o Drop all broadcast and multicast source addresses in tcp_input.
o Enable ICMP_BANDLIM in GENERIC.
o Change default to 200/s from 100/s. This will still stop the attack, but
is conservative enough to do this close to code freeze.
This is not the optimal patch for the problem, but is likely the least
intrusive patch that can be made for this.
Obtained from: Don Lewis and Matt Dillon.
Reviewed by: freebsd-security
IRQ 2 was being unilaterally disallowed, which is only appropriate if
the interrupt hardware is the traditional chained PIC arrangement.
Reviewed by: tegge (in principle)
same object file (atapi-cd.o) as the ata drivers. I'd have called it
wcd.[ch], but there's already one of those in the Attic that we can't
clobber - the good names are taken.
Fix building so that it can be compiled into LINT alongside ata.
Requested by: bde
isa_device->id_ri_flags and RI_FAST were not implemented and did nothing.
The two drivers that were mistakenly thinking this was working were
cy.c and loran.c - these should be converted to newbus.
GC (garbage collect) isa_device->id_alive
GC userconfig.c references to isa_device->id_scsiid (!).
activated. Some of the things that get listed as "resources" aren't
necessarily suited for this.
(This shouldn't be a problem for any driver that correctly passes
RF_ACTIVE)
unless both "option INVARIANTS" and "options INVARIANT_SUPPORT"
are defined in the kernel's config(8) file.
SPLASSERT(expression, msg) used KASSERT to check that the
expression is true, panic()ing the kernel otherwise.
Approved by: jkh
Reviewed by: jdp, dfr, phk, eivind and green
eliminate warnings, etc.
Note that svr4_setcontext() and svr4_getcontext() currently don't work
correctly, which makes returning from signal handlers somewhat problematic
(for reference: the SysVR4 setcontext() and getcontext() syscalls behave
like a low-level version of setjmp() and longjmp(), in that they save and
restore process context. SysVR4 uses this to implement its signal handler
trampoline: The context which is saved before a signal handler is called
is restored by an implicit call to the setcontext() syscall when the signal
handler returns. That currently doesn't work right in this emulator,
although it used to).
I'm committing this anyway, with a caveat that it's buggy, so that I can
(a) note the bug for anyone who is wondering about it, and (b) get the
stuff I've done to improve (but not fix) the situation in the tree before
4.0 is released. If I have time to fix it totally RSN I'll talk to Jordan
to see if I can bend him into letting me commit a bugfix :-)
Note that the situation now is somewhat better than it was yesterday
anyway, because I've fixed the handling of svr4_sigsets which previously
was causing signal handlers to not get called at all. Stay tuned for
an upcoming commit to svr4_signal.c...
NICs. (Finally!) The PCMCIA, ISA and PCI varieties are all supported,
though only the ISA and PCI ones will work on the alpha for now.
PCCARD, ISA and PCI attachments are all provided. Also provided an
ancontrol(8) utility for configuring the NIC, man pages, and updated
pccard.conf.sample. ISA cards are supported in both ISA PnP and hard-wired
mode, although you must configure the kernel explicitly to support the
hardwired mode since you have to know the I/O address and port ahead
of time.
Special thanks to Doug Ambrisko for doing the initial newbus hackery
and getting it to work in infrastructure mode.
Collect together the components of several drivers and export eisa from
the i386-only area (It's not, it's on some alphas too). The code hasn't
been updated to work on the Alpha yet, but that can come later.
Repository copies were done a while ago.
Moving these now keeps them in consistant place across the 4.x series
as the newbusification progresses.
Submitted by: mdodd
things like sound cards can get called "Parallel port". A note to the
unwary; the isa-pnp devices in the system are probed like PCI - each
device ID is passed to *all* isa probe routines to find the best match.
If the driver is not prepared to deal with this, it must abort in this
scenario or it will try and claim all PnP devices.