This option adds Postfix and Exim to the list, however, qmail is not added
due to license restrictions.
Collaborated with: Simon L. Nielsen <simon@nitro.dk>
Reviewed by: jhb, re@, -audit.
* make the code compile with WARNS=5 (at least on i386), mostly
by adding 'const' specifier and replacing "void *" with "char *"
in places where pointer arithmetic was used.
This also spotted a few places where invalid tests (e.g. uint < 0)
were used.
* support ranges in "list" and "show" commands. Now you can say
ipfw show 100-1000 4000-8000
which is very convenient when you have large rulesets.
* implement comments in ipfw commands. These are implemented in the
kernel as O_NOP commands (which always match) whose body contains
the comment string. In userland, a comment is a C++-style comment:
ipfw add allow ip from me to any // i can talk to everybody
The choice of '//' versus '#' is somewhat arbitrary, but because
the preprocessor/readfile part of ipfw used to strip away '#',
I did not want to change this behaviour.
If a rule only contains a comment
ipfw add 1000 // this rule is just a comment
then it is stored as a 'count' rule (this is also to remind
the user that scanning through a rule is expensive).
* improve handling of flags (still to be completed).
ipfw_main() was written thinking of 'one rule per ipfw invocation',
and so flags are set and never cleared. With readfile/preprocessor
support, this changes and certain flags should be reset on each
line. For the time being, only fix handling of '-a' which
differentiates the "list" and "show" commands.
* rework the preprocessor support -- ipfw_main() already had most
of the parsing code, so i have moved in there the only missing
bit (stripping away '#' and comments) and removed the parsing
from ipfw_readfile().
Also, add some more options (such as -c, -N, -S) to the readfile
section.
MFC after: 3 days
Since we already had 'O_NOP' instructions which always match, all
I needed to do is allow the NOP command to have arbitrary length
(i.e. move its label in a different part of the switch() which
validates instructions).
The kernel must know nothing about comments, everything else is
done in userland (which will be described in the upcoming ipfw2.c
commit).
our unwind information for functions that are entry points into the
kernel. When stepping to the next frame, the unwinder will let us
know when sych a marker was encountered. We use this to stop the
current unwind session, query the trapframe and restart a new
unwind session based on the new trapframe.
The implementation is a bit sloppy, but at this time there are
bigger fish to fry.
default. There were 2 cases where the trace code was in the else-
part of an if-statement without any compound construct to protect
against nullification. The result was that 2 unconditional statements
turned into conditional statements and wrecked havoc.
This fix has been returned to the vendor and in anticipation of a
future import committed onto the vendor branch.
it to the bss section and skips the initialization. This causes all
sorts of havoc because the bogus bss zero code clobbered previously set
variables. All our supported boot loaders already zero the bss, even
kgzip for the elf case. Since we dont generate a.out kernels, the old
a.out bootblocks and the a.out kgzip are not a factor anymore.
for a lot of unrelated error conditions, at least report the line
number where it bailed.
Don't use multiline string literals for Usage, gcc 3.3 doesn't like them.
using underscores or not, so I just randomly picked a style. I think
I have the logic correct, but if someone wants to give it a once over
that would be good.
Tim submitted a patch to fix the cross-building issues which I tested
with a tinderbox run for sparc64.
Submitted by: Tim Kientzle <kientzle@acm.org>
- Use getifaddrs() instead of rolling our own buggy one. Previously,
rarpd(8) would fail to see some interfaces because of a hardcoded limit.
It now successfully sees any interface in the system, and this also makes
the code _much_ simpler.
- Replace strncpy() calls with strlcpy() calls. Some uses of strncpy()
were bogus ; the code wasn't ensuring that the string was NUL terminated.
- Don't try to guard about select() FD_* macros being undefined.
- Use IF_NAMESIZE and ETHER_ADDR_LEN macros where appropriate.
- Add static keywords to function definitions for consistency, since
the prototypes have it (I wonder why GCC didn't complain about this).
- Remove compat code for very old BSD versions and SunOS.
- Remove code for systems not having the dirent.h header.
- The code is now WARNS=5 clean so mark it as such.
- Don't add -DTFTP_DIR="/tftpboot" to the build command line since it's
the default.
MFC after: 2 weeks
modify vendor code (libuwx) with a specific include directive.
The second order advantage is that we can also enable verbosity
in the glue code (ia64/ia64/unwind.c).
(mainly the 3Com 3c996B/BCM5701).
For some reason that I don't fully understand, the 5701 signals PCS
encoding errors as though they were link change events, i.e. the 'link
state changed' bit in the status word of the status block is updated
and an interrupt is generated. This would cause the bge_tick() function
to be invoked and a "gigabit link up" message to be printed on the console.
To avoid this, the interrupt handler now checks the MAC status register
when a link change interrupt is triggered, and it will only call the
bge_tick() function if the 'PCS encoding error detected' bit is clear.
(This change should have no effect on copper NICs since this bit can
only ever be set in TBI mode. I do not know how it affects 5704 NICs
with a BCM8002 SERDES PHY.)
Special thanks to: Sherry Rogers at UCB for allowing me access to one
of their traffic monitor boxes so I could diagnose this problem.
