- to show a specific set: ipfw set 3 show
- to delete rules from the set: ipfw set 9 delete 100 200 300
- to flush the set: ipfw set 4 flush
- to reset rules counters in the set: ipfw set 1 zero
PR: kern/113388
Submitted by: Andrey V. Elsukov
Approved by: re (kensmith)
MFC after: 6 weeks
best practices:
1. The old way of generating the localhost zones was not optimal both
because they did not exist by default, and because they were not really
aligned with BCP. There is no need to have the dynamic data that the
make-localhost script generated, and good reasons to do this more
"by the book."
2. In named.conf
a. Clean up white space
b. Add/clarify a few comments
c. Slave zones from the root servers instead of using a hints
file. This has several advantages, as described in the comments.
d. Significantly revamp the default zones, including the
forward localhost zone, and the reverse zones for IPv4 and IPv6
loopback addresses. There are extensive comments describing what
is included and why. Interested readers should take the time to
review the RFCs mentioned in the comments. There is also relevant
information about the motivations for hosting these zones in the
"work in progress" Internet-Draft,
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
or its successor.
It's also worth noting that a significant number of these
empty zones are already included by default in the named binary
without any user configuration.
e. Because we're including a lot of examples of both local
forward zones and slave zones in the default configuration,
eliminate some of those examples.
3. Add new localhost-{forward|reverse} zone files, and an "empty" zone
to support the changes in 2.d. above. The empty zone file isn't really
empty in order to avoid a warning from BIND about a zone file that
doesn't contain any A or AAAA records.
passed to vm_pageout_clean() cannot possibly be PG_UNMANAGED because
it came from the inactive queue and PG_UNMANAGED pages are not in any
page queue. Moreover, PG_UNMANAGED pages only exist in OBJT_PHYS
objects, and all pages within a OBJT_PHYS object are PG_UNMANAGED.
So, if the page that is passed to vm_pageout_clean() is not
PG_UNMANAGED, then it cannot be from an OBJT_PHYS object and its
neighbors from the same object cannot themselves be PG_UNMANAGED.
Reviewed by: tegge
assume yes unless seek has previously failed, but I fear I'll have to
avoid seeks under other circumstances. (For instance, tape drives on
FreeBSD seem to return garbage from lseek().) Also, optimize away
zero-byte skips.
which caused the cursor not to return to the place
it should when -w is used with -e.
Note that this is a commit against -HEAD because
we already have the file off the vendor branch.
Reported by: Tom Uffner (on -current@)
Obtained from: http://www.greenwoodsoftware.com/less/less-405.tar.gz
don't have it. Some partitioning schemes, as well as file systems,
operate on the geometry and without it such schemes (e.g. MBR)
and file systems (e.g. FAT) can't be created. This is useful for
memory disks.
will intialize the the header length and re-initialize the mbuf pointer
to reference the mbuf that is allocated after moving user supplied packet
data in.
when linear acceleration (-a) was enabled with a <1 value to slow them down.
Previously, rounding errors would eat small movements so the mouse had to be
moved a certain distance to get any movement at all. We now calculate the
rounding errors and take them into account when reporting movement.
PR: bin/113749
Submitted by: Oliver Fromme <olli -at- secnetix.de>
MFC after: 3 days
to hold off freeing if there is data pending ... someone
might do send/close. Which means we want the data to
go and then close it after startup. Added comments to
the code as well to note that this is done for a reason.
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.
In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.
The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs. E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM. When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made. Then it'll be
enough to set the expire field in future for the commands to run
again. And so on.
Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.
X-Security: should benefit as users have access to cron(8) by default
o shorten explainations which are over 80 columns in console.
o group rows
o clean up and change explanations a little bit.
Obtained from: weongyo.jeong@gmail.com
Remove device_t dv, since it is no longer needed.
Add sizeof(device_t) to replace sizeof dv.
Change device_detach(dev) to device_detach(dev->subdevs[i]) since the type
of dev isn't right! Not sure when this was introduced, but it likely would
lead to a crash on disconnect.
MFC After: 1 week
of the magic string is passed in a 32-bit register, we can't use high
memory in the PAE case. This also eliminates a use of vtophys().
Tested by: Jeff Shimbo <jts767 / gmail.com>
MFC after: 1 week
now takes a device_t to be the parent of the bus that is being created.
Most SIMs have been updated with a reasonable argument, but a few exceptions
just pass NULL for now. This argument isn't used yet and the newbus
integration likely won't be ready until after 7.0-RELEASE.
can be allocated atomically
- add debug macros for printing lock initialization / teardown
- add buffers to port_info and adapter to allow each lock to have a
unique name
- destroy mutexes initialized by cxgb_offload_init
- remove recursive calls to ADAPTER_LOCK
- move callout_drain calls so that they don't occur with the lock held
- ensure that only as many qsets as are needed are initialized and
destroyed
MFC after: 3 days
Sponsored by: Chelsio Inc.