(1) Don't modify the configuration of the NFS server as a result of
selecting a profile. We already explicitly prompt for the NFS
server configuration during install, and the user may not get
much advance notice that we're turning it off again. Instead,
use profiles (for better or for worse) only for security tuning.
(2) Don't modify the sendmail setting as part of the security profile:
use the default from /etc/defaults/rc.conf rather than explicitly
specifying. Note that the default in /etc/defaults/rc.conf is
more conservative than the explicit rc.conf entry added by
sysinstall during install, as it does not permit SMTP delivery.
(3) Update "congratulations on your profile" text to reflect these
changes.
Note that security profiles now affect only the securelevel and sshd
settings. My leaning would be to make sshd an explicit configuration
option, move securelevels to the security menu, and drop security
profiles entirely. However, that requires more plumbing of sendmail
than I'm currently willing to invest.
We may want to add a "permit SMTP delivery" question to the install
process.
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers. With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.
Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.
PR: 55843
Reviewed by: ru
Approved by: ru
MFC after: 30 days
"will trim at" message printed when the user requests '-v'. The
previous code would often print the wrong time, such as:
On Sept 22, run: newsyslog -nv /var/log/wtmp
And see: will trim at Mon Sep 1 05:00:00 2003
correct msg: will trim at Wed Oct 1 05:00:00 2003
MFC after: 20 days
archaic at this point in time. Pretend nobody runs FreeBSD 1.x anymore
in order to not confuse people needlessly.
Laplink support probably doesn't even work at this point in time anyway...
would only match a leap year every 400 years. The parseDWM code first
showed up in April 2000, so the first time this bug would cause any
confusion is in Feb 2004.
MFC after: 18 days
only code-change is to add a "next_time" parameter to both routines (and
that is not used yet). A later update will make "next_time" more useful.
MFC after: 20 days
but has invalid 64 bit pointers for FACS and DSDT.
o Finish work to print all of the FADT and FACS.
o Resort the comment generating functions. Submitted by: marcel
Courtesy of: BSDcon back wall
- Add 'enable_exim="YES"' to rc.conf(5)
- Use the default exim configuration file from the port
- When using sendmail, disable some more scripts that use sendmail specific
parameters
- Have sysinstall tweak mailer.conf(5) substitution
- Use 'N' flag for newsyslog(8)
Submitted by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Reviewed by: sheldonh, simon
Tested by: myself (trhodes) and submitter
written by Stuart Walsh and Duncan Barclay (with some kibbitzing by
me). I'm checking it in on Stuart's behalf.
The BCM4401 is built into several x86 laptop and desktop systems. For the
moment, I have only enabled it in the x86 kernel config because although
it's a PCI device, I haven't heard of any standalone NICs that use it. If
somebody knows of one, we can easily add it to the other arches.
This driver uses register/structure data gleaned from the Linux
driver released by Broadcom, but does not contain any of the code
from the Linux driver itself. It uses busdma.
Update FADT for new fields including pm_profile, pstate_cnt, and cst_cnt.
Add acpi_print_gas() for printing various address formats.
Print FACS contents.
Remove unused code.
debugging options. Initial option is '-D TN=<time>', which can be
used to see how newsyslog would work if run at the specified time.
(time format is ISO 8601, since that is already supported).
MFC after: 23 days
rl(4) driver and put it in a new re(4) driver. The re(4) driver shares
the if_rlreg.h file with rl(4) but is a separate module. (Ultimately
I may change this. For now, it's convenient.)
rl(4) has been modified so that it will never attach to an 8139C+
chip, leaving it to re(4) instead. Only re(4) has the PCI IDs to
match the 8169/8169S/8110S gigE chips. if_re.c contains the same
basic code that was originally bolted onto if_rl.c, with the
following updates:
- Added support for jumbo frames. Currently, there seems to be
a limit of approximately 6200 bytes for jumbo frames on transmit.
(This was determined via experimentation.) The 8169S/8110S chips
apparently are limited to 7.5K frames on transmit. This may require
some more work, though the framework to handle jumbo frames on RX
is in place: the re_rxeof() routine will gather up frames than span
multiple 2K clusters into a single mbuf list.
- Fixed bug in re_txeof(): if we reap some of the TX buffers,
but there are still some pending, re-arm the timer before exiting
re_txeof() so that another timeout interrupt will be generated, just
in case re_start() doesn't do it for us.
