2731 Commits

Author SHA1 Message Date
billf
5d69c42a56 now that jlemon has added a hash table to lookup locally configured ip
addresses (and the macros that ipfw(4) use to lookup data for the 'me'
keyword have been converted) remove a comment about using 'me' being a
"computationally expensive" operation.

while I'm here, change two instances of "IP number" to "IP address"
2001-09-29 06:33:42 +00:00
luigi
0fb106cc3f Two main changes here:
+ implement "limit" rules, which permit to limit the number of sessions
   between certain host pairs (according to masks). These are a special
   type of stateful rules, which might be of interest in some cases.
   See the ipfw manpage for details.

 + merge the list pointers and ipfw rule descriptors in the kernel, so
   the code is smaller, faster and more readable. This patch basically
   consists in replacing "foo->rule->bar" with "rule->bar" all over
   the place.
   I have been willing to do this for ages!

MFC after: 1 week
2001-09-27 23:44:27 +00:00
iedowse
2cba2e955a The -A option (beep when packets are dropped) didn't work quite
right; after a single packet was dropped it beeped after every
transmission.

Change its implementation to only output a bell when there is an
increase in the maximum value of the number of packets that were
sent but not yet received. This has the benefit that even for very
long round-trip times, ping -A will do roughly the right thing
after a few inital false-positives.

Reviewed by:	ru
2001-09-25 20:22:33 +00:00
rwatson
41efc0e62e o Reduce userland inclusion of kernel headers -- remove unneeded include
of <sys/mbuf.h>.

Reviewed by:	jlemon
2001-09-24 15:00:16 +00:00
luigi
571d41f160 A bunch of minor changes to the code (see below) for readability, code size
and speed. No new functionality added (yet) apart from a bugfix.
MFC will occur in due time and probably in stages.

BUGFIX: fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (there is a PR on this).

OTHER CHANGES: minor changes to the internal struct for static and dynamic rules.
Requires rebuild of ipfw binary.

Add comments to show how data structures are linked together.
(It probably makes no sense to keep the chain pointers separate
from actual rule descriptors. They will be hopefully merged soon.

keep a (sysctl-readable) counter for the number of static rules,
to speed up IP_FW_GET operations

initial support for a "grace time" for expired connections, so we
can set timeouts for closing connections to much shorter times.

merge zero_entry() and resetlog_entry(), they use basically the
same code.

clean up and reduce replication of code for removing rules,
both for readability and code size.

introduce a separate lifetime for dynamic UDP rules.

fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (PR ...)

restructure dynamic rule descriptors

introduce some local variables to avoid multiple dereferencing of
pointer chains (reduces code size and hopefully increases speed).
2001-09-20 13:52:49 +00:00
peter
5f4236f763 Deal with nfs server module changes for autoloading. 2001-09-20 02:18:06 +00:00
peter
0bbcfd5027 Deal with module name changes and autoloading. 2001-09-20 02:15:17 +00:00
ru
3486bb456a Non-decimal ``skipto'' rule numbers are meaningless.
Noticed by:	"Marc G. Fournier" <scrappy@hub.org>
MFC after:	3 days
2001-09-19 15:12:14 +00:00
peter
68a5e33921 Userland part of nfs client/server split and cleanup. 2001-09-18 23:34:44 +00:00
jlemon
ead81b8e59 Split hwcsum into rxcsum and txcsum components. 2001-09-18 20:13:48 +00:00
jlemon
8fc7300a95 Teach ifconfig about the new interface capability words. 2001-09-18 17:43:30 +00:00
gallatin
aa094c1b93 fix savecore so that it works on the alpha after the size change
of dumpmag from an int to a u_long in rev 1.41 -- without this
change, savecore will always fail like this:

