bridged packets only, soon to come also for packets on ordinary
ether_input() and ether_output() paths. The syntax is
ipfw add <action> MAC dst src type
where dst and src can be "any" or a MAC address optionallyfollowed
by a mask, e.g.
10:20:30:40:50
10:20:30:40:50/32
10:20:30:40:50&ff:ff:ff:f0:ff:0f
and type can be a single ethernet type, a range, or a type followed by
a mask (values are always in hexadecimal) e.g.
0800
0800-0806
0800/8
0800&03ff
Note, I am still uncertain on what is the best format for inputting
these values, having the values in hexadecimal is convenient in most
cases but can be confusing sometimes. Suggestions welcome.
Implement suggestion from PR 37778 to allow "not me" on destination
and source IP. The code in the PR was slightly wrong and interfered
with the normal handling of IP addresses. This version hopefully is
correct.
Minor cleanup of the code, in some places moving the indentation to 4
spaces because the code was becoming too deep. Eventually, in a
separate commit, I will move the whole file to 4 space indent.
default of -fguess-branch-probablility causes time optimizations (?)
like rewriting `if (foo) x++;' as
`if (!foo) goto forth; back: ; ...; forth: x++; goto back;". This is
pessimizes space especially well on i386's because one short branch
gets converted to 2 long ones.
Removed -fno-align-foo since it is implied by -Os. Previous commit
messages seem to have overstated the new alignment bugs in gcc. The
only case that affects boot2 is that -fno-align-functions (or
equivalently -falign-functions=1) actually gives -falign-functions=2.
This is caused by FUNCTION_BOUNDARY being 2 (bytes) instead of 1.
The default case where the optimization level is 1 and no alignment
options are given is more broken. All alignments are minimal, modulo
the bug in FUNCTION_BOUNDARY. This is caused by toplev.c setting
defaults too early.
Some hacks in previous commits ar not needed now, but may as well be
kept until gcc is fixed. The previous on in the Makefile saved 96
bytes of text due to the wrong FUNCTION_BOUNDARY and 32 bytes of data
due to unrelated bloat in the alignment of large objects. There aren't
even any options to control alignment of data.
before rev 1.229 (~ 100 ms). According to bde, some (old) broken
hardware could require it. In order to make timing more accurate than
what could be achieved with a loop around DELAY(1), increase loop
timing after the initial ~ 1 ms.
Also, move the declaration of FDSTS_TIMEOUT out from fdreg.h into fd.c
where it actually belongs to.
MFC after: 2 days
function to return the total number of CPUs and not the highest
CPU id.
o Define mp_maxid based on the minimum of the actual number of
CPUs in the system and MAXCPU.
o In cpu_mp_add, when the CPU id of the CPU we're trying to add
is larger than mp_maxid, don't add the CPU. Formerly this was
based on MAXCPU. Don't count CPUs when we add them. We already
know how many CPUs exist.
o Replace MAXCPU with mp_maxid when used in loops that iterate
over the id space. This avoids a couple of useless iterations.
o In cpu_mp_unleash, use the number of CPUs to determine if we
need to launch the CPUs.
o Remove mp_hardware as it's not used anymore.
o Move the IPI vector array from mp_machdep.c to sal.c. We use
the array as a centralized place to collect vector assignments.
Note that we still assign vectors to SMP specific IPIs in
non-SMP configurations. Rename the array from mp_ipi_vector to
ipi_vector.
o Add IPI_MCA_RENDEZ and IPI_MCA_CMCV. These are used by MCA.
Note that IPI_MCA_CMCV is not SMP specific.
o Initialize the ipi_vector array so that we place the IPIs in
sensible priority classes. The classes are relative to where
the AP wake-up vector is located to guarantee that it's the
highest priority (external) interrupt. Class assignment is
as follows:
class IPI notes
x AP wake-up (normally x=15)
x-1 MCA rendezvous
x-2 AST, Rendezvous, stop
x-3 CMCV, test
vm_object_deallocate(), replacing the assertion GIANT_REQUIRED.
o Remove GIANT_REQUIRED from vm_map_protect() and vm_map_simplify_entry().
o Acquire and release Giant around vm_map_protect()'s call to pmap_protect().
Altogether, these changes eliminate the need for mprotect() to acquire
and release Giant.
nearly in its entirety from i386, so it retains the phk/nati copyright.
