offset is non-zero:
- Do not match fragmented packets if the rule specifies a port or
TCP flags
- Match fragmented packets if the rule does not specify a port and
TCP flags
Since ipfw cannot examine port numbers or TCP flags for such packets,
it is now illegal to specify the 'frag' option with either ports or
tcpflags. Both kernel and ipfw userland utility will reject rules
containing a combination of these options.
BEWARE: packets that were previously passed may now be rejected, and
vice versa.
Reviewed by: Archie Cobbs <archie@whistle.com>
real path here for the mount device (or path). This fixes difficulties
unmounting devices that are actually symlinks to real devices.
Also, print the original path instead of the real path in early error
messages. nfs path handling and later error messages may still be wrong,
probably only in silly cases where the original path is both a symlink
and a remote path.
PR: 5208
size was rounded up to a multiple of the fragment size, but this
gave invalid file systems when the fragment size was > SBSIZE (fsck
aborts early on them). Now a fragment size of 32768 seems to work
(too-simple tests with fsck and iozone worked).
superblock is invalid, fsck looks at the label to help guess where
the next superblock should be. If the partition type is 4.2BSD,
fsck assumed that the block size was valid and divided by it, so
it dumped core if the size was 0.
Initialization of the label was broken almost 3 years ago in rev.1.9
of newfs/newfs.c. Newfs does not change the label at all, so there
is no problem (except the breakage of the automatic search for
backup superblocks) unless something else sets the partition type
to 4.2BSD. However, it is too easy to set partition types to
4.2.BSD by copying an old label or by using a disktab entry to
create the label.
PR: 2537
rely on undocumented behavior.
The following fixes were obtained from OpenBSD:
o -Wall fixes to tlist array initialization and assignment used
as truth value.
o Use a restricted environment.
o Improved error message when shutdown fails to exec reboot or halt.
consequence, ipfw's list command now adjusts its output at runtime
based on the largest packet/byte counter values.
NOTE:
o The ipfw struct has changed requiring a recompile of both kernel
and userland ipfw utility.
o This probably should not be brought into 2.2.
PR: 3738
confused when they can't find it), but leave the reference to it
as being a standard filename (which doesn't imply that it exists).
Discussed with: jkh
floating point better in the percentage calculation there to avoid
overflow when there are more than about 20 million fragments. Start
using floating point in the other percentage calculation to avoid
overflow when there are more than about 2 million fragments.
Fixed printf format strings.
Converted sccsid to rcsid.
when there isn't even a filesystem. Attempting to print them tended
to cause SIGSEGV or SIGFPE depending on how far setup() got before it
returned 0. This was broken in the previous revision by removing a
return statement that the previous case depended on falling into.
PR: 4840 (fixed by this commit)
PR: 2537 (possibly fixed by Lite2 merge and later changes. setup()
does more checking now)
instead of htonl() !
This results in the int a,b,c,d changing to b,a,c,d,
but as it's subsequently coerced to a u_short, the
ultimate answer is correct.
If this isn't fixed properly soon (by the author) I'll
have a look at it again.
Noted by: eivind & ari@suutari.iki.fi
Obtained from: Whistle Communications tree
Add an option to the way UFS works dependent on the SUID bit of directories
This changes makes things a whole lot simpler on systems running as
fileservers for PCs and MACS. to enable the new code you must
1/ enable option SUIDDIR on the kernel.
2/ mount the filesystem with option suiddir.
hopefully this makes it difficult enough for people to
do this accidentally.
see the new chmod(2) man page for detailed info.
o start function names in column 1
o sort order of flags in getopt and switch
o don't try to reference progname
o unspam some changes introduced by a 2.2.1-R build box instead of a
-current build box
doc changes:
o document when these commands first appeared
o put email address in angle brakets
o minor mdoc clean up
permissions centrally and a setuid root mount utility just breaks
its security. There was no new breakage in practice because
mfdosfs_mount() still checks the ruid.
fix a few problems with missing headers, warn called with an exit
value, and undeclared getopt vars
these programs now compile -Wall clean (and yes, I know I should use
more than just -Wall) :)
like PAP and CHAP secrets with sppp(4). This is the first utility
using the new SIOC[SG]IFGENERIC ioctls (and the reason for inventing
them in the first place).
plain 0 should be used. This happens to work because we #define
NULL to 0, but is stylistically wrong and can cause problems
for people trying to port bits of code to other environments.
