device.hints kernel environment variables when disabling ACPI.
Some users are getting confused when they see hint.acpi.0.disabled.
They are confusing it with a sysctl MIB.
Finally, add a reference for device.hints(5) and kenv(1)
in the "SEE ALSO" section of the man page.
PR: docs/62974
Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
is reserved by the loader, and thus any tunable name with that suffix will
be silently discarded.
Document this in the header and man page so that other developers do not
develop so many bumps on the head after banging it against the wall.
Detective work by: Mark Santcroos, grehan
- Document all the policy sysctl's.
- Note that mac_portacl(4) appeared in FreeBSD 5.1.
- A bit of mdoc(7) fixes.
Much of the new text was inspired by the source code comments.
Reviewed by: rwatson
Documented function and macros are:
- DECLARE_GEOM_CLASS(),
- g_attach(),
- g_detach(),
- g_new_bio(),
- g_clone_bio(),
- g_destroy_bio(),
- g_new_consumer(),
- g_destroy_consumer(),
- g_read_data(),
- g_write_data(),
- g_post_event(),
- g_waitfor_event(),
- g_cancel_event(),
- g_new_geomf(),
- g_destroy_geom(),
- g_new_providerf(),
- g_destroy_provider(),
- g_error_provider(),
- g_provider_by_name(),
- g_wither_geom().
and more to come.
I want to thanks following people for help with those documents:
Slawek Zak <zaks@prioris.mini.pw.edu.pl>
Simon L. Nielsen <simon@FreeBSD.org>
Pieter de Boer <g.p.de.boer@st.hanze.nl>
and of course
Poul-Henning Kamp <phk@FreeBSD.org>
Reviewed by: phk, scottl
Approved by: phk, scottl (mentor)
This is the first of two commits; bringing in the kernel support first.
This can be enabled by compiling a kernel with options TCP_SIGNATURE
and FAST_IPSEC.
For the uninitiated, this is a TCP option which provides for a means of
authenticating TCP sessions which came into being before IPSEC. It is
still relevant today, however, as it is used by many commercial router
vendors, particularly with BGP, and as such has become a requirement for
interconnect at many major Internet points of presence.
Several parts of the TCP and IP headers, including the segment payload,
are digested with MD5, including a shared secret. The PF_KEY interface
is used to manage the secrets using security associations in the SADB.
There is a limitation here in that as there is no way to map a TCP flow
per-port back to an SPI without polluting tcpcb or using the SPD; the
code to do the latter is unstable at this time. Therefore this code only
supports per-host keying granularity.
Whilst FAST_IPSEC is mutually exclusive with KAME IPSEC (and thus IPv6),
TCP_SIGNATURE applies only to IPv4. For the vast majority of prospective
users of this feature, this will not pose any problem.
This implementation is output-only; that is, the option is honoured when
responding to a host initiating a TCP session, but no effort is made
[yet] to authenticate inbound traffic. This is, however, sufficient to
interwork with Cisco equipment.
Tested with a Cisco 2501 running IOS 12.0(27), and Quagga 0.96.4 with
local patches. Patches for tcpdump to validate TCP-MD5 sessions are also
available from me upon request.
Sponsored by: sentex.net
- Don't put libc.a as a dependency if program is linked with -nostdlib.
- Added INTERNALPROG (by analogy to INTERNALLIB) for programs which are
built only for its side effect and shold not be installed.
- do not use PROG for what's not a real C program,
- use sys.mk transformation rules where possible,
- only create the "machine" symlink on AMD64,
- removed MAINTAINER lines in individual makefiles,
- added the LIBSTAND defitinion to <bsd.libnames.mk>,
- somewhat better contents in .depend files.
Tested on: i386, amd64
Prodded by: bde
CFLAGS in all cases, but POSIX requires a default of -O. Adding
-pipe unconditionally still is still broken for non-gcc compilers
in the non-POSIX case.
PS. There is a inconsistency in this manual page, because in
non-WITNESS case sx_assert(9) does not panics, it only prints
the warning. I haven't fixed this, because jhb@ is planing to
replace those printf()s with panic()s.
Reviewed by: jhb
Approved by: jhb, scottl (mentor)
The basic process is to send a routing socket announcement that the
interface has departed, change if_xname, update the sockaddr_dl
associated with the interface, and announce the arrival of the interface
on the routing socket.
As part of this change, ifunit() is greatly simplified by testing
if_xname directly. if_clone_destroy() now uses if_dname to look up the
cloner for the interface and if_dunit to identify the unit number.
Reviewed by: ru, sam (concept)
Vincent Jardin <vjardin AT free.fr>
Max Laier <max AT love2party.net>
that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.
Sponsored by: Teleplan AS
- Added missing NOCRYPT and NO_OPENSSL checks for Kerberos.
- Don't depend on -lcrypto and -lcrypt in pam_ssh to resolve
dependencies in pam_krb5 and pam_ksu -- the former may not
be compiled at all if NO_OPENSSH knob is enabled.
- Added missing -lcrypt to pam_ssh dependencies.
- Moved librpcsvc after libypclnt.
(The last two aren't strictly speaking necessary to resolve
the dependencies of static versions of pam_ssh and pam_unix,
respectively, but they correspond to dynamic dependencies
of libssh and libypclnt, and are put here for consistency.)
In collaboration with: bde
Reviewed by: des
it is still above the critical temperature on the next poll cycle. This
is a 10 second advance notice by default. Document the private
(non-standard) notify we will be using with devd(8).
individules from asking a question which may result in the following answer:
"Hi, please do not run a newfs utility on a file system if there
is still data on it you would like to keep."
PR: 56894
Submitted by: Marc Silver <marcs@draenor.org> (original version)
ifconfig(8) flag since header for version 2 is the same but IP payload
is prepended with additional 4-bytes field.
Inspired by: Roman Synyuk <roman@univ.kiev.ua>
MFC after: 2 weeks
network interface cards smart (or twisted?) enough to be able
to calculate a TCP/UDP checksum for a packet fragmented by the
host CPU. Therefore the paragraph on the case has been revised.