- Handle the 'link state changed' interrupt
- Fix a detach bug. If re(4) is loaded as a module, and you do
tcpdump -i re0, then you do 'kldunload if_re,' the system will
panic after a few seconds. This happens because ether_ifdetach()
ends up calling the BPF detach code, which notices the interface
is in promiscuous mode and tries to switch promisc mode off while
detaching the BPF listner. This ultimately results in a call
to re_ioctl() (due to SIOCSIFFLAGS), which in turn calls re_init()
to handle the IFF_PROMISC flag change. Unfortunately, calling re_init()
here turns the chip back on and restarts the 1-second timeout loop
that drives re_tick(). By the time the timeout fires, if_re.ko
has been unloaded, which results in a call to invalid code and
blows up the system.
To fix this, I cleared the IFF_UP flag before calling ether_ifdetach(),
which stops the ioctl routine from trying to reset the chip.
- Modified comments in re_rxeof() relating to the difference in
RX descriptor status bit layout between the 8139C+ and the gigE
chips. The layout is different because the frame length field
was expanded from 12 bits to 13, and they got rid of one of the
status bits to make room.
- Add diagnostic code (re_diag()) to test for the case where a user
has installed a broken 32-bit 8169 PCI NIC in a 64-bit slot. Some
NICs have the REQ64# and ACK64# lines connected even though the
board is 32-bit only (in this case, they should be pulled high).
This fools the chip into doing 64-bit DMA transfers even though
there is no 64-bit data path. To detect this, re_diag() puts the
chip into digital loopback mode and sets the receiver to promiscuous
mode, then initiates a single 64-byte packet transmission. The
frame is echoed back to the host, and if the frame contents are
intact, we know DMA is working correctly, otherwise we complain
loudly on the console and abort the device attach. (At the moment,
I don't know of any way to work around the problem other than
physically modifying the board, so until/unless I can think of a
software workaround, this will have do to.)
- Created re(4) man page
- Modified rlphy.c to allow re(4) to attach as well as rl(4).
Note that this code works for the sample 8169/Marvell 88E1000 NIC
that I have, but probably won't work for the 8169S/8110S chips.
RealTek has sent me some sample NICs, but they haven't arrived yet.
I will probably need to add an rlgphy driver to handle the on-board
PHY in the 8169S/8110S (it needs special DSP initialization).
when reading/writing spool files. I intend to do a more elaborate
version, but I want to get this much in before 4.9-release. As written,
this results in no change to the object code.
Submitted by: John-Mark Gurney
Reviewed by: /sbin/md5
MFC after: 4 days
- Fix up TX speed changes.
- Make mpi-350 cards sort-of work with new firmware. It RXs okay but TXs
only work for about 14 packets then fails to get an interrupt. The
TX watchdog fires. It has been reported that my hack for now doesn't
break cards with the older firmware. It appears my card has lost
the ability to RX or TX at all but other peoples cards work. I assume
it got damaged in tansport.
MFC: 1 week.
was mistakenly calling the standard isnumber() function to find out if
the given 'user' or 'group' were all numeric. This meant that only the
first character of the fields were actually checked, so a username of
(say) '3com' would look like a number, and thus get mapped to uid=3 (bin)
instead of username=3com.
This bug was introduced back in freebsd's v1.1. That initial import
almost matches netbsd's v1.9, except that an internal isnumber()
routine was removed in favor of the standard library version. The thing
is, that internal routine was checking the entire string, and not just
the first digit. In OpenBSD, isnumber() was eventually renamed to
isnumberstr() to make the distinction more obvious, and I'm going to
follow that lead.
I believe this also happens to remove the last references to isnumber()
in the entire freebsd base system.
Obtained from: OpenBSD, by a long circuitous route
MFC after: 5 days
- recover rrt_gw setting for non-p2p case. otherwise, we will not
be able to recover interface route on interface down -> up
transition.
- clarify loop exit condition
Obtained from: KAME
MFC after: 1 week
the interface wake up. it can be started anytime even when there is
no network interface on the list of intarfaces in the kernel.
- get a correct link ID for each interface at initialization
(using scope libraries if HAVE_SCOPELIB is defined).
- fill in sin6_scope_id correctly before sendmsg().
Obtained from: KAME
MFC after: 1 week
- deprecate routes#N, as it is hard to keep consistency with
rtprefixN. accept any number of "rtprefix", "rtrefix0",
..., "rtprefix99".
- deprecate "addrs#N", as it is difficult for users to keep
consistency with "addrN".
accept 100 prefix info in maximum - like "addr", "addr0"
... "addr99". WARNS=2 clean on netbsd.
old configuration file should work just fine.
behavior change:
previously, we rejected "addrN" if there's "addr", and we rejected
"addr" if there is "addrN". now we accept both without problem.
- when an advertised prefix configured from the kernel has been added
or invalidated, notice the change in a short delay.
