L2/3/4 headers and can drop or steer packets as instructed. Filtering
based on src ip, dst ip, src port, dst port, 802.1q, udp/tcp, and mac
addr is possible. Add support in cxgbtool to program these filters.
Some simple examples:
Drop all tcp/80 traffic coming from the subnet specified.
# cxgbtool cxgb2 filter 0 sip 192.168.1.0/24 dport 80 type tcp action drop
Steer all incoming UDP traffic to qset 0.
# cxgbtool cxgb2 filter 1 type udp queue 0 action pass
Steer all tcp traffic from 192.168.1.1 to qset 1.
# cxgbtool cxgb2 filter 2 sip 192.168.1.1 type tcp queue 1 action pass
Drop fragments.
# cxgbtool cxgb2 filter 3 type frag action drop
List all filters.
# cxgbtool cxgb2 filter list
index SIP DIP sport dport VLAN PRI P/MAC type Q
0 192.168.1.0/24 0.0.0.0 * 80 0 0/1 */* tcp -
1 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* udp 0
2 192.168.1.1/32 0.0.0.0 * * 0 0/1 */* tcp 1
3 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* frag -
16367 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* * *
MFC after: 2 weeks
section holding the config file to sh_addralign bytes using NULs.
This bogusly triggers an assert. Break out of the loop when we hit an
NUL within that many bytes of the end.
MFC after: 3 days
will allow people with old config options to either have it just work
(if config is new enough), or get a version error (if their config is
about 7.0 or newer) rather than getting a cryptic error about
duplicated options in the options file, or getting an error about an
unknown option, at which point they'd update their config file only to
learn they need a new config, only to learn they didn't really need to
update their config file... All this because our version checking was
in the wrong place for the past decade...
# hopefully this is the last change, and we'll be able to config with an
# 8.0 GENERIC file on stable/8 after I merge this change and add the
# compat options.
MFC after: 3 days
versions of config. Remove support for the syntax OLD = NEW form the
options file, and instead have a new file $S/conf/options-compat.
This file will be parsed as OLD NEW on each line. Bump version of
config. Since nothing in -current ever used this, there's no hazards
for current users, so I'm not bumping the version in the
Makefiles.$MACHINE. No need, really, for this version bump in
-current, but this was introduced into -stable before I realized the
version check was ineffective there, so the verison bump doesn't hurt
here and keeps the two branches in sync, versionwise, after the MFC.
MFC after: 3 days
we've parsed the config file. Makefile generation is too late if
we've introduce changes to the syntax of the metafiles to warn about
version skew, since we have to try to parse them and we get an parse
error that's rather baffling to the user rather than a 'your config is
too old, upgrade' which we should get.
We have to defer doing it until after we've read the user's config
file because we define machinename there. The version required to
compile the kernel is encoded in Makefile.machinename. There's no
real reason for this to be the case, but changing it now would
introduce some logistical issues that I'd rather avoid for the moment.
I intend to revisit this if we're still using config in FreeBSD 10.
This also means that we cannot introduce any config metafile changes
that result in a syntax error or other error for the user until 9.0 is
released. Otherwise, we break the upgrade path, or at least reduce
the usefulness of the error messages we generate.
# This implies that the config file option mapping will need to be redone.
MFC after: 3 days
brings in support for an optional intent log which eliminates the need
for background fsck on unclean shutdown.
Sponsored by: iXsystems, Yahoo!, and Juniper.
With help from: McKusick and Peter Holm
- Rework the wrapper support to check libpkg version as well as pkg_install
version.
- Add libfetch to _prebuild_libs.
- There are no new features introduced.
Notes: the API is not stable, so basically, do not use libpkg in your
projects for now. Also there's no manpage for libpkg yet, because the API
will change drastically. I repeat, do not use libpkg for now.
with all other corresponding CTF places by changing the corresponding
code which is generated by config(8). Or in short, move the '@' from
the variable definition to the use of the variable. [1]
While I'm here break up a long line. [2]
Discussed with: imp [1,2], bde [2]
sure the "Q = Finish" text is visible.
Reword the boot manager screen to try and avoid confusion, and make the
order of the menu items match that in sysinstall.
