
Reviewed by: marcel
Obtained from: NetBSD
MFC after: 1 week
detect whether the integer division table is large enough to handle the
divisor. Before this change, the last two table elements were never used,
thus causing the slow path to be used for those divisors.
- Speedup the lock orderings lookup modifying the witness graph from a
linked tree to a matrix. A table lookup caches the lock orderings in
order to make a O(1) access for them. Any witness object has an unique
index withing this lookup cache table.
- Reduce the lock contention on w_mtx acquiring it only when the LOR
actually happens and not in a sane case. In order to do this don't totally
flush lock lists (per-CPU spinlocks list and per-thread sleeplocks list)
but check for ll_count anytime we need to have to verify allocations sanity.
- Introduce the function witness_thread_exit() in the witness namespace which
should verify a thread doesn't hold any witness occurrence why exiting.
- Rename the sysctl debug.witness.graphs into debug.witness.fullgraph and
add debug.witness.badstacks which prints out stacks for LOR revealed.
This is implemented using the stack(9) support, which makes WITNESS to be
dependent by the STACK option or by the DDB (including STACK) option.
- Fix style(9) for src/sys/kern/subr_witness.c
The hash table approach has been developed by Ilya Maykov on the behalf of
Isilon Systems which kindly released the patch.
Jeff Roberson, ported the patch to -CURRENT and fixed w_mtx contention, on the
behalf of Nokia.
Submitted by: Ilya Maykov <ivmaykov at gmail dot com> (Isilon Systems), jeff
Sponsored by: Nokia
bpf(4) now uses cdevpriv to distinguish multiple file descriptors, where
it used to be implemented using device cloning. Ports like libpcap
properly detect the change in their configure scripts, but it doesn't
hurt to increase __FreeBSD_version.
While there, change the bpf(4) manual page to refer to /dev/bpf instead
of /dev/bpfN.
Requested by: mlaier
that redzone adds to the allocation for storing its metadata is at least as
large as the metadata that it will store there.
Submitted by: Nima Misaghian
priority of some of the drivers that manage the same state (e.g. ichss0
vs est0). Specifically, powernow, est, and p4tcc are added at order 10,
ichss at order 20, and smist at order 30. Previously, some laptops were
seeing both ichss0 and est0 attaching and stomping on each other.
XXX: This isn't quite ideal, but works with the existing hacks, I think
what we really want instead is a single "speedstep0" device for CPUs
that the ichss, est, and smist drivers probe (but with differing
priorities).
MFC after: 1 week
Right now the bpf(4) driver uses the cloning API to generate /dev/bpf%u.
When an application such as tcpdump needs a BPF, it opens /dev/bpf0,
/dev/bpf1, etc. until it opens the first available device node. We used
this approach, because our devfs implementation didn't allow
per-descriptor data.
Now that we can, make it use devfs_get_cdevpriv() to obtain the private
data. To remain compatible with the existing implementation, add a
symlink from /dev/bpf0 to /dev/bpf. I've already changed libpcap to
compile with HAVE_CLONING_BPF, which makes it use /dev/bpf. There may be
other applications in the base system (dhclient) that use the loop to
obtain a valid bpf.
Discussed on: src-committers
Approved by: csjp
mounts, Linux won't even bother registering nlockmgr for UDP. This
causes nlm_get_rpc to fail, which means any attempts to deliver the
GRANTED callback fail. Add code to nlm_get_rpc to try to locate the
TCP version as well. If it finds it on TCP, it establishes
a clnt_reconnect to the host.
Submitted by: zachary.loafman at isilon.com
MFC after: 2 weeks
Compilation of the AVILA kernel failed because of two reasons:
- It needed curthread, which is defined through <sys/pcpu.h>.
- It still referred the softc's sc_mtx field, which has been replaced by
sc_lock three weeks ago.
To solve the first problem, I decided to include <sys/pcpu.h> in
<sys/sx.h>, which also seems to be done by <sys/mutex.h> and
<sys/rwlock.h>. Those header files also require curthread.
Approved by: jhb
the various copyouts associated with initializing the process's
argv/env data in userspace. It is possible that these copyout
operations can fault under memory pressure, possibly resulting
in dead locks. This is believed to be safe since none of the
copyout_strings() operations need to interact with the vnode here.
Submitted by: Zhouyi Zhou
PR: kern/111260
Discussed with: kib
MFC after: 3 weeks