- when invalidating a prefix, do not bark even if there is
inconsistency about prefix lifetimes.
- wrap more specific route info code into ROUTEINFO.
Obtained from: KAME
MFC after: 1 week
file descriptors that are used for input and output. That allows
one, for example, to use nghook to bi-directionally pipe the
input and output into/from another non-netgraph-aware program.
to acpidb. The same problem exists in iasl. Add JIT patching there
too.
Add a comment to both makefiles to increase the chance that both
kludges are removed when a real solution is committed.
osunixxf.c on the fly. This avoids having to pull it from the vendor
branch or otherwise pollute the repository with new short-lived files.
This should hold until the real fix arrives.
If the value of OtherConfigFlag changes from FALSE to TRUE, the
host should invoke the stateful autoconfiguration protocol,
requesting information.
[RFC 2462 Section 5.5.3]
Obtained from: KAME
MFC after: 1 week
control whether to accept RAs per-interface basis.
the new stuff ensures the backward compatibility;
- the kernel does not accept RAs on any interfaces by default.
- since the default value of the flag bit is on, the kernel accepts RAs
on all interfaces when net.inet6.ip6.accept_rtadv is 1.
Obtained from: KAME
MFC after: 1 week
What is the HPET I hear you ask? It is the High Precision Event Timer
that is supposed to supplement and eventually replace the 8254 timer and
the RTC periodic interrupts. Among other things, it is 64 bit (can be
run in 32 bit mode for 32 bit cpus), and is suitable as a replacement for
the ACPI timer on SMP systems (the specs are much better) and as a
replacement for the ITC based synthetic clock for on ia64 systems.
It seems IA64 and AMD64 systems tend to have this. It is likely to start
showing up in i386 systems if it isn't already on some of them.
a constant string of little information these days.
This removes the need to #include <vm/swap_pager.h> which is due to
become a kernel only include file.
incoming remote telephone numbers and subaddresses ignored the configured
list completely since it was always terminated by a break at the end of
the first run (which was a leftover from the implementation of subaddresses).
Submitted by: Christian Ullrich <chris@chrullrich.de>
The output format specifier for the round-trip time in ping6 should be
changed to %.3f instead of %g since %g doesn't accurately represent the
precision of the number being output. In particular, %g truncates trailing
zeroes. 0.01 ms does not mean the same thing as 0.010 ms. Although they
are numerically identical, they do not have the same precision.
PR: bin/52324, bin/52750
Submitted by: dg
MFC after: 1 week
the scope of operation to the ARP entries on a particular
interface. It should be useful on machines with numerous
network interfaces, e.g., on inter-VLAN routers.
PR: bin/54151
Submitted by: Dmitry Morozovsky <marck at rinet.ru>
Discussed on: -net
MFC after: 2 weeks
(or possibly testing) the previous formula worked for the default
constants compiled into inetd, but if you recompiled with different
values of CHTSIZE and CHTGRAN the calculation might not have worked.
PR: 54354
Submitted by: Claus Assmann <ca@sendmail.org>
Submitted by: Jose Marcio Martins da Cruz <Jose-Marcio.Martins@ensmp.fr>
MFC after: 5 days
format of 'sccsid' lines so they consistently match style(9).
A minor Makefile change is needed so lptest.c can find lp.cdefs.h.
Reviewed by: discussed with bde and obrien
MFC after: 15 days
format of 'sccsid' lines so they consistently match style(9)
Also the 'sccsid' line is formatted to match style(9), and
a 'From:' is removed so the sccsid returns to what it was back
in the days of '-r CSRG' (1996).
Reviewed by: discussed with bde and obrien
MFC after: 15 days
programs, minor Makefile changes are needed to find lp.cdefs.h.
For lpf.c, the 'sccsid' line is formatted to match style(9), and
a 'From:' is removed so the sccsid returns to what it was back
in the days of '-r CSRG' (1994).
Reviewed by: discussed with bde and obrien
MFC after: 15 days
format of 'sccsid' lines so they consistently match style(9)
guidelines. Note that this means you will have to add '-a' to
the 'strings' command when searching for rcs ids, eg:
strings -a /usr/sbin/lpc | grep '$FreeBSD'
Reviewed by: discussed on cvs-src & with bde and obrien
MFC after: 15 days
'#ifdef lint/#endif' around the lines should not have been removed.
Also add blank lines where one (per file) was missing.
Reviewed by: First part noticed by bde, blank lines noticed by me
MFC after: 15 days
get from '-r CSRG', instead of having that sccsid as a comment.
