around, use a common function for looking up and extracting the tunables
from the kernel environment. This saves duplicating the same function
over and over again. This way typically has an overhead of 8 bytes + the
path string, versus about 26 bytes + the path string.
blackhole(4), except that blackhole(4) uses sysctl's. This xref
obviously isn't appropriate unless we want to xref all the other man
pages which mention sysctls, which we obviously don't (we may want to
list those sysctls, but that's another story).
PR: 27937
Submitted by: yar
PR: bin/12489
- Use inet_ntoa(3) where it should have been used. This
part of code simply wasn't converted to the "new" style
after the routename() function was converted from the
protocol-generic version to protocol-specific version
in CSRG revision 5.6.
MFC after: 1 week
to be consistent with the -s flag. Updated documentation
on what this modifier does.
- Added the ``only'' keyword to the -s and -S flags, that
could be used to created "proxy-only" published entries.
Previously, arp(8) created an entry of this type only
in the absence of the route to a destination.
PR: bin/12357
MFC after: 1 week
as the current time. It's nice to know whether the talk request you
see was sent just a few minutes ago (assuming you didn't hear the
bell), or if it's been decaying for days (weeks?).
it from the Synopsis field. There's no reason for the subject to be
different, since all that does is cause confusion. Users may get
confused because they may think the subject and synopsis are supposed
to be different, and developers may get confused because it may look
like there are two different problems.
Requested by: ru
use of the extsts field in DMA descriptors. We need this to tell the chip
to calculate TCP/IP checksums in hardware on a per-packet basis.
- Fix the unions in DMA descriptor structures. Breakage on alpha led
me to realize I'd done it wrong the first time.
that device add/remove will work without usbd running. usbd is still
used for execing stuff, but that is all now. Ideally it could be replaced
by a devd some day. Until now, usbd had to be running so that the
USB_DISCOVER ioctl could be called to walk the tree when an attachment
status change was noticed.
Among the changes:
- when a detach happens, remove any pending 'attach' messages or the system
suffers from whiplash from exec moused / kill moused loops if you do lots
of attach/detach and later start usbd.
- tweaks related to kthread differences
- disable the select handler for the old interface (never return success).
I have not removed it yet or old usbd's will abort. That can get removed
later once usbd is cleaned up and things have stabilized for a few weeks.
- get Giant in the kthread.
- a couple of minor potential bug fixes (usb_nevents vs malloc failure etc)
Pre-approved by: n_hibma (ages and ages ago)
One way we can reduce the amount of traffic we send in response to a SYN
flood is to eliminate the RST we send when removing a connection from
the listen queue. Since we are being flooded, we can assume that the
majority of connections in the queue are bogus. Our RST is unwanted
by these hosts, just as our SYN-ACK was. Genuine connection attempts
will result in hosts responding to our SYN-ACK with an ACK packet. We
will automatically return a RST response to their ACK when it gets to us
if the connection has been dropped, so the early RST doesn't serve the
genuine class of connections much. In summary, we can reduce the number
of packets we send by a factor of two without any loss in functionality
by ensuring that RST packets are not sent when dropping a connection
from the listen queue.
Submitted by: Mike Silbersack <silby@silby.com>
Reviewed by: jesper
MFC after: 2 weeks
Source rc.conf and use ${firewall_script} instead of rc.firewall.
Textwidth formatting of comments and text.
PR:
Submitted by: Maxim <maxim@news1.macomnet.ru>
(sorry if I got name/email/committer status wrong :)