Commit Graph

57 Commits

Author SHA1 Message Date
Alexander V. Chernikov
670e8b3b8c Kill custom in_matroute() radix mathing function removing one rte mutex lock.
Initially in_matrote() in_clsroute() in their current state was introduced by
r4105 20 years ago. Instead of deleting inactive routes immediately, we kept them
in route table, setting RTPRF_OURS flag and some expire time. After that, either
GC came or RTPRF_OURS got removed on first-packet. It was a good solution
in that days (and probably another decade after that) to keep TCP metrics.
However, after moving metrics to TCP hostcache in r122922, most of in_rmx
functionality became unused. It might had been used for flushing icmp-originated
routes before rte mutexes/refcounting, but I'm not sure about that.

So it looks like this is nearly impossible to make GC do its work nowadays:

in_rtkill() ignores non-RTPRF_OURS routes.
route can only become RTPRF_OURS after dropping last reference via rtfree()
which calls in_clsroute(), which, it turn, ignores UP and non-RTF_DYNAMIC routes.

Dynamic routes can still be installed via received redirect, but they
have default lifetime (no specific rt_expire) and no one has another trie walker
to call RTFREE() on them.

So, the changelist:
* remove custom rnh_match / rnh_close matching function.
* remove all GC functions
* partially revert r256695 (proto3 is no more used inside kernel,
  it is not possible to use rt_expire from user point of view, proto3 support
  is not complete)
* Finish r241884 (similar to this commit) and remove remaining IPv6 parts

MFC after:	1 month
2014-11-11 02:52:40 +00:00
Sergey Kandaurov
54c22eeae8 Clean up manual pages after BIND removal.
MFC after:	1 week
2013-12-25 17:28:08 +00:00
Glen Barber
814b16ba92 Fix some Xr references:
- ada(4): ad(4) - removed, ada(4) would be a self-referencing entry
- cd(4): ad(4) -> ada(4)
- da(4): ad(4) -> ada(4)
- DEVICE_PROBE(9):  ugen(5) -> ugen(4)
- ed(4): dhclinet(8) -> dhclient(8) (typo)
- lmc(4): Netgraph(4) -> netgraph(4)
- security(7): rc.conf(8) -> rc.conf(5)
- sfxge(4): cpuset(8) -> cpuset(1)
- sbp(4): sysctl(1) -> sysctl(8)
- portindex(5): build(1) -> build(7)
- u3g(4): usbconfig(5) -> usbconfig(8)
- usb_quirk(4): usbconfig(5) -> usbconfig(8)

Found with:	textproc/igor
MFC after:	3 days
2012-02-09 04:37:30 +00:00
David E. O'Brien
ef522f9515 Disallow various debug.kdb sysctl's when securelevel is raised.
PR:	161350
2011-10-07 05:47:30 +00:00
Rebecca Cran
ac095af538 Remove duplicate "in".
Suggested by:	Rob Farmer <rfarmer at predatorlabs.net>
MFC after:	3 days
2011-03-01 11:47:51 +00:00
Rebecca Cran
b633aa9451 Revert some of r177626. "in in" is valid in certain sentences.
PR:		121490
MFC after:	3 days
2011-02-28 10:03:48 +00:00
Daniel Gerzo
b4b13eba35 - s/unsecure/insecure/ as this is the correct keyword 2010-01-07 11:30:54 +00:00
Christian Brueffer
6b05959af0 Add a missing word.
PR:		140989
Submitted by:	Lachlan Kang
MFC after:	1 week
2010-01-04 22:23:09 +00:00
Christian Brueffer
662cac9f23 Fix some "in in" typos in comments.
PR:		121490
Submitted by:	Anatoly Borodin <anatoly.borodin@gmail.com>
Approved by:	rwatson (mentor), jkoshy
MFC after:	3 days
2008-03-26 07:32:08 +00:00
Tom Rhodes
8d3cfc6184 So there is where that handbook paragraph came from. Kill it here too.
Remove a paragraph about over building security, it's a bit off.

