devd.conf execution of third-party software, that needs libraries
from /usr/local. Since devd is launched before ldconfig script, if
the hardware that has associated software is attached on boot, then
execution would fail.
Differential Revision: https://reviews.freebsd.org/D2332
Reviewed by: imp
- Remove extranious echo that breaks puppet
- Handle restarts of multiple pflog devices correctly
- Add the ability to perform actions on specific pflog devices.
PR: 199150
Submitted by: jason.unovitch@gmail.com
MFC after: 3 days
r272959 broke compatibility with mfsBSD that stores the default network
config file in /etc/rc.conf.d/network. In order to fix that load the network
config file from netif also.
This was a discrepancy between ^/projects/building-blocks and ^/head that I
didn't resolve before committing the change to ^/head
Pointyhat to: me
Reported by: jhb
MFC after: 20 days
X-MFC with: r278249
Sponsored by: EMC / Isilon Storage Division
and IPv6 rules in a single table. ipf -6 -Fa will flush the whole table,
including IPv4 rules. This patch removes the redundant ipf -I -6 -Fa
statement.
PR: 188318
MFC after: 2 weeks
mrouted has been available in ports for the last 8 years as net/mrouted . An
equivalent rc.d script has been present in the port.
Remove all corresponding variables from etc/defaults/rc.conf
Relnotes: yes
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.
No objections from: net@
random script ran before filesystems were mounted, which is no
longer the case.
In random_start(), immediately delete each file that is fed into
/dev/random, and recreate the default entropy file immediately
after reading and deleting it. The logic used in random_stop()
to determine which file to write to should probably be factored
out and used here as well.
do not require additional entropy to function.
It would create a circular dependency (not immediately obvious:
geli provides 'disks' and requires 'random' as of r273872,
'random' requires 'FILESYSTEMS', 'FILESYSTEMS' requires 'root',
'root' requires 'swap', and finally 'swap' requires 'disk').
This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources.
The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people.
The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway.
Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to.
My thanks also to folks who helped me thresh this out on whiteboards and in the odd "Hallway track", or otherwise.
My Nomex pants are on. Let the feedback commence!
Reviewed by: trasz,des(partial),imp(partial?),rwatson(partial?)
Approved by: so(des)
