Commit Graph

78630 Commits

Author SHA1 Message Date
Luigi Rizzo
ac4ed01f56 Major revision of the ipfw manpage, trying to make it up-to-date
with ipfw2 extensions and give examples of use of the new features.

This is just a preliminary commit, where i simply added the basic
syntax for the extensions, and clean up the page (e.g. by listing
things in alphabetical rather than random order).
I would appreciate feedback and possible corrections/extensions
by interested parties.

Still missing are a more detailed description of stateful rules
(with keepalives), interaction with of stateful rules and natd (don't do
that!), examples of use with the recently introduced rule sets.

There is an issue related to the MFC: RELENG_4 still has ipfw as a
default, and ipfw2 is optional. We have two options here: MFC this
page as ipfw(8) adding a large number of "SORRY NOT IN IPFW" notes,
or create a new ipfw2(8) manpage just for -stable users.  I am all
for the first approach, but of course am listening to your comments.
2002-08-10 15:04:40 +00:00
Søren Schmidt
9da322c8aa Minor corrections.
Suggested by: scottl <Scott Long>
2002-08-10 11:56:03 +00:00
Mike Heffner
2f92b79ff6 Add break's to case blocks.
PR:		bin/41511
Submitted by:	Daniel Hagan <dhagan@acm.vt.edu>
2002-08-10 08:42:10 +00:00
Alan Cox
0da7370593 o Remove the setting and clearing of the PG_MAPPED flag. (This flag is
obsolete.)
2002-08-10 07:40:30 +00:00
Alan Cox
db44450b11 o Remove the setting and clearing of the PG_MAPPED flag. (This flag is
obsolete.)
2002-08-10 07:11:16 +00:00
Warner Losh
673cffefc7 When we allocate our bus address via the kludge that we have in the
code to do it when the bios doesn't do it for us, flag it.  Then, when
we dealloc, do an equal kludge to get rid of the address.  This should
address the can't get IRQ and panic bug in a more graceful way.

# really should write a dealloc routine and just call it instead, since
# this might not fix things in the kldunload case.
2002-08-10 06:37:32 +00:00
Warner Losh
44d0da39f0 confirmed OZ6912 and 6972 share same pci ID 2002-08-10 06:35:03 +00:00
Jake Burkholder
d9ac5b20fb truss hasn't been ported to ia64 yet.
Noticed by:	ru
2002-08-10 06:10:17 +00:00
Jake Burkholder
9b9669488b xlint seems to build fine on sparc64. 2002-08-10 05:44:44 +00:00
Jake Burkholder
298f4dc3a2 Put getconf in the right place. 2002-08-10 05:43:40 +00:00
Luigi Rizzo
43405724ec One bugfix and one new feature.
The bugfix (ipfw2.c) makes the handling of port numbers with
a dash in the name, e.g. ftp-data, consistent with old ipfw:
use \\ before the - to consider it as part of the name and not
a range separator.

The new feature (all this description will go in the manpage):

each rule now belongs to one of 32 different sets, which can
be optionally specified in the following form:

	ipfw add 100 set 23 allow ip from any to any

If "set N" is not specified, the rule belongs to set 0.

Individual sets can be disabled, enabled, and deleted with the commands:

	ipfw disable set N
	ipfw enable set N
	ipfw delete set N

Enabling/disabling of a set is atomic. Rules belonging to a disabled
set are skipped during packet matching, and they are not listed
unless you use the '-S' flag in the show/list commands.
Note that dynamic rules, once created, are always active until
they expire or their parent rule is deleted.
Set 31 is reserved for the default rule and cannot be disabled.

All sets are enabled by default. The enable/disable status of the sets
can be shown with the command

	ipfw show sets

Hopefully, this feature will make life easier to those who want to
have atomic ruleset addition/deletion/tests. Examples:

To add a set of rules atomically:

	ipfw disable set 18
	ipfw add ... set 18 ...		# repeat as needed
	ipfw enable set 18

To delete a set of rules atomically

	ipfw disable set 18
	ipfw delete set 18
	ipfw enable set 18

To test a ruleset and disable it and regain control if something
goes wrong:

	ipfw disable set 18
	ipfw add ... set 18 ...         # repeat as needed
	ipfw enable set 18 ; echo "done "; sleep 30 && ipfw disable set 18

    here if everything goes well, you press control-C before
    the "sleep" terminates, and your ruleset will be left
    active. Otherwise, e.g. if you cannot access your box,
    the ruleset will be disabled after the sleep terminates.

