ethernet controllers. This adds support for the 3Com 3c996-T, the
SysKonnect SK-9D21 and SK-9D41, and the built-in gigE NICs on
Dell PowerEdge 2550 servers. The latter configuration hauls ass:
preliminary measurements show TCP speeds of over 900Mbps using
only normal size frames.
TCP/IP checksum offload, jumbo frames and VLAN tag insertion/stripping
are supported, as well as interrupt moderation.
Still need to fix autonegotiation support for 1000baseSX NICs, but
beyond that, driver is pretty solid.
+ implement "limit" rules, which permit to limit the number of sessions
between certain host pairs (according to masks). These are a special
type of stateful rules, which might be of interest in some cases.
See the ipfw manpage for details.
+ merge the list pointers and ipfw rule descriptors in the kernel, so
the code is smaller, faster and more readable. This patch basically
consists in replacing "foo->rule->bar" with "rule->bar" all over
the place.
I have been willing to do this for ages!
MFC after: 1 week
- Move the SPECIAL_FLAG #define up next to the NOHOLDER #define and fix a
little nit that caused it to be defined as -(sizeof (struct thread) + 1)
instead of -2.
for negotiation of timeout and file size to the tftp protocol. This
is required by some firmware like EFI boot managers (at least on
HP i2000 Itanium servers) in order to boot an image using tftp. The
attached patch implements the RFC, and in doing so also implements
RFC2347; a generic tftp option extension.
PR: 30710
Submitted by: Espen Skoglund <esk@ira.uka.de>
the current interrupt thread routines will guarantee the condition this is
checking for at a higher level but inthand_add() and inthand_remove() as
they currently exist don't satisfy this condition. (Which does need to be
fixed but which will take a bit more work.) This fixes shared interrupts.
'lpc tclean'. In some obscure cases, the previous version could cause a
valid user job to be removed (by 'clean'), due to invalid assumptions in
the sort routine. This was a rare problem, unless ctlinfo.c is compiled
with 'LEAVE_TMPCF_FILES' turned on (to check what that rtn was doing).
Reviewed by: Lack of outcry on -audit and freebsd-print@bostonradio.org
MFC after: 10 days
"build-tools". If we do not do this, the "depend" stage of
"buildworld" will build ``.depend'' and it will record the wrong
library and header dependencies (DESTDIR=${WORLDTMP}). Even worse,
the "all" stage may clobber build-architecture-format build tools
built in the "build-tools" stage with target-architecture-format ones.
Submitted by: ru
sio_lock has been initialized. This prevents the low level console
output (kernel printf) from clobbering the sio settings if the system
happens to be in the middle of comstart().
not referenced in Stevens, and does not compile with g++.
There is an equivalent structure, struct ipoption in ip_var.h
which is actually used in various parts of the kernel, and also referenced
in Stevens.
Bill Fenner also says:
... if you want the trivia, struct ip_opts was introduced
in in.h SCCS revision 7.9, on 6/28/1990, by Mike Karels.
struct ipoption was introduced in ip_var.h SCCS revision 6.5,
on 9/16/1985, by... Mike Karels.
MFC-after: 3 days
previous log message "/home/brooks/ng_gif.message" should have read:
Add a pair of new netgraph nodes. The ng_gif node is like ng_ether
except that it works on gif interfaces. The ng_gif_demux node attaches
to an ng_gif node to allow separate processing or discarding of
different types of encapsulated traffic.
are linking against does not have basename(). There is a buffer overflow
bug in lib/libc/gen/basename.c rev 1.1. There is no way for us to test
what revision of basename() we have in libc, thus this change.
Requested by: ru
PRISON_ROOT to the suser_xxx() check. Since securelevels may now
be raised in specific jails, use of system flags can still be
restricted in jail(), but in a more configurable way.
o Users of jail() expecting system flags (such as schg) to restrict
jail()'s should be sure to set the securelevel appropriately in
jail()'s.
o This fixes activities involving automated system flag removal in
jail(), including installkernel and friends.
Obtained from: TrustedBSD Project
securelevel_gt(), determine first if a local securelevel exists --
if so, perform the check based on imax(local, global). Otherwise,
simply use the global value.
o Note: even though local securelevels might lag below the global one,
if the global value is updated to higher than local values, maximum
will still be used, making the global dominant even if there is local
lag.
Obtained from: TrustedBSD Project
one is present in the current jail, otherwise, to return the global
securelevel.
o If the securelevel is being updated, require that it be greater than
the maximum of local and global, if a local securelevel exists,
otherwise, just maximum of the global. If there is a local
securelevel, update the local one instead of the global one.
o Note: this does allow local securelevels to lag behind the global one
as long as the local one is not updated following a global increase.
Obtained from: TrustedBSD Project