PR: 2752
Submitted by: Arne Henrik Juul <arnej@imf.unit.no>
higher up in memory (0x0800000 upwards) rather than near zero (0x1000
for our qmagic a.out format). The method that mount_mfs uses to allocate
the memory within data size rlimits for the ram disk is entirely too much
of a kludge for my liking. I mean, if it's run as root, surely it makes
sense to just raise the resource limits to infinity or something, and if
it's a non-root user mount (do these work? with mfs?) it could just fail
if it's outside limits.
an export line) is unresolvable, make a note of it via syslog and skip
that individual host instead of skipping the entire line.
PR: 1981, 815
Perused by: joerg
file based on the previous list of directories stored there which
should overcome a weakness of the '-m' switch which can only add
libs. This is an ideal way of updating the hints list after adding
or removing a shlib since it will remove entries that are gone and
doesn't need to have all the directories spelled out each time.
(eg: rm -f /usr/lib/libtcl75*; ldconfig -R) This only works for
version 2 hints files (which we've been generating for a year or
so) which store the path.
fixed. Natd now waits with select(2) for buffer space
to become available if write fails.
- Packet aliasing library upgraded to 2.2.
Submitted by: Ari Suutari <suutari@iki.fi>
non-directory file with more than one link to it, but in a level M > N
dump, the file with the inode number X is a plain file, "restore", when
restoring the level M dump, won't remove all the hard links to the old
file.
Submitted by: guy@netapp.com (Guy Harris)
accommodate the expanded name, the ICMP types bitmap has been
reduced from 256 bits to 32.
A recompile of kernel and user level ipfw is required.
To be merged into 2.2 after a brief period in -current.
PR: bin/4209
Reviewed by: Archie Cobbs <archie@whistle.com>
This isn't necessarily the best statistic, but it is by far the easiest to
calculate. Update the man page to be more explicit about precisely which
statistics are printed out. Revert some of jmg's bogus man page changes from
rev 1.11.
The answer is not really, but almost.
it sent data that was ok, though it was a hack,
but it was bug-compatible with the kernel on receiving them. This also
had been fixed with a hack.. I hacked it better I think.
to do with netmasks.. we fed totally bogus data into the kernel
to do with default routes and it just believed us. this led to:
1/ kernel panics
2/ the default route refusing to be deleted or added
(depending on a number of factors, usually it worked ok.)
better hack in ffs_vfsops.c. The hack here restricted the maximum file
size to 2^39 bytes (512GB). fs_bsize * 2^31 - 1 (16TB for the default
blocksize of 8K) would have been better. There is no good way to remove
this limit on old BSD4.4 file systems.
unreachable hosts. Note that most of this consists of telling SIGINT
and SIGALRM to interrupt the system call, instead of restarting them.
Also try to get rid of some potential races Bruce didn't like; hopefully
they aren't a problem (potential or otherwise) now.
Reviewed by: julian
this is a NO-NO
re-arange to just set a "please die immediatly" flag in the signal handler
and handle this in the normal thread.
also handle ping -f better on slow links by backing off a bit when
we get a ENOBUFFS from the sendto().
to the session list. If the device comes back as unconfigured, just
ignore that line in /etc/ttys. If someone HUP's init, we'll try again.
This change stops getty's from hanging on vty and sio ports that don't
exist, either due to LKM drivers not being loaded, or probes failing.
Reviewed by: bde
This makes configuration of mfs /tmp on diskless clients more intuitive
for people like me, that have used this feature on NetBSD and SunOS.
Using the -T option and /dev/null, while already supported,
is neither intuitive nor documented in the handbook.
Obtained from: NetBSD