(this is the sccsid from 1996 -- there have been many changes to
printcap.c since then!)
MFC after: 15 days
format of 'sccsid' lines so they consistently match style(9)
guidelines. Inspired by recent update to lpd.c by charnier.
Reviewed by: discussed on cvs-src & with bde and obrien
MFC after: 15 days
source to use __FBSDID() for setting rcsids. Also fix the format
of 'sccsid' lines to consistently match style(9) guidelines.
Reviewed by: discussed with bde and obrien
MFC after: 15 days
somewhat easier to build this lpr on other operating systems.
This simply includes <sys/cdefs.h> when that is appropriate,
and then checks for any cdefs-ish macros that lpr uses, and
defines them if they don't already exist. This is only a start
at making freebsd's lpr less of a hassle to port. It is mainly
added so all of lpr can be changed to use the __FBSDID() macro,
without making it *more* of a hassle to build on other OS's.
Reviewed by: discussed with bde and obrien
MFC after: 15 days
I am the maintainer of CTM. There is a problem that when very large deltas
are created, that the program ctm_smail, which is responsible for mailing
the deltas out, will instead create a single message that says the delta
is too large. However, if the -q option is set, instead of placing this
message in the queue (as it would have done with the deltas), it mails it
out directly. This conflicts with the current working of CTM in that the
email address is set as %%REPLACE-ME%% so that the created mailing pieces
can be signed by gnu-pgp, and then have the mailing address changed.
This fix means that if the -q option is set, and the delta is too large,
the "too large" message is placed in the queue.
Also, I made the "too large" message a little more up to date.
Submitted by: Stephen Montgomery-Smith <stephen@math.missouri.edu>
PR: bin/50328
MFC After: 2 weeks
This option adds Postfix and Exim to the list, however, qmail is not added
due to license restrictions.
Collaborated with: Simon L. Nielsen <simon@nitro.dk>
Reviewed by: jhb, re@, -audit.
- Use getifaddrs() instead of rolling our own buggy one. Previously,
rarpd(8) would fail to see some interfaces because of a hardcoded limit.
It now successfully sees any interface in the system, and this also makes
the code _much_ simpler.
- Replace strncpy() calls with strlcpy() calls. Some uses of strncpy()
were bogus ; the code wasn't ensuring that the string was NUL terminated.
- Don't try to guard about select() FD_* macros being undefined.
- Use IF_NAMESIZE and ETHER_ADDR_LEN macros where appropriate.
- Add static keywords to function definitions for consistency, since
the prototypes have it (I wonder why GCC didn't complain about this).
- Remove compat code for very old BSD versions and SunOS.
- Remove code for systems not having the dirent.h header.
- The code is now WARNS=5 clean so mark it as such.
- Don't add -DTFTP_DIR="/tftpboot" to the build command line since it's
the default.
MFC after: 2 weeks
is common in British English, while "toward" is the preferred form in
American English. Use the American form for consistency.
Correct the date on the manual page.
Submitted by: Tom Rhodes <trhodes@freebsd.org>,
underway@comcast.net (Gary W. Swearingen)
executable file even if the specified action/filename does not
contain a '/' character; convert execv() to execvp().
Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
PR: bin/54109
- Reordered #includes
- Only include <sys/types.h>, not it and <sys/cdefs.h>
o style.Makefile(5) fixes
- No SRCS= line when only one src file with same name as program
o Use warn()/errx() instead of fprintf()
- Integrated patch from Philippe Charnier <charnier@xp11.frmug.org>
Approved by: jeff (mentor)
They don't have alot of reason to be in sbin and contribute to library
bloat in the dynamic case. If you are using any of these filesystem
type to hold your /usr, please seek professional help.
The actual code was repo-copied by joe.
o relax some error handling so other drivers (e.g. ath) are usable
o revert ap scanning logic to old scheme
o add to capability info printing for 11a and 11g
tell them that they also need to use devfs rules to prevent
inappropriate devices from appearing in the jail; add an Xref. In
earlier versions of this man page, the user was instructed to use
sh MAKEDEV jail, which only created a minimal set of device nodes.
This commit has two pieces. One half is the watchdog kernel code which lives
primarily in hardclock() in sys/kern/kern_clock.c. The other half is a userland
daemon which, when run, will keep the watchdog from firing while the userland
is intact and functioning.
Approved by: jeff (mentor)
These are probably machine independent, but
there is no way for the developers to test them other than on x86.
They will become MD as testing becomes possible.
- Add a command line switch to trigger POWERSTATECHANGE actions on
un-reported power state changes.
PR: i386/32251
Submitted by: Walter C. Pelissero <walter@pelissero.org>