Add ICMP_BANDLIM option and 'net.inet.icmp.icmplim' sysctl. If option
is specified in kernel config, icmplim defaults to 100 pps. Setting it
to 0 will disable the feature. This feature limits ICMP error responses
for packets sent to bad tcp or udp ports, which does a lot to help the
machine handle network D.O.S. attacks.
The kernel will report packet rates that exceed the limit at a rate of
one kernel printf per second. There is one issue in regards to the
'tail end' of an attack... the kernel will not output the last report
until some unrelated and valid icmp error packet is return at some
point after the attack is over. This is a minor reporting issue only.
not like the 6-byte read and write commands! It returns illegal request,
with the field pointer pointing to byte 9 of a 6 byte CDB.
In any case, the work around is to put in a quirk mechanism that makes sure
that we don't send 6-byte reads or writes to this device. It's rather sad
that this is necessary. You'd think that they would be able to get
something that basic to work right in their firmware...
Reviewed by: gibbs
Reported by: Adam McDougall <bsdx@spawnet.com>
problem is worked around by using an interrupt gate for the page
fault handler. This code was originally made for NetBSD/pc98 by
Naofumi Honda <honda@kururu.math.sci.hokudai.ac.jp> and has already
been in PC98 tree. Because of this bug, trap_fatal cannot show
correct page fault address if %cr2 is obtained in this function.
Therefore, trap_fatal uses the value from trap() function.
- The trap handler always enables interruption when buggy application
or kernel code has disabled interrupts and then trapped. This code
was prepared by Bruce Evans <bde@FreeBSD.org>.
Submitted by: Bruce Evans <bde@FreeBSD.org>
Naofumi Honda <honda@kururu.math.sci.hokudai.ac.jp>
going to want a major number from that list instead. Also use the
same preallocated local range (500-600) for blkdevs as well as cdevs,
just to be orthogonal. The latter was for Brian, who has a *lot*
of local device drivers and needs more than just a single reserved
number.
can set if your hw/sw produces the "calcru negative..." message.
Setting the alternate method (sysctl -w kern.timecounter.method=1)
makes the the get{nano|micro}*() functions call the real thing at
resulting in a measurable but minor overhead.
I decided to NOT have the "calcru" change the method automatically
because you should be aware of this problem if you have it.
The problems currently seen, related to usleep and a few other corners
are fixed for both methods.
is completely empty. There is an interrupt for output completion. It
is painful to use, but polling method used in the corresponding fix in
sio.c (rev.1.152) can't be used because there is no status bit for
transmitter-empty. Now ttywait() works right.
Reminded by: NIST-PCTS
Don't call timeout() for DTR wakeup if the relevant timeout is already
active. This fixes "timeout table full" panics when sufficiently many
cyopen()s are interrupted while they are sleeping waiting for the
timeout to expire.
install all those images at all (nor to install them under /usr/mdec), given
the high degree of customization this Makefile needs in order to get images
that are actually useful for some NIC.
Submitted by: John Hay <jhay@mikom.csir.co.za>,
Paul Allenby <pallenby@mikom.csir.co.za>
runtime. p_runtime is unsigned while p_cpulimit is not, so this avoids the
nasty side effect of the process getting killed when the runtime comes up
"negative" due to other bugs.
cards. My machine didn't tickle this problem, so I can't tell if
it fixed anything or not. However, it didn't break my already working
1542-{B,C,CF,CP} probes.
o Minor comment correction
o Minor correction in printf
