1) Allow the sending of more than one control message at a time
over a unix domain socket. This should cover the PR 29499.
2) This requires that unp_{ex,in}ternalize and unp_scan understand
mbufs with more than one control message at a time.
3) Internalize and externalize used to work on the mbuf in-place.
This made life quite complicated and the code for sizeof(int) <
sizeof(file *) could end up doing the wrong thing. The patch always
create a new mbuf/cluster now. This resulted in the change of the
prototype for the domain externalise function.
4) You can now send SCM_TIMESTAMP messages.
5) Always use CMSG_DATA(cm) to determine the start where the data
in unp_{ex,in}ternalize. It was using ((struct cmsghdr *)cm + 1)
in some places, which gives the wrong alignment on the alpha.
(NetBSD made this fix some time ago).
This results in an ABI change for discriptor passing and creds
passing on the alpha. (Probably on the IA64 and Spare ports too).
6) Fix userland programs to use CMSG_* macros too.
7) Be more careful about freeing mbufs containing (file *)s.
This is made possible by the prototype change of externalise.
PR: 29499
MFC after: 6 weeks
name is "mount_mfs" or "mfs". Previously, the condition was that
the program name must start with "mount_", but this both missed
the case where mount(8) invokes mdmfs with argv[0] = "mfs", and it
included cases such as "mount_md" where compatibility is not
required.
Reviewed by: dd
a block or character device; the rest of tunefs works just fine on
filesystem images in regular files. Instead, if getfsfile() failed
and if the specified filesystem is a directory then print a more
useful "unknown file system" error.
Also, _PATH_DEV already contains a trailing slash, so don't add
another one when constructing a device path, and use errx() instead
of err() in a case where errno is meangingless.
addresses (and the macros that ipfw(4) use to lookup data for the 'me'
keyword have been converted) remove a comment about using 'me' being a
"computationally expensive" operation.
while I'm here, change two instances of "IP number" to "IP address"
+ implement "limit" rules, which permit to limit the number of sessions
between certain host pairs (according to masks). These are a special
type of stateful rules, which might be of interest in some cases.
See the ipfw manpage for details.
+ merge the list pointers and ipfw rule descriptors in the kernel, so
the code is smaller, faster and more readable. This patch basically
consists in replacing "foo->rule->bar" with "rule->bar" all over
the place.
I have been willing to do this for ages!
MFC after: 1 week
right; after a single packet was dropped it beeped after every
transmission.
Change its implementation to only output a bell when there is an
increase in the maximum value of the number of packets that were
sent but not yet received. This has the benefit that even for very
long round-trip times, ping -A will do roughly the right thing
after a few inital false-positives.
Reviewed by: ru
and speed. No new functionality added (yet) apart from a bugfix.
MFC will occur in due time and probably in stages.
BUGFIX: fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (there is a PR on this).
OTHER CHANGES: minor changes to the internal struct for static and dynamic rules.
Requires rebuild of ipfw binary.
Add comments to show how data structures are linked together.
(It probably makes no sense to keep the chain pointers separate
from actual rule descriptors. They will be hopefully merged soon.
keep a (sysctl-readable) counter for the number of static rules,
to speed up IP_FW_GET operations
initial support for a "grace time" for expired connections, so we
can set timeouts for closing connections to much shorter times.
merge zero_entry() and resetlog_entry(), they use basically the
same code.
clean up and reduce replication of code for removing rules,
both for readability and code size.
introduce a separate lifetime for dynamic UDP rules.
fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (PR ...)
restructure dynamic rule descriptors
introduce some local variables to avoid multiple dereferencing of
pointer chains (reduces code size and hopefully increases speed).
of dumpmag from an int to a u_long in rev 1.41 -- without this
change, savecore will always fail like this:
#savecore -v /var/crash
dumplo = 874356736 (1707728 * 512)
savecore: magic number mismatch (8fca0101 != 8fca0101)
savecore: no core dump
gzip(1). gdb doesn't understand these, but then again it didn't
understand compressed crashdumps either.
* Change a stray lseek() into a Lseek()
* Remove the extraneous prototype for log() which has apparently never
existed in FreeBSD's sources
Obtained from: NetBSD (partially)
MFC after: 2 weeks
COPTS towards the end of final CFLAGS so that it can be used to
override Makefile and other defaults. Using it in Makefiles risks
having options set using it clobbered when somebody uses it on the
command line.
Approved by: bde
where the headers should live, as the code references both "ip_fil.h" and
"netinet/ip_fil.h" (among others). As a consequence, put both
sys/contrib/ipfilter and sys/contrib/ipfilter/netinet to the include path
so either variant works.
PR: 29384
Pointed out by: Thomas.Quinot@Cuivre.FR.EU.ORG
Allow non-superuser to open, listen to, and send safe commands on the
routing socket. Superuser priviledge is required for all commands
but RTM_GET.
Lose `setuid root' bit of route(8).
Reviewed by: wollman, dd
At the times, restore(8) and rrestore(8) were the different
utilities. rrestore(8) was installed setuid `root', while
restore(8) with usual ownership and privileges. Later on,
on August 28, 1991 (what a coincidence!), rrestore(8) code
was merged with restore(8). The setgid `tty' bit then was
accidentally put.
