- fix a potential overrun made worse by rev 1.5 of camlib.h
- change strncpy() and strcpy() calls to strlcpy()
- use sizeof(string[]) instead of STRING_LEN to avoid future problems
- get rid of an unused variable
Thanks to BDE for pointing out some of the problems.
MFC after: 2 weeks
just send PROTO_IP packets when we've got only one link up in multi-link
mode.
Problem noted by: Adrian Close <adrian@fernhilltec.com.au>
MFC after: 1 week
with 16-bit ints, since u_short is promoted when it is passed to a
varargs function. gcc now warns about this. We always pass small
integers (this is well obuscated), so there are no conversion problems.
Fixed a related style bug (bogus cast).
-current, since offsetof() is defined a header under /sys so that
system sources don't need to have this wrong include.
This bug was only detected because my version of <stddef.h> has some
spelling fixes (s/field/member/g) and gcc is now sensitive to the spelling
of arg names in macros as required by standards (ISO C90 6.8.3...).
Get rid of the INTERNALSTATICLIB knob and just use plain INTERNALLIB.
INTERNALLIB now means to build static library only and don't install
anything. Added a NOINSTALLLIB knob for libpam/modules. To not
build any library at all, just do not set LIB.
Ipfw processing of frames at layer 2 can be enabled by the sysctl variable
net.link.ether.ipfw=1
Consider this feature experimental, because right now, the firewall
is invoked in the places indicated below, and controlled by the
sysctl variables listed on the right. As a consequence, a packet
can be filtered from 1 to 4 times depending on the path it follows,
which might make a ruleset a bit hard to follow.
I will add an ipfw option to tell if we want a given rule to apply
to ether_demux() and ether_output_frame(), but we have run out of
flags in the struct ip_fw so i need to think a bit on how to implement
this.
to upper layers
| |
+----------->-----------+
^ V
[ip_input] [ip_output] net.inet.ip.fw.enable=1
| |
^ V
[ether_demux] [ether_output_frame] net.link.ether.ipfw=1
| |
+->- [bdg_forward]-->---+ net.link.ether.bridge_ipfw=1
^ V
| |
to devices
o Minor grammar fixes.
o Sort SEE ALSO references, and add iostat(8).
o Delete punctuation at end of AUTHORS' section only line
Reviewed by: rwatson, Hiten Pandya <hiten@uk.FreeBSD.org>
