- BIOCGDIRECTION and BIOCSDIRECTION get or set the setting determining
whether incoming, outgoing, or all packets on the interface should be
returned by BPF. Set to BPF_D_IN to see only incoming packets on the
interface. Set to BPF_D_INOUT to see packets originating locally and
remotely on the interface. Set to BPF_D_OUT to see only outgoing
packets on the interface. This setting is initialized to BPF_D_INOUT
by default. BIOCGSEESENT and BIOCSSEESENT are obsoleted by these but
kept for backward compatibility.
- BIOCFEEDBACK sets packet feedback mode. This allows injected packets
to be fed back as input to the interface when output via the interface is
successful. When BPF_D_INOUT direction is set, injected outgoing packet
is not returned by BPF to avoid duplication. This flag is initialized to
zero by default.
Note that libpcap has been modified to support BPF_D_OUT direction for
pcap_setdirection(3) and PCAP_D_OUT direction is functional now.
Reviewed by: rwatson
- New Darwin, FreeBSD, and NetBSD versions.
- DragonFly support including the new .Dx macro.
- New .St strings: -isoC-amd1, -isoC-tcor1, -isoC-tcor2, and -ieee1275-94.
contains a sigdec[] vector of structures, but the generated output is
missing braces around the initializer of each struct, which
triggers warnings in WARNS=3:
src/usr.bin/top/sigdesc.h:10: warning: missing braces around initializer
src/usr.bin/top/sigdesc.h:10: warning: (near initialization for `sigdesc[0]')
* Fix the sigconv.awk script to generate a header with initializers
which look better.
* Add rules to usr.bin/top/Makefile that rebuilds a new sigconv.h
header which matches the correct signal set from the build-time
version of `${DESTDIR}/usr/include/signal.h' (so sigconv.h doesn't
get stale once changes are made to the header).
* Remove the old sigconv.h header, now that it is autoupdated at
build time.
* Various Makefile style fixes (the committed Makefile was kindly
submitted by Ruslan):
- Reorder .PATH, PROG, SRCS and CFLAGS to match style.Makefile(5)
- Split off the generated sources (sigdesc.h top.local.h) in an
SRCS+= line of their own.
- Add entries to CLEANFILES near the rules that generate the
respective files.
- Move the explicit rule which builds top.1 after the implicit
rules which generate its dependencies.
Reviewed by: ru, bde
Submitted by: ru (Makefile)
MFC after: 2 weeks
fix servicecurve check; no point in checking the same sc three times, it
was obviously intended to check all three. has been wrong since the
beginning, 4 years... noticed by Earl Lapus <earl.lapus@gmail.com>, Vasil
Dimov <vd@FreeBSD.org> mailed me then, ok mcbride
MFC after: 3 days
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
understand that non-local variables can never be collected, and when
it collected the static variable for mexitcount_libfunc, gcc aborted
on the next use of this variable.
This quick fix is to reinitialize the variable on every use and depend
on garbage collection recovering the small amount of memory wasted by
this, and not worry by the small amount of time wasted by this. It
would be better to initialize the variable together with most of the
other libfuncs in optabs.c and depend on whatever magic is there to
prevent its collection, but we initialize it here to avoid taking at
least 2 more files off the vendor branch.
the probe packet we sent and the packet quoted by the ICMP response.
Can be useful for spotting hops that change the packet in-flight
or have problems generating correct ICMP responses.
MFC after: 3 weeks
history notes since the last import:
OpenBSM 1.0 alpha 12
- Correct bug in auditreduce which prevented the -c option from working
correctly when the user specifies to process successful or failed events.
The problem stemmed from not having access to the return token at the time
the initial preselection occurred, but now a second preselection process
occurs while processing the return token.
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
which auditd(8) now sets the kernel audit trail rotation size to.
- auditreduce(1) now uses stdin if no file names are specified on the command
line; this was the documented behavior previously, but it was not
implemented. Be more specific in auditreduce(1)'s examples section about
what might be done with the output of auditreduce.
- Add audit_warn(5) closefile event so that administrators can hook
termination of an audit trail file. For example, this might be used to
compress the trail file after it is closed.
- auditreduce(1) now uses regular expressions for pathname matching. Users can
now supply one or more (comma delimited) regular expressions for searching
the pathnames. If one of the regular expressions is prefixed with a tilde
(~), and a path matches, it will be excluded from the search results.
MFC after: 3 days
Obtained from: TrustedBSD Project