I think there is only one more thing that one might want, namely
a command to assign all rules in set X to set Y, so one can
test a ruleset using the above mechanisms, and once it is
considered acceptable, make it part of an existing ruleset.
2002-08-10 04:37:32 +00:00
Bruce A. Mah
9623553127 Add ia64 to platforms supported by em(4). 2002-08-10 03:39:05 +00:00
Peter Wemm
ba1d9b20f4 My quad cpu itanium2 box has its cpu's numbered with a lid starting
at 192.  Masking off bottom 4 bits is not very good here.
2002-08-10 03:36:42 +00:00
Bruce A. Mah
6bf5081232 New release notes: No more TurboChannel Alpha support, drivers.flp.
Modified release notes:  em(4) has been reported to work on ia64,
OpenSSL 0.9.6g, tweak cross-building note and note MFC.

Remove an obsolete release note about DEC 3000 support on floppies.
2002-08-10 03:35:58 +00:00
Peter Wemm
11bad678c6 Fix the broken "avoid unaligned data" fix. The problem is that the builtin
gcc memcpy "knows" about types that are supposed to be actually already
aligned and triggers alignment errors doing the memcpy itself.
"Fix" this by changing it to a bcopy().  In this case, we had:
  struct timeval *tp;
  struct timeval tv1;
  memcpy(&tv1,tp,sizeof(tv1));
.. and since gcc *knows* that a pointer to a timeval is longword aligned
and that tv1 is longword aligned, then it can use an inline that assumes
alignment.  The following works too:
  cp = (char *)tp;
  memcpy(&tv1,cp,sizeof(tv1));
Simply casting (char *)tp  for the memcpy doesn't work. :-(
This affected different 64 bit platforms in different ways and depends
a lot on gcc as well.  I've seen this on alpha and ia64 at least, although
alpha isn't doing it right now.
2002-08-10 03:00:55 +00:00
Jacques Vidrine
fd35706acb Resolve conflicts. 2002-08-10 01:50:50 +00:00
Jacques Vidrine
47e862627e This commit was generated by cvs2svn to compensate for changes in r101618,
which included commits to RCS files with non-trunk default branches.
2002-08-10 01:48:01 +00:00
Jacques Vidrine
499810c08e Import of OpenSSL 0.9.6g. 2002-08-10 01:48:01 +00:00
Jacques Vidrine
d96a831475 This commit was generated by cvs2svn to compensate for changes in r101615,
which included commits to RCS files with non-trunk default branches.
2002-08-10 01:46:10 +00:00
Jacques Vidrine
484549566e Import of OpenSSL 0.9.6f. 2002-08-10 01:46:10 +00:00
Jacques Vidrine
506570008c This commit was generated by cvs2svn to compensate for changes in r101613,
which included commits to RCS files with non-trunk default branches.
2002-08-10 01:40:00 +00:00
Jacques Vidrine
9e6c5d1742 Import of OpenSSL 0.9.6f. 2002-08-10 01:40:00 +00:00
Ian Dowse
539354bed3 Permit the creation of just cd0 if desired. Previously it always
created cd1 as well due to an off-by-one error left over from
revision 1.249.

PR:		conf/20436
Submitted by:	Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
MFC after:	1 week
2002-08-10 00:20:32 +00:00
Ian Dowse
68d0de00a3 Use the correct loop variable so that we print all IO addresses and
not just 8 copies of the first one.

PR:		bin/18157
Submitted by:	German Tischler <tanis@gaspode.franken.de>
2002-08-09 22:04:54 +00:00
Bruce A. Mah
31ce54e836 New release notes: ata(4)/burncd(8) support DVD+RW drives, atapicam.
MFCs noted:  ucom(4)/uplcom(4)/uvscom(4), uvisor, IPFW2 (with some
wording tweaks), texinfo 4.2.
2002-08-09 21:14:55 +00:00
Tony Finch
a7c397167e Remove trailing whitespace. 2002-08-09 20:58:54 +00:00
Søren Schmidt
fd4b4ecc73 Add the ability to use ATAPI devices via CAM.
The CAM<>ATAPI layer was submitted by "Thomas Quinot <thomas@cuivre.fr.eu.org>"
changes form the version on the net by me (formatting, ability to be used
alone without the ATAPI native device driver, proper speed reporting...)