#savecore -v /var/crash
dumplo = 874356736 (1707728 * 512)
savecore: magic number mismatch (8fca0101 != 8fca0101)
savecore: no core dump
2001-09-13 21:19:13 +00:00
ru
bc205d4152 Set BINOWN=root explicitly for setuid root binaries.
This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.
2001-09-13 06:48:18 +00:00
ru
cfe8e30185 Use ${MACHINE}, it works with cross-builds. 2001-09-12 12:21:08 +00:00
ru
3072963f18 mdoc(7) police: restore fix in rev. 1.52; .Dt should be in CAPITALS. 2001-09-11 10:00:48 +00:00
ru
4786851de1 mdoc(7) police: restore the correct sorting of SEE ALSO. 2001-09-11 09:58:34 +00:00
ru
68b77cf2e9 mdoc(7) police: markup nits, improve -W option text,
mount_msdos(8) is called mount_msdosfs(8) nowadays.
2001-09-11 09:57:31 +00:00
ru
a0a0725b67 Removed -M and -N from getopt(3) call as well. 2001-09-11 09:49:36 +00:00
grog
374781cf17 Use a better stripe size in the examples.
Noted by:	Sean Eric Fagan <sef@kithrup.com>
2001-09-09 02:23:06 +00:00
semenu
8c98d68610 Stole unicode translation table from mount_msdos. Add kernel code
to support this translation.

MFC after:	2 weeks
2001-09-08 23:03:52 +00:00
kris
3633cc3a37 * Switch from doing compress(1)ed crashdumps with the -z flag to using
gzip(1).  gdb doesn't understand these, but then again it didn't
  understand compressed crashdumps either.
* Change a stray lseek() into a Lseek()
* Remove the extraneous prototype for log() which has apparently never
  existed in FreeBSD's sources

Obtained from:  NetBSD (partially)
MFC after:      2 weeks
2001-09-06 09:30:09 +00:00
dd
91ffaa180c Use CFLAGS, not COPTS, in the Makefile. bsd.prog.mk conveniently adds
COPTS towards the end of final CFLAGS so that it can be used to
override Makefile and other defaults.  Using it in Makefiles risks
having options set using it clobbered when somebody uses it on the
command line.

Approved by:	bde
2001-09-05 20:10:59 +00:00
ru
d4d77d0e3c SECURITY.
Notify operators using wall(1)'s -g option.
Drop ``setgid tty'' privilege.

Obtained from:	OpenBSD
MFC after:	1 month
2001-09-05 15:37:01 +00:00
ru
e9cbb548b9 The defaults for bsize and fsize were interchanged.
PR:		docs/30330
2001-09-05 08:51:21 +00:00
ru
29e117e978 Don't reinvent the wheel; use strptime(3).
MFC after:	2 weeks
2001-09-04 16:17:17 +00:00
ru
cfdeaad88e mdoc(7) police: removed hard sentence breaks. 2001-09-04 09:28:48 +00:00
phk
20b1b95395 Duh! forgot this bit of the NCCD patch.
Submitted by:	sobomax
Reviewed by:	phk
2001-09-04 09:19:48 +00:00
murray
9583145217 Mention collision attacks on MD5. From the md5(3) man page.
PR:		docs/14158
Reviewed by:	kris
Submitted by:	Eric Frias <efrias@sg505.net>
2001-09-04 01:01:07 +00:00
jlemon
d0716116a5 IPFilter source code in contrib/ipfilter apparently can't make up its mind
where the headers should live, as the code references both "ip_fil.h" and
"netinet/ip_fil.h" (among others).  As a consequence, put both
sys/contrib/ipfilter and sys/contrib/ipfilter/netinet to the include path
so either variant works.

PR: 29384
Pointed out by: Thomas.Quinot@Cuivre.FR.EU.ORG
2001-09-03 16:37:16 +00:00
ru
d7e70183dd SECURITY: Drop `setgid kmem' bit as early as possible. 2001-08-31 16:26:37 +00:00
ru
3be01aaf66 Synch with NetBSD and OpenBSD.
Allow non-superuser to open, listen to, and send safe commands on the
routing socket.  Superuser priviledge is required for all commands
but RTM_GET.

Lose `setuid root' bit of route(8).