PR: bin/142916
Submitted by: Jeremy Chadwick <freebsd at jdc.parodius.com>
Reviewed by: randi
Approved by: rrs (mentor)
MFC after: 1 week
feature. The kernel makefiles have specifically not been bumped
because nothing uses this new feature and doing so forces everybody to
recompile for no good reason. This chnage will be MFC'd where the
kernel version numbers for amd64 and ia64 will be bumped, since those
are the only two that have use the option remapping feature. Once
merged, this will give a better error message to folks that are using
buildkernel without buildworld or kernel-toolchain to update their
kernels.
MFC after: 3 days
OLD_OPT = NEW_OPT
in options* files will now map OLD_OPT to NEW_OPT with a friendly
message. This is indented for situations where we need to preserve an
interface in the config file in an upwards compatible fashion on a
stable branch.
Reviewed by: nwhitehorn@
MFC after: 3 days
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.
Reviewed by: ru
Approved by: philip, ed (mentors)
According to the manpage, the entries have to be sorted by uid. This is
no longer possible, since our utmpx implementation is completely unaware
of user IDs. You can safely add entries for multiple users sharing the
same uid.
Make the output less random by sorting everything by name.
* WPA-None requires ap_scan=2:
The major difference between ap_scan=1 (default) and 2 is, that no
IEEE80211_IOC_SCAN* ioctls/functions are called, though, there is a
dependency on those. For example the call to wpa_driver_bsd_scan()
sets the interface UP, this never happens, therefore the interface
must be marked up in wpa_driver_bsd_associate(). IEEE80211_IOC_SSID
also is not called, which means that the SSID has not been set prior
to the IEEE80211_MLME_ASSOC call.
* WPA-None has no support for sequence number updates, it doesn't make
sense to check for replay violations..
* I had some crashes right after the switch to RUN state, issue is
that sc->sc_lastrs was not yet defined.
Approved by: rpaulo (mentor)
MFC after: 3 weeks
symlink before complaining that it doesn't exist. Typical case
would be a leftover library symlink that's left over after the
actual library has been removed.
Reported by: tabthorpe
don't try to find a hidden meaning in the strange order. The list used
to be sorted in rev. 1.1 from 4.4BSD but the order was broken as soon as
in rev. 1.2 by a single-character fix.
MFC after: 3 days
When using ac -w, we must use the last timestamp to terminate the log
file. I accidentally removed this when I ported the code to use utmpx.
Reported by: avg
- avoid coredump when there's only one token on a line;
- Use calloc();
- Remove a line inherited from example mdoc.
Obtained from: OpenBSD
MFC after: 1 month
and modify the BEGEMOT-PF-MIB to add support for IPV6 address' statistics in the PF
tables via pfTablesAddrNetType and pfTablesAddrNet. While here, upgrade the
pf_tree.def file to the new format that includes enumerated values. Also make sure
to return SNMP_ERR_NOSUCHNAME for ALTQ objects, if ALTQ is disabled, so that the agent
will know to skip the pfAltq subtree when servicing GETNEXT requests from SNMP clients
(otherwise snmpwalk on begemotPf would stop at the pfAltq subtree with bsnmpd returning
SNMP_ERR_GENERR).
then find a specific entry, and get the requested value. So far, it found
the specific entry, refreshed the entry list if necessary, and got the
requested value from the found entry. The problem is that refreshing nukes
all old entries and replaces them with new ones and the obtained entry
pointer was no longer valid after the refresh.
Reviewed by: bz, philip
MFC after: 1 week
Right now if a jail has multiple IPv6 addresses, it will print them
shifting only 4 bytes at a time. Example:
2001:4dd0:ff41::b23f:a9
2001:4dd0:ff41::b23f:aa
Becomes:
2001:4dd0:ff41::b23f:a9
ff41::b23f:a9:2001:4dd0
By casting to in6_addr, it uses the correct offsets.
MFC after: 1 week
and enforce this in the code. Apparently a lot of users mistakenly
combine -a with these flags and are then mystified that no changes
were made.
While I'm here, fix a trailing space in mergemaster.8