Discussed with: des, FreeBSD-security
2006-09-08 04:56:21 +00:00
Giorgos Keramidas
ff8a6926d9 When securelevel is >= 1, /dev/io may not be opened at all (not just for
write).  Update the securelevel description to match this.

Reported by:	Alexandros Kosiaris <akosiaris@gmail.com>
MFC after:	3 days
2006-07-12 18:12:11 +00:00
Giorgos Keramidas
52fc88b53b apropos(1) does not expand *roff macros that should appear in .Nd
text and, as a result, 'FreeBSD' is not visible in apropos output
when security(7) is displayed.  Fix this buglet by using a
literal 'FreeBSD' string in .Nd

PR:		docs/85986
Submitted by:	Matthias Schmidt <schmidtm@mathematik.uni-marburg.de>
MFC after:	1 week
2006-05-12 17:42:48 +00:00
Ceri Davies
0ebb41bef5 Security levels are not discussed further in init.8; we moved that
discussion to this manual.
2006-01-19 20:01:43 +00:00
Gary W. Swearingen
e17c0e3256 Moved descriptions of securelevels from init(7) to security(7).
Files used both "securelevel" and either "secure level" or
"security level"; all are now "security level".

PR:             docs/84266
Submitted by:   garys
Approved by:    keramida
MFC after:      3 days
2005-09-03 17:16:00 +00:00
Jens Schweikhardt
9518a2473e s/then/than 2005-07-18 21:33:00 +00:00
Christian Brueffer
f0ea72a038 - Remove MLINKS to nonexistant manpages
- Change some section numbers to match reality
- For MLINKS to manpages from ports, mention which port installs them

MFC after:	3 days
2005-07-14 20:29:08 +00:00
Ruslan Ermilov
a3f9c9fc03 Fixed xref. 2005-01-21 12:01:00 +00:00
Ruslan Ermilov
e354922c78 MNT_NODEV is deprecated. 2004-11-29 09:56:12 +00:00
Warner Losh
5ecb12e35b Expand indirect reference to copyright file to the portion of that file
that is relevant.
2004-08-07 04:40:20 +00:00
Ruslan Ermilov
5203edcdc5 Mechanically kill hard sentence breaks and double whitespaces. 2004-07-03 18:29:24 +00:00
Ruslan Ermilov
454ba76889 Overhaul the markup. 2004-06-15 12:48:50 +00:00
Daniel Harris
4c0d8029dc "in in" is not always wrong (backout 1.18).
Keep the onion metaphor consistent.
2004-05-18 18:17:25 +00:00
Daniel Harris
47afd1f81e Effect the correct use of "affect".
Use em dashes instead of " - ".

Use .Em instead of *emphasis*.

Note that securing root indirectly (by securing staff accounts) works
only if direct root access has been limited. [1]

s/hacker/attacker, as done in the handbook. (inspired by [1])

PR:		52878 [1]
Submitted by:	Brian Minard <bminard@flatfoot.ca> [1]
2004-05-18 17:50:08 +00:00
Ceri Davies
a30de06b88 Correct minor typos. 2004-02-18 18:52:09 +00:00
Tom Rhodes
49d1509b8b Remove 'broken in some cases' Xref to Kerberos.
PR:		30443
Cool with:	markm (who approved this ages ago)
2004-02-10 07:08:54 +00:00
Christian Brueffer
e478095ed8 Grammar fix
PR:		54225
Submitted by:	Christopher Nehren <apeiron@comcast.net>
MFC after:	3 days
2003-07-08 21:10:32 +00:00
Tom Rhodes
1cbb9689ed Remove the old xref to kerberos(1), and replace it with an xref to
kerberos(8).  According to markm, the kerberos(8) manual page is
installed if NO_KERBEROS is set.