Savecore likes the results, but I have no way to test it as gdb is
still broken.
to 4 bytes free. I removed a printf (the Keyboard yes/no) since it is of
marginal value and sed'ed the generated asm output to remove the unwanted
aligns. There's probably a better way to gain a few extra bytes than
losing the printf. Shortening strings is probably a better option but this
should get us over the hurdle.
than the first one on a controller, and work for secondary
controllers.
Due to the prom not having nodes for each disk, but a catch-all one,
we have to iterate over each device, trying to open it to determine
whether it is actually present.
Since probing this way takese some time (and spews some spurious
warnings), it should maybe be short-circuited if we use the
device we were booted from.
Implement lazy device probing, and correct slice/partiniton
handling in the ofwd_open() code. With this, I can now actually boot
a kernel from disk, and the loader does not create unnecessary
delays.
Submitted by: tmm
a floating point instruction into a 6-bit register number for
double and quad arguments.
Make use of the new INSFPdq_RN macro where apporpriate; this
is required for correctly handling the "high" fp registers
(>= %f32).
Fix a number of bugs related to the handling of the high registers
which were caused by using __fpu_[gs]etreg() where __fpu_[gs]etreg64()
should be used (the former can only access the low, single-precision,
registers).
Submitted by: tmm
value we load from memory. gcc3.1 passes in the u_int32_t old value to
compare against as a _sign_-extended 64-bit value for some reason (bug?).
This is a temporary workaround so kernels work again on alpha.
in each cycle, with a tunable max cycle count defined in fdreg.h.
This is said to fix the problem on some Compaq hardware (and perhaps
on other machines using the Natsemi PC87317 chip) where the fdc(4)
driver failed to operate at all.
PR: kern/21397
Submitted by: Jung-uk Kim <jkim@niksun.com>
MFC after: 3 days
make sure it's a correct operation for devfs, do it only in the
ISLASTCN case. If we don't, we are assuming that the final file will
be in devfs, which is not true if another partition is mounted on top
of devfs or with special filenames (like /dev/net/../../foo).
Reviewed by: phk
it into an "#ifdef INET6" block. This caused a (harmless but annoying)
EINVAL return value to be sent even though the operation completed
successfully.
PR: kern/37786
Submitted by: Ari Suutari <ari.suutari@syncrontech.com>,David Malone <dwmalone@maths.tcd.ie>
MFC after: 1 day
- Axe -fdata-sections as turning it on or off makes no difference. If
it did make a difference it would serve to bloat boot2 even further with
extra padding.
- Axe -fforce-addr. This gets us 32 bytes so we are down to only being
64-bytes over.
We still can't compile this with gcc 3.1. The problem seems to be that
the -fno-align-foo options don't actually work. Comparing the new and
old output it turns out that gcc is 4-byte padding all the functions and
labels and what not despite the passed in arguments thus adding the
unfortunate bloat to boot2.
This code works by converting the Sun label to a struct disklabel, which
is probably even the right thing for reading a label. The original
checksum is taken over, so that the label source can be distinguished.
The NetBSD code to wrap a BSD-style disklabel into the Sun disklabel has been
deleted for now - don't know whether that is really desirable, after all Sun
disklabels could just be used always (BSD disklabels are going to have
problems with PROM compatability). The dsinit() call in diskopen() has been
#ifdef'ed out for now, this will be changed to use the minimal slice struct
in case of dsinit() failure.
Submitted by: tmm
Obtained from: NetBSD
revision 1.43
date: 2001/04/12 01:39:04; author: thorpej; state: Exp; lines: +2 -2
Switch to USB_USE_SOFTINTR. The callout hack does indeed work
fine for systems without generic soft interrupts, even if it is
a little sub-optimal. Consider it a penalty for ports not
implementing a kernel API.
Addresses kern/11957. The PR has been open for 4 months, and
I have work blocked on the continued existence of splimp() in
the networking code.
The NetBSD patch only switches it on for NetBSD, but I've also
switched it on for FreeBSD in this commit.
were totally useless and have been removed.
ip_input.c, ip_output.c:
Properly initialize the "ip" pointer in case the firewall does an
m_pullup() on the packet.