See /sys/conf/NOTES for usage.

Submitted by: Thomas Quinot <thomas@cuivre.fr.eu.org>
2002-08-09 20:54:06 +00:00
Tony Finch
a2c4d39d54 Remove some Dijkstra quotes from fortunes that are duplicated in fortunes2.
Move the single remaining one across to fortunes2 to join its friends.
Spell his name consistently. Remove a couple of other duplicate fortunes.
2002-08-09 20:37:01 +00:00
Mitsuru IWASAKI
27d18856c9 Add help about hint.acpi.0.disable. 2002-08-09 20:07:51 +00:00
Tony Finch
37609309c2 Re-sort. 2002-08-09 19:54:11 +00:00
Tony Finch
6ad860e1cf Remove spurious quotes. 2002-08-09 19:31:27 +00:00
Tony Finch
868052707a Correctly sort previous addition. 2002-08-09 19:30:20 +00:00
Tony Finch
7ce9cc80b4 Some more advice from Dijkstra. 2002-08-09 19:08:02 +00:00
Tony Finch
e3b282d990 Fix a couple of typos in a Dijkstra quote. 2002-08-09 19:00:10 +00:00
Gordon Tetlow
897102c745 Make the othermta script DTRT when an mta startup script is not specified.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-09 17:45:04 +00:00
Gordon Tetlow
5e6fcb8ccc Correct comment. We use rpcbind now, not portmap
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-09 17:34:13 +00:00
Gordon Tetlow
e4bc448975 Correct comment
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-09 17:33:07 +00:00
Poul-Henning Kamp
563b79eff4 Fixup preen.c to match its new residence.
The blockcheck() function is still pulled from fsck_ffs, it probably should
live in libufs.
2002-08-09 16:25:32 +00:00
Hajimu UMEMOTO
cc0f2cfaca IPv6 support for rcp.
You cannot specify a raw IPv6 address for now.

MFC after:	1 week
2002-08-09 16:12:08 +00:00
Thomas Moestl
95ba428ccb The boottime variable in sys/kern/kern_tc.c is a struct timeval, not a
time_t, so do not use the latter as type when retrieving the variable
via libkvm. This should fix vmstat on sparc64.
2002-08-09 15:47:43 +00:00
Brooks Davis
05c872ad62 Make ppp(4) devices clonable and unloadable. 2002-08-09 15:30:48 +00:00
Poul-Henning Kamp
190c0c27be Update ELAST. 2002-08-09 14:54:33 +00:00
Poul-Henning Kamp
9b32d51a51 preen.c was a stragler after the fsck/fsck_ffs divorce.
fsck_ffs did not need it, but quotacheck did include it from fsck_ffs.

A repocopy has now moved the fsck_ffs/preen.c file to quotacheck/preen.c

quotacheck and fsck should probably use the same checkfstab() function
and it should possibly live in libufs.

Trouble is: they have diverged in the meantime.

At least now fsck_ffs is not in the equation anymore.

Sponsored by:	DARPA & NAI Labs.
2002-08-09 14:41:37 +00:00
Poul-Henning Kamp
9b14c27a86 Update with new error return code.
Reminded by:	rwatson
2002-08-09 13:22:21 +00:00
Jacques Vidrine
5b770403b5 While we're at it, add range checks similar to those in previous commit to
getsockname() and getpeername(), too.
2002-08-09 12:58:11 +00:00
Ruslan Ermilov
cc6638bd55 mdoc(7) police: spelling. 2002-08-09 12:08:47 +00:00
Ruslan Ermilov
81b380a87b mdoc(7) police: tidy up the formatting. 2002-08-09 12:07:17 +00:00
Ruslan Ermilov
55dd392cb4 mdoc(7) police: punctuation. 2002-08-09 11:36:48 +00:00
Ruslan Ermilov
0df8febf2c mdoc(7) police: sort xrefs. 2002-08-09 11:33:23 +00:00
Ruslan Ermilov
a8272f7106 mdoc(7) police: punctuation. 2002-08-09 11:24:21 +00:00