into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure. Also the output of setkey is changed. sequence number
of the sadb is replaced to the end of the output.
Obtained from: KAME
crash dumps, and make it use sysctl for all data retrievals in the
"live" case (i.e. when not using iostat on a crash dump).
Remove setgid kmem for the iostat executable, it is not needed any
more after these changes.
Reviewed by: ken
- clean_mtab():
Actually use the strdup'd version of the host that we go to the
trouble of creating.
- do_umntall/do_umount:
Don't return success if clnt_create() fails.
Don't access a client pointer after it has been destroyed.
Remember to destroy the authentication information we created.
crypto bits installed and/or NOCRYPTO/NO_OPENSSL is defined. This unfortunately
meants that usr.bin/chkey, usr.bin/newkey and usr.sbin/keyserv have also to
be disconnected.
IMO it is merely a workaround, the proper solution is to move libmp to
src/crypto where it belongs and use libgmp for the cryptoless builds instead.
Missed by: dd
Use '' quotes instead of `' to delimit names of files and packages in
warning and error messages, because it is easier to cut-n-paste name in
question that way (single click) without confusing the shell. And yes,
I know that it is less eye-candy...
MFC after: 1 month
some of the config problems that we've been seeing (where wi0 tries to
allocate 0x138-0x198, for example).
Use err(1,"foo") rather than perror + exit while I'm here.
system installation process. This allows users installing via serial
console to enable serial console login during the installation
process using an un-customized install. The user is not prompted to
modify /etc/ttys during a normal install, but is offered the
opportunity during post-install configuration.
- Introduce configTTYs(), which describes the benefits of editing
/etc/ttys, and asks for confirmation before spawning the editor.
- add configTTYs to the post-install configuration, as well as to
the global configuration index.
by providing the opportunity to edit inetd.conf during the system
installation process. The following modifications were made:
(1) Expand the Anonymous FTP description dialog to indicate that inetd
and ftpd must be enabled before it can be used.
(2) Introduce a new configInetd() pair of dialogs, the first describing
inetd, giving a couple of examples of services that require it, and
hinting at potential risk, then asking the user if they wish to
enable it. The second indicates that inetd.conf must be configured
to enabled specific services, and asks if the user would like to
load inetd.conf into the editor to modify it. Add this
configuration action to the index.
There are some further improvements that might be considered:
(1) Provide a more inetd.conf-specific configuration tool that speaks
inetd.conf(5). However, this is made difficult by the "yet another
configuration format" nature of inetd.conf, as well as its use of
commenting to disable services, rather than an in-syntax way to
disable a service without commenting it out. Submissions here
would probably be welcome.
(2) There's some overlap between settings in the somewhat obtuse
Security Profile mechanism and other settings, including the inetd
setting, and NFS server configuration. As features become
individually tunable, they should probably be removed from the
security profile mechanism. Otherwise, somewhat counter-intuitively,
sysinstall (in practice) queries multiple times whether inetd, nfsd,
etc, should be enabled/disabled. A possible future direction might
be to drive profiles not by degree of paranoia, rather, the set
of services desired. Or simply to remove the Security Profile
mechanism and resort to feature-driven configuration.
Reviewed by: imp, chris, jake, nate, -arch, -stable
When encryption (MPPE) is enabled, WindowsME and Windows98 both
fail because of the extra byte, suggesting that they autheticated
successfully in their log and then dropping the connection, telling
the user that the peer doesn't support compatible encryption
options.
MFC after: 1 week
byte of the packet to contain '\0'.
Windows 98 gets this wrong, dropping garbage into the last byte and
failing authentication.
Now, we notice this and whinge to our log file that we're compensating
for the corrupt data.
will soon return the irq from the pcic bridge in cases where't that's
appropriate.
Note: I've had to disbale -I option for the moment. I've made it easy
to reenable it for people that need it.
MFC After: soon!
doing PPPoE and the default MRU is therefore too big.
When negotiating with win2k, we ask for MRU 1492 and the win2k box
NAKs us saying ``MRU 1492''. This doesn't make sense to me. When
we continue to request MRU 1492, the win2k box eventually REJs our
MRU. This fix allows negotiations to continue at that point,
bringing the link up and potentially allowing the win2k box to send
us frames that are too large. AFAICT this is better than failing
to bring the link up.... probably !
I have no idea how to do the equivalent of ``route get'' or
``ifconfig -a'' under win2k, so I can't tell what MTU it actually
ends up using.
I believe the bug is in win2k (it's certainly mis-negotiating).
I'll MFC given the release engineers permission as code freeze
begins on August 1.
PR: 29277
MFC after: 3 days
inconsistently named "ptmp" and "etc_ptmp". This commit changes
it to "passwd_tmp" for consistency and to match OpenBSD's name
for the variable.
Consulted with: jedgar
once. If they repeat the request (again without the IPADDR option)
ACK it.
I've had reports that some ppp implementations will not assign
themselves an IP number. This should negotiate with such things.
MFC after: 3 days