Remove some debugging code forgotten long ago.
ip_fw.[ch], bridge.c:
Prepare the grounds for matching MAC header fields in bridged packets,
so we can have 'etherfw' functionality without a lot of kernel and
userland bloat.
out-of-range, drop the file reference before returning. (This error
also exists in the RELENG_4 branch.)
o Eliminate the acquisition and release of Giant in readv()
now that malloc() and free() are callable without Giant.
.) don't use MAXPATHLEN + 1, fix logic to compensate.
.) style(9) function parameters.
.) fix line wrapping.
.) remove duplicated error and string handling code.
.) don't NUL terminate already NUL terminated string.
.) all string length variables changed from int to size_t.
.) constify variables.
.) catch when corename would be truncated.
.) cast pid_t and uid_t args for format string.
.) add parens around return arguments.
Help and suggestions from: bde
Rearrange things slightly so that the contents of the tag access
register are read and restored outside of the macros. The intention
is to pass the page size to look up as an argument to the macros.
field. This returns the sdl_data field to a variable-length field. More
importantly, this prevents a easily-reproduceable data-corruption bug when
the interface name plus the hardware address exceed the sdl_data field's
original 12 byte limit. However, token-ring interfaces may still overflow
the new sdl_data field's 46 byte limit if the interface name exceeds 6
characters (since 6 characters for interface name plus 6 for hardware
address plus 34 for source routing = the size of sdl_data). Further
refinements could overcome this limitation but would break binary
compatibility; this commit only addresses fixing the bug for
commonly-occuring cases without breaking binary compatibility with the
intention that the functionality can be MFC'ed to -stable.
See message ID's (both send to -arch):
20020421013332.F87395-100000@gateway.posi.net20020430181359.G11009-300000@gateway.posi.net
for a more thorough description of the bug addressed and how to
reproduce it.
Approved by: silence on -arch and -net
Sponsored by: NTT Multimedia Communications Labs
MFC after: 1 week
on committing to these while they were in the Attic after they had been
removed. I think this was because he had the file checked out and already
'modified' while markm cvs rm'ed them, and cvs screws up when trying to
"merge" the modifications with the "rm". And after that the client
state was sufficiently hosed to keep it messed up. Yay CVS! (CVS is
very fragile for adding and removing files remotely)
The existence of these files was pointed out by: ru
ibss is the modern ad-hoc mode. ibss-master is the same, except that
it creates the ibss network. This distinction is necessary because
some supported cards (symbol) support the former without supporting
the latter.
A seprate commit will introduce a demo-adhoc mode so that we can
disentwingle the multiple, mutually exclusive meandings of adhoc in
the present state of affairs.
Submitted by: jhay
o Create pcb_save as the backend for savectx and cpu_switch.
o While here, use explicit bundling for pcb_save and optimize
for compactness (~87% density).
o Not part of the commit is a backend pcb_restore. restorectx()
still jumps halfway into cpu_switch().
be done internally.
Ensure that no one can fsetown() to a dying process/pgrp. We need
to check the process for P_WEXIT to see if it's exiting. Process
groups are already safe because there is no such thing as a pgrp
zombie, therefore the proctree lock completely protects the pgrp
from having sigio structures associated with it after it runs
funsetownlst.
Add sigio lock to witness list under proctree and allproc, but over
proc and pgrp.
Seigo Tanimura helped with this.
usbdi.h (1.60)
(and local changes compatibility changes to ufm.c and urio.c)
date: 2002/02/11 15:11:49; author: augustss;
Give usbd_do_request_flags() an extra argument for the timeout.
- Used mld_xxx and MLD_xxx instead of mld6_xxx and MLD6_xxx according
to the official defintions in rfc2292bis
(macro definitions for backward compatibility were provided)
- Changed the first member of mld_hdr{} from mld_hdr to mld_icmp6_hdr
to avoid name space conflict in C++
This change makes ports/net/pchar compilable again under -CURRENT.
Obtained from: KAME
This is temporary hack, better and generalized solution probably
should be implemented at lower layer(MII or PCI?).
Tested by: shoko.araki@soliton.co.jp
MFC after: 1 week
Don't try to create a vm object before the file system has a chance to finish
initializing it. This is incorrect for a number of reasons. Firstly, that
VOP requires a lock which the file system may not have initialized yet. Also,
open and others will create a vm object if it is necessary later.
it is a "magic" value, what it expands to is not really important.
