and modify the BEGEMOT-PF-MIB to add support for IPV6 address' statistics in the PF
tables via pfTablesAddrNetType and pfTablesAddrNet. While here, upgrade the
pf_tree.def file to the new format that includes enumerated values. Also make sure
to return SNMP_ERR_NOSUCHNAME for ALTQ objects, if ALTQ is disabled, so that the agent
will know to skip the pfAltq subtree when servicing GETNEXT requests from SNMP clients
(otherwise snmpwalk on begemotPf would stop at the pfAltq subtree with bsnmpd returning
SNMP_ERR_GENERR).
then find a specific entry, and get the requested value. So far, it found
the specific entry, refreshed the entry list if necessary, and got the
requested value from the found entry. The problem is that refreshing nukes
all old entries and replaces them with new ones and the obtained entry
pointer was no longer valid after the refresh.
Reviewed by: bz, philip
MFC after: 1 week
Right now if a jail has multiple IPv6 addresses, it will print them
shifting only 4 bytes at a time. Example:
2001:4dd0:ff41::b23f:a9
2001:4dd0:ff41::b23f:aa
Becomes:
2001:4dd0:ff41::b23f:a9
ff41::b23f:a9:2001:4dd0
By casting to in6_addr, it uses the correct offsets.
MFC after: 1 week
and enforce this in the code. Apparently a lot of users mistakenly
combine -a with these flags and are then mystified that no changes
were made.
While I'm here, fix a trailing space in mergemaster.8
pmc_flush_logfile is now non-blocking and just ask the kernel
to shutdown the file. From that point, no more data is
accepted by the log thread and when the last buffer is flushed
the file is closed.
This will remove a deadlock between pmcstat asking for
flush while it cannot flush the pipe itself.
MFC after: 3 days
- no display on serial terminal in top mode.
- display alignment for continuation string.
- correct invalid value used for display limit.
MFC after: 3 days
uid_t and gid_t are unsigned. While initializing them to -1 and later
checking against -1 to see if they are still at their default usually
works, introduce two new flags and stop the inband signalling.
Approved by: ed (co-mentor)
The Makefiles are leftovers from the copies and should live in usr.sbin/zic/*
From usr.sbin/zic:
The sources are from a vendor contributed source, therefore should
live in contrib/tzcode/zic.
du(1), cp(1) etc, to prevent the crossing of mountpoints whilst using the
commands recursively.
PR: bin/130855
Submitted by: keramida
MFC after: 1 month
mpt(4) controller. Previously, the code assumed that multiple match
patterns provided to an XPT_DEV_MATCH request were ANDed together.
Instead, they are ORed. Instead, to match peripherals for a specific bus,
one query needs to be performed to lookup the path ID of the bus. A second
query can then be performed matching peripherals attached to that path.
This approach also makes the code a bit cleaner as the returned match
results do not mix bus and perphierals.
Reported by: several folks
MFC after: 1 week
present. mpt(4) controllers that do not support RAID do not have an IOC6
page, for example.
- Correct a check for a missing page error in a debug function.
MFC after: 1 week
- Kcachegrind (calltree) support with assembly/source
code mapping and call count estimator (-F).
- Top mode for calltree and callgraph plugin (-T).
MFC after: 1 month
interfaces (such as when you are part of a carp pool), and you run
rpcbind -h to restrict which interfaces have rpc services, rpcbind can
none-the-less return addresses that aren't in the -h list. This patch
enforces the rule that when you specify -h on the command line, then
services returned from rpcbind must be to one of the addresses listed
in -h, or be a loopback address (since localhost is implicit when
running -h).
The root cause of this is the assumption in addrmerge that there can
be only one interface that matches a given network IP address. This
turns out not to be the case. To retain historical behavior, I didn't
try to fix the routine to prefer the address that the request came
into, since I didn't know the side effects that might cause in the
normal case. My quick analysis suggests that it wouldn't be a
problem, but since this code is tricky I opted for the more
conservative patch of only restricting the reply when -h is in effect.
Hence, this change will have no effect when you are running rpcbind
without -h.
Reviewed by: alfred@
Sponsored by: iX Systems
MFC after: 2 weeks
due to careful design. We've not yet figured out how to properly
annotate the sockaddr structs to communicate this to the compiler and
there's a number of constructs in the tree that make this annotation
challenging.
As such, reduce warns to 3 here because this code really isn't warns 6
safe, even if it kinda sorta appears to be on intel (which has no such
alignment restrictions). Warns 4 adds the -Wcast-align warning.
# fixes the mips tinderbox build
interface specifier on the command line can be ommited.
