end values in bootinfo) in kernel space if it is loaded (i.e., if its
specified end address is nonzero), not just if it is loaded and DDB
is configured. This may be used to fix kldsym(2) for booting without
/dev/loader; currently, in this case, it just fixes unused pointers
and wastes space consistently. For booting in the normal way with
/boot/loader, the table is included and pointed to in a different way
and kldsym(2) works.
It also squashes 99% of packet kiddie synflood orgies. For example, to
rate syn packets without MSS,
ipfw pipe 10 config 56Kbit/s queue 10Packets
ipfw add pipe 10 tcp from any to any in setup tcpoptions !mss
Submitted by: Richard A. Steenbergen <ras@e-gerbil.net>
a parameter and dtrt.
Also, make boot-conf always unload first. There wasn't really any
point in not doing this, as the kernel _has_ to be loaded before
any other modules.
Tested by: dwhite
Trimmed an extra sysctl when I moved kern.suser_permitted from kern_mib.c
to kern_prot.c. This commit should restore it, as well as fix the
resulting build problems.
Submitted by: asmodai
loader for alpha (Yay!) we still need to explicitly look for boot_verbose-
I assume because the boothowto flags aren't passed to us at boot like x86.
Do some minor cosmetics as well.
21143 chips, I accidentally removed the DC_MII_REDUCED_POLL flag
for all 21143 cards. This caused problems with timer-instigated
TCP retransmits, which happened to occur at the same time as an
MII poll tick on MII-based cards (e.g. D-Link DFE-570TX). Fixed this,
plus made some other cleanups. The autoneg fixes for the non-MII
cards still work. Also tested the PNIC II now that I have one again.
This will support power-off only. Fix for suspend/resume will come later.
Also, MFC on this is shceduled on next week.
Submitted by: sumitani@bd2.hnes.nec.co.jp
Reviewed by: jlemon
- Kernel and userland function calls
- Struct describe capability set
- Constants for individual capabilities (some POSIX.1e, some Linux,
some BSD)
No supporting code to be committed yet, this commit allows dependent
development take place.
Reviewed by: bde
Obtained from: TrustedBSD Project
Fix several instances of breakage in RAID-5 revive code.
Tidy up code.
parityops:
Don't attempt to do anything if the plex is degraded or worse.
parityrebuild:
Add comments.
Perform transfers in correct length.
have their own lock and do not need the MP lock. The SMP cleanup was
a little too conservative in MP locking fast interrupts but at least
it's trivial to fix. MFC soon.
Submitted by: bde
after autoneg so we make sure to set the link state and duplex mode
correctly.
- Make sure to set the 'ignore pause frames' bit on the XMAC.
- Small linewrap fix.
kern_prot, which cleans up some namespace issues
o Don't need a special handler to limit un-setting, as suser is used to
protect suser_permitted, making it one-way by definition.
Suggested by: bde
returning anything but EPERM.
o suser is enabled by default; once disabled, cannot be reenabled
o To be used in alternative security models where uid0 does not connote
additional privileges
o Should be noted that uid0 still has some additional powers as it
owns many important files and executables, so suffers from the same
fundamental security flaws as securelevels. This is fixed with
MAC integrity protection code (in progress)
o Not safe for consumption unless you are *really* sure you don't want
things like shutdown to work, et al :-)
Obtained from: TrustedBSD Project