I set it to "Cleared Kernel Dump", but that can be changed later
if someone thinks it's not good enough.
Pointy hat to: fenner
killed by SIGSYS for unimlemented syscalls is bad enough.
Obtained from: Lite2 branch
The Lite2 branch has some other interesting unmerged (?) bits in this
file. They are well hidden among cosmetic regressions.
sys/time.h rev.1.53, etc. Zero out the entire struct clkinfo and not
just the new spare part of it so that there is no possibility of leaking
kernel stack context to userland.
the case of VM86 calls from the kernel was broken, so this bug was not
a security hole.
PR: 36710
Submitted by: David Xu <davidx@viasoft.com.cn> (version for RELENG_4)
MFC after: 3 days
call read() to get the next command, and scread() disables the
screensaver. We don't want this behaviour in the sc_saver_keybonly
case.
Submitted by: Olivier Houchard <doginou@ci0.org>
mii_tick() which should only be called once per second.
Our current MII/PHY state-engine is not able to deal with PHY
interrupts as far as I can tell, and most net drivers don't seem
to use the link/status change call-back mechanism. It seems that
MII/PHY was orphaned before it grew up.
pmap_ensure_rid(). This can happen because the function is
called for both user and kernel addresses, while the rid array
only has room for user addresses. This bug got exposed by rev
1.58 of ia64/ia64/pmap.c and rev 1.8 of ia64/include/pmap.h.
revision 1.94
date: 2001/12/30 20:26:59; author: augustss; state: Exp; lines: +5 -2
Make sure we don't have any pending softintrs when entering polling mode.
Thanks to Darrin for finding and fixing this problem when using USB
keyboards in DDB.
This leaves some vestiges of the old locking, including style
bugs in it. I've only noticed anachronisms in socketvar.h so far
(I've merged net* but not kern or all of sys). The patch also
has old fixes for style bugs in accf stuff and namespace pollution
in uma... The largest style bugs are line continued backslashes
in column 80 and (these are fixed), and starting the do-while
code for the new macros in column 40, which is quite unlike the
usual indentation (see sys/queue.h) and not even like the indentation
for the old macros (column 32) (this is not fixed).
Submitted by: bde
- Reorder fork1() to do malloc() and other blocking operations prior to
acquiring the needed process locks.
- The new process inherit's the credentials of curthread, not the
credentials of the old process.
- Document a really weird race that will come up with KSE allows multiple
kernel threads per process.
exit1() we don't have to release it until we acquire schd_lock to
call cpu_throw().
- Since we can switch at any time due to preemption or a lock release
prior to acquiring sched_lock, don't update switchtime and switchticks
until the very end of exit1() after we have acquired sched_lock.
- Interlock the proctree_lock and proc lock in wait1() and exit1() to
avoid lost wakeups when a parent blocks waiting for a child to exit at
the bottom of wait1(). In exit1() the proc lock interlocked with
proctree_lock (and released after acquiring sched_lock) is that of
the parent process.
- In wait1() use an exclusive lock of proctree lock while we are
looking for a process to harvest. This allows us to completely
remove all references to the process once we've found one (i.e.,
disconnect it from pgrp's, session's, zombproc list, and it's parent's
children list) "atomically" without needing to worry about a lock
upgrade.
- We don't need sched_lock to test if p_stat is SZOMB or SSTOP when holding
the proc lock since the proc lock is always held with p_stat is set to
SZOMB or SSTOP.
- Protect nprocs with an xlock of the allproc_lock.
locks the process.
- Defer other blocking operations such as vrele()'s until after we
release locks.
- execsigs() now requires the proc lock to be held when it is called
rather than locking the process internally.
Atm_connection items.
- Replaced the Atm_connvc storage pool with an uma_zone of Atm_connvc
items.
- Created void atm_cm_init(void *) and added it to the netatm init code.
I'm thinking that there will definetly be more ``subsystem'' init
functions to be added so I'll probably change these calls to be a for
loop through init routines (or something).
mallochash. Mallochash is going to go away as soon as I introduce the
kfree/kmalloc api and partially overhaul the malloc wrapper. This can't happen
until all users of the malloc api that expect memory to be aligned on the size
of the allocation are fixed.