Besides of this, the bpf is being reused for each machine
that has to be woken up.
Submitted by: Marc Balmer <marc@msys.ch>
Some Exchange systems wrap lines over 75 characters long while converting
messages to quoted-printable, preventing ctm_rmail from reassembling
emailed deltas. For a negligible loss of encoding efficiency, this change
allows ctm deltas to once more pass through Exchange undamaged.
longer than the length of the current attribute if the buffer were reused
and previously longer, so bits of the previous, longer attribute would be
written. Fix this by using the actual attribute length.
which stops to proceed further, as it is possible that processes which
fails to create PID file get screwed by rotation.
Requested by: stas
MFC after: 2 weeks
X-MFC with: r200806
whether to use source address selection (default) or the primary
jail address for unbound outgoing connections.
This is intended to be used by people upgrading from single-IP
jails to multi-IP jails but not having to change firewall rules,
application ACLs, ... but to force their connections (unless
otherwise changed) to the primry jail IP they had been used for
years, as well as for people prefering to implement similar policies.
Note that for IPv6, if configured incorrectly, this might lead to
scope violations, which single-IPv6 jails could as well, as by the
design of jails. [1]
Reviewed by: jamie, hrs (ipv6 part)
Pointed out by: hrs [1]
MFC After: 2 weeks
Asked for by: Jase Thew (bazerka beardz.net)
While there, fix a bug I introduced previously. We must reopen the
database for each username passed on the command line. We must rewind
the database and search from the beginning.
Similar to last(1), it must compare ut_id's instead of TTYs to determine
whether a session has been terminated. It must also use ut_type to
determine the type of the login record instead figuring it out by
itself.
A nice thing about utmpx is that it makes it very easy to log sessions
that don't use TTYs. This is because the file is not indexed by TTY
slots anymore.
Silence from: brian
from standard 3G wireless units by supplying a raw IP/IPv6 endpoint rather than
using PPP over serial. uhsoctl(1) is used to initiate and close the WAN
connection.
Obtained from: Fredrik Lindberg <fli@shapeshifter.se>
Update delete_temproot() to include the error message if it fails,
and clean up the places where it's called.
If there are no files left in temproot when the comparison is done
delete it without prompting. This should make "automated" runs of
mergemaster without -a a little easier.
Document the new behavior in the man page.
Std 1003.1-2008. Both Linux and Solaris conforms to the new definitions,
so we better follow too (older glibc used old BSDish alphasort prototype
and corresponding type of the comparision function for scandir). While
there, change the definitions of the functions to ANSI C and fix several
style issues nearby.
Remove requirement for "sys/types.h" include for functions from manpage.
POSIX also requires that alphasort(3) sorts as if strcoll(3) was used,
but leave the strcmp(3) call in the function for now.
Adapt in-tree callers of scandir(3) to new declaration. The fact that
select_sections() from catman(1) could modify supplied struct dirent is
a bug.
PR: standards/142255
MFC after: 2 weeks
Even though it builds with WARNS=2, some users link sendmail from the
base system against SASL. This doesn't build in this case.
Reported by: Andrzej Tobola <ato iem pw edu pl>
an "rc file only" option by design.
While I'm here, update the comments in the example rc file to indicate
which command line options they relate to, and correct the defaults
for a couple of options.
1. Don't prompt the user for "-U but no db" error if we're using -a
2. Add an option to delete stale rc.d files automatically if the user
has DELETE_STALE_RC_FILES in their rc file. Lack of command line option
for this is not an oversight.
3. Add []'s around the terminal $ for the $FreeBSD$ test for -F
For one bug raised by jhb I did a more thorough solution:
There were a lot of things that "snuck in" between the end of the test
for -r and the start of the comparison. One of them is the creation of
the mtree db, as pointed out by jhb. Fix this problem more thoroughly
by moving the end of the test down to where it should/used to be, right
before the comparison. As a result, indent the interloping code to match.
IFF_POINTOPOINT link types. The reason was due to the routing
entry returned from the kernel covering the remote end is of an
interface type that does not support ARP. This patch fixes this
problem by providing a hint to the kernel routing code, which
indicates the prefix route instead of the PPP host route should
be returned to the caller. Since a host route to the local end
point is also added into the routing table, and there could be
multiple such instantiations due to multiple PPP links can be
created with the same local end IP address, this patch also fixes
the loopback route installation failure problem observed prior to
this patch. The reference count of loopback route to local end would
be either incremented or decremented. The first instantiation would
create the entry and the last removal would delete the route entry.
MFC after: 5 days