with the kernel compile time option:
options IPFIREWALL_FORWARD_EXTENDED
This option has to be specified in addition to IPFIRWALL_FORWARD.
With this option even packets targeted for an IP address local
to the host can be redirected. All restrictions to ensure proper
behaviour for locally generated packets are turned off. Firewall
rules have to be carefully crafted to make sure that things like
PMTU discovery do not break.
Document the two kernel options.
PR: kern/71910
PR: kern/73129
MFC after: 1 week
hosts to share an IP address, providing high availability and load
balancing.
Original work on CARP done by Michael Shalayeff, with many
additions by Marco Pfatschbacher and Ryan McBride.
FreeBSD port done solely by Max Laier.
Patch by: mlaier
Obtained from: OpenBSD (mickey, mcbride)
very slow process, especially for large file systems that is just
recovered from a crash.
Since the summary is already re-sync'ed every 30 second, we will
not lag behind too much after a crash. With this consideration
in mind, it is more reasonable to transfer the responsibility to
background fsck, to reduce the delay after a crash.
Add a new sysctl variable, vfs.ffs.compute_summary_at_mount, to
control this behavior. When set to nonzero, we will get the
"old" behavior, that the summary is computed immediately at mount
time.
Add five new sysctl variables to adjust ndir, nbfree, nifree,
nffree and numclusters respectively. Teach fsck_ffs about these
API, however, intentionally not to check the existence, since
kernels without these sysctls must have recomputed the summary
and hence no adjustments are necessary.
This change has eliminated the usual tens of minutes of delay of
mounting large dirty volumes.
Reviewed by: mckusick
MFC After: 1 week
affect the largest file size that is allowed by the file system.
On the other hand, when creating a snapshot, the snapshot file will
appear as it is as big as the file system itself. Hence we will not
be able to create a file system on large file systems with small
block sizes.
Add a warning about this, and gives some hints to correct the issue.
Reviewed by: mckusick
MFC After: 1 week
its value once per ifconfig run. Use Sam's new callback
operation to set it when everything is done.
The purpose for this is that if you did something like
ifconfig bge0 media 100baseTX mediaopt full-duplex
multiple times it would end up causing the PHY to re-sync
since it would send the IOCTLs:
ifconfig bge0 media 100baseTX -mediaopt full-duplex
ifconfig bge0 media 100baseTX mediaopt full-duplex
This would cause the PHY to be updated twice even though
there really wasn't any change since the check in
sys/net/if_media.c would always fail.
Caveat is that this doesn't fix the case of:
ifconfig bge0 media autoselect
etc. since in sys/net/if_media.c it forces an autoselect to go through
the entire process in ifmedia_ioctl :-( :
/*
* If no change, we're done.
* XXX Automedia may invole software intervention.
* Keep going in case the the connected media changed.
* Similarly, if best match changed (kernel debugger?).
*/
if ((IFM_SUBTYPE(newmedia) != IFM_AUTO) &&
(newmedia == ifm->ifm_media) &&
(match == ifm->ifm_cur))
return 0;
Briefly looked at by: sam
with -k option and never be used without kflag. This confuses
gcc because we set "kflag" at the same time with "kernel", but
the logic is not that apparant for gcc.
Since we can initialize "kernel" to NULL then know if "k" option
is set through determining whether it is still NULL, don't try
to have gcc to guess why we are connecting "kflag" with "kernel"
and use "kernel" directly in place of kflag.
Bump WARNS?= from 2 to 6
the new filesystem. This is intended for memory and vnode filesystems
that will never be fsck'ed or dumped.
Obtained from: St. Bernard Software RAPID
MFC after: 2 weeks
generate snapshots in when -L is requested. If the .snap directory
does not exist, or is not a directory, issue a warning and revert
to the non- live behavior.
Obtained from: St. Bernard Software RAPID