Reviewed by:	wollman, dd
2001-08-31 12:31:09 +00:00
ru
c4f33518b6 restore(8) doesn't need to be setgid `tty', and never did.
At the times, restore(8) and rrestore(8) were the different
utilities.  rrestore(8) was installed setuid `root', while
restore(8) with usual ownership and privileges.  Later on,
on August 28, 1991 (what a coincidence!), rrestore(8) code
was merged with restore(8).  The setgid `tty' bit then was
accidentally put.
2001-08-30 09:18:55 +00:00
peter
33e9a790f5 Banish hard-coded KERNBASE references from savecore. Dynamically
adjust to whatever kernbase is in the kernel that we are dumping.
2001-08-24 09:26:17 +00:00
yar
32257b83b8 `create'' and `destroy'' are command modifiers (.Cm), not flags (.Fl). 2001-08-22 18:37:47 +00:00
ru
2b577fc318 mdoc(7) police: Fixed broken xrefs. 2001-08-22 14:16:31 +00:00
brian
6820e8fb2d Handle snprintf() returning < 0 (not just -1)
MFC after:	2 weeks
2001-08-20 14:53:05 +00:00
brian
016b1a255a Handle snprintf() returning -1.
MFC after:	2 weeks
2001-08-20 12:56:45 +00:00
dd
3f0adc3d96 Fix grammar. 2001-08-20 02:16:41 +00:00
dd
333eb2bebd Respect the -N flag when changing directory attributes in setdirmode).
PR:		29671
Submitted by:	Sascha Blank <sblank@addcom.de>
2001-08-20 02:15:22 +00:00
kris
5e75b336b9 Silence non-constant format string warnings by marking functions
as __printflike()/__printf0like(), adding const, or adding missing "%s"
format strings, as appropriate.

MFC after:	2 weeks
2001-08-19 08:19:37 +00:00
brooks
426e63d9a6 Actuall make plumb work in addition to create as per the manpage.
PR:		bin/29812
Submitted by:	Joao Carlos Mendes Luis <jonny@eng05.embratel.net.br>
2001-08-17 22:16:11 +00:00
ru
b8156781f0 mdoc(7) police: restore markup bit that got accidentally lost in rev. 1.44. 2001-08-16 11:31:18 +00:00
ru
ed60690b9e mdoc(7) police: replace \*(Ba' with a simple |', it's handled specially. 2001-08-16 11:09:00 +00:00
ru
66a8fb5a4d mdoc(7) police: Section cross-references are marked with .Sx.
-compat is not a valid keyword.
2001-08-16 07:43:16 +00:00
dd
f0911c2f1b Implement a better compatibility mode with mount_mfs. It is the
default if the executable is named (called as) "mount_*", or can be
enabled with the -C option.  This allows users to leave their old
fstab entires unchanged (modulo symlink'ing mdmfs to mount(md|mfs))
and have things behave the way they should (by emulating mount_mfs
silliness), while still allowing mdmfs to be used as a generic
make-an-md-and-mount-it type thing.

Right now, the only effects of this option is to set the mount-point
mode to 01777 as if "-p 1777" was given, and to complain about getting
command-line options that mount_mfs didn't take (e.g., -X, -L, et al).
The latter is mostly to try to catch operator errors.

Also implement -U, which turns on soft-updates.  It's redundant (since
softdep is the default), but implement it anyway for compatibility.
2001-08-16 02:40:29 +00:00
ru
bde8ec1b70 mdoc(7) police: utilize the new .Ex macro. 2001-08-15 09:09:47 +00:00
obrien
e7702d76b6 style(9) tweak
Approved by:	dd
2001-08-14 14:14:20 +00:00
ru
24c7b0a61d mdoc(7) police: s/BSD/.Bx/ where appropriate. 2001-08-14 10:01:54 +00:00
peter
61bf775b8a ftrace is already initialized 2001-08-13 21:56:09 +00:00
ru
e8e5635e4a Spell "FreeBSD" with "F" and "BSD" in uppercase. 2001-08-13 16:33:00 +00:00