PR:	30443
2003-06-14 13:23:49 +00:00
Ruslan Ermilov
074ad11567 Spelling: s/then/than/ where appropriate. 2002-12-24 16:52:31 +00:00
Ruslan Ermilov
8d5d039f80 Uniformly refer to a file system as "file system".
Approved by:	re
2002-12-12 17:26:04 +00:00
Giorgos Keramidas
6057ffa65a Fix typo.
PR:		docs/35422
Submitted by:	Mike DeGraw-Bertsch <mbertsch@radioactivedata.org>
2002-02-28 22:44:15 +00:00
Robert Watson
992e463887 Clarify word choice: s/those users/users/, since there is no previous
instance of 'users' to refer to.
2002-02-18 00:20:12 +00:00
Mike Pritchard
7c86a74b2d ispell sweep of share/man/man7/*. 2002-01-09 12:34:01 +00:00
Dima Dorfman
b94231daca Spelling police: "more then" - "more than" where appropriate. 2001-11-24 19:47:12 +00:00
Ruslan Ermilov
57e4378bf6 mdoc(7) police: protect trailing full stops of abbreviations
with a trailing zero-width space: `e.g.\&'.
2001-08-10 13:45:36 +00:00
Ruslan Ermilov
c4d9468ea0 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
Jens Schweikhardt
c1f3e4bf21 Removed whitespace at end-of-line; no content changes. I simply did
cd src/share; find man[1-9] -type f|xargs perl -pi -e 's/[ \t]+$//'

BTW, what editors are the culprits? I'm using vim and it shows
me whitespace at EOL in troff files with a thick blue block...

Reviewed by:	Silence from cvs diff -b
MFC after:	7 days
2001-07-14 19:41:16 +00:00
Ruslan Ermilov
3d45e180f4 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 15:31:11 +00:00
Dima Dorfman
70d51341bf mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
Ruslan Ermilov
5521ff5a4d mdoc(7) police: sort SEE ALSO xrefs (sort -b -f +2 -3 +1 -2). 2001-07-06 16:46:48 +00:00
Dima Dorfman
a910f192bb Remove duplicate words. 2001-06-24 01:34:38 +00:00
Dima Dorfman
9baaab27a0 OpenSSH doesn't forward keys by default. 2001-06-16 00:32:19 +00:00
Ruslan Ermilov
d0353b836e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
Ruslan Ermilov
3136363f3e Prepare for mdoc(7)NG. 2000-12-29 09:18:45 +00:00
Sheldon Hearn
f167d7fb3e Fix miscellaneous mdoc macro argument limit infringements.
PR:		18465
Reported by:	Kazu TAKAMUNE <takamune@avrl.mei.co.jp>
2000-05-09 14:02:06 +00:00
Nik Clayton
8596de5303 Note that openssh/ssl are in the tree now, and use the correct section
numbers for accton(8), sshd(8), and syslogd(8).

PR:             docs/17100
Submitted by:   Udo Erdelhoff <ue@nathan.ruhr.de>
2000-03-07 13:59:26 +00:00
Matthew Dillon
ad27d06632 Minor cleanups
Reviewed by:	Matthew Dillon <dillon@backplane.com>
Submitted by:	 Alexey Zelkin <phantom@cris.net>
1999-09-19 05:30:12 +00:00
Matthew Dillon
d93b26d657 Bring security page uptodate, add more references, clarify some of
the comments, etc.
1999-09-18 18:21:38 +00:00
Alexey Zelkin
f6f8f44dac mdoc(7) style fixes:
.Bx Free -> .Fx
Cross references to ports splited into different subsection

PR:		13256
Submitted by:	Alexey Zelkin <phantom@cris.net>
Reviewed by:	mpp
1999-09-04 14:55:22 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Chris Costello
f437b38cf7 Fix a bunch of broken cross-references 1999-08-18 05:55:22 +00:00