end values in bootinfo) in kernel space if it is loaded (i.e., if its
specified end address is nonzero), not just if it is loaded and DDB
is configured. This may be used to fix kldsym(2) for booting without
/dev/loader; currently, in this case, it just fixes unused pointers
and wastes space consistently. For booting in the normal way with
/boot/loader, the table is included and pointed to in a different way
and kldsym(2) works.
It also squashes 99% of packet kiddie synflood orgies. For example, to
rate syn packets without MSS,
ipfw pipe 10 config 56Kbit/s queue 10Packets
ipfw add pipe 10 tcp from any to any in setup tcpoptions !mss
Submitted by: Richard A. Steenbergen <ras@e-gerbil.net>
a parameter and dtrt.
Also, make boot-conf always unload first. There wasn't really any
point in not doing this, as the kernel _has_ to be loaded before
any other modules.
Tested by: dwhite
Trimmed an extra sysctl when I moved kern.suser_permitted from kern_mib.c
to kern_prot.c. This commit should restore it, as well as fix the
resulting build problems.
Submitted by: asmodai
loader for alpha (Yay!) we still need to explicitly look for boot_verbose-
I assume because the boothowto flags aren't passed to us at boot like x86.
Do some minor cosmetics as well.
21143 chips, I accidentally removed the DC_MII_REDUCED_POLL flag
for all 21143 cards. This caused problems with timer-instigated
TCP retransmits, which happened to occur at the same time as an
MII poll tick on MII-based cards (e.g. D-Link DFE-570TX). Fixed this,
plus made some other cleanups. The autoneg fixes for the non-MII
cards still work. Also tested the PNIC II now that I have one again.
This will support power-off only. Fix for suspend/resume will come later.
Also, MFC on this is shceduled on next week.
Submitted by: sumitani@bd2.hnes.nec.co.jp
Reviewed by: jlemon
- Kernel and userland function calls
- Struct describe capability set
- Constants for individual capabilities (some POSIX.1e, some Linux,
some BSD)
No supporting code to be committed yet, this commit allows dependent
development take place.
Reviewed by: bde
Obtained from: TrustedBSD Project
Fix several instances of breakage in RAID-5 revive code.
Tidy up code.
parityops:
Don't attempt to do anything if the plex is degraded or worse.
parityrebuild:
Add comments.
Perform transfers in correct length.
have their own lock and do not need the MP lock. The SMP cleanup was
a little too conservative in MP locking fast interrupts but at least
it's trivial to fix. MFC soon.
Submitted by: bde
after autoneg so we make sure to set the link state and duplex mode
correctly.
- Make sure to set the 'ignore pause frames' bit on the XMAC.
- Small linewrap fix.
kern_prot, which cleans up some namespace issues
o Don't need a special handler to limit un-setting, as suser is used to
protect suser_permitted, making it one-way by definition.
Suggested by: bde
returning anything but EPERM.
o suser is enabled by default; once disabled, cannot be reenabled
o To be used in alternative security models where uid0 does not connote
additional privileges
o Should be noted that uid0 still has some additional powers as it
owns many important files and executables, so suffers from the same
fundamental security flaws as securelevels. This is fixed with
MAC integrity protection code (in progress)
o Not safe for consumption unless you are *really* sure you don't want
things like shutdown to work, et al :-)
Obtained from: TrustedBSD Project
needed to add into ether_input) and finally sorting IFF_RUNNING through
whole driver.
As part of the IFF_RUNNING stuff, we've added an extra flag so callers
can request that runq routines should check IFF_RUNNING before executing.
Remove BPF taps as this is now done by ether_input.
Resurrect multicast code, moving the multicast list stuff to the runq
routine.
Dump ray_promisc_user as all flag changes are now handled by ray_init, and
add a couple of checks to ray_promisc.
In uppparams_user, allow changes before the card is running (need to
fix some breakage with _download here later). In addition, don't
assume that the current n/w parameters are valid - they are only valid
in the runq.
Fix a nasty flag bug - runq_add cleared all the flags on the last command!
Remove the hacks for setting the memory flags - problems were down
to buggy versions of pccardd. For some reason pccardd only dtrt with
the "right" debug_level.
if an FFS partition returns EOPNOTSUPP, as it just means extended
attributes weren't enabled on that partition. Prevents spurious
warning per-partition at shutdown.
TCP/IP (v4) sockets, and routing sockets. Previously, interaction
with IPv6 was not well-defined, and might be inappropriate for some
environments. Similarly, sysctl MIB entries providing interface
information also give out only addresses from those protocol domains.
For the time being, this functionality is enabled by default, and
toggleable using the sysctl variable jail.socket_unixiproute_only.
In the future, protocol domains will be able to determine whether or
not they are ``jail aware''.
o Further limitations on process use of getpriority() and setpriority()
by jailed processes. Addresses problem described in kern/17878.
Reviewed by: phk, jmg