The micro-Firewall DTS is now a single BSD licensed file.
Reported by: manu
Obtained from: pfSense
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC (Netgate)
Original log:
Do not initialize the adapter on MTU change when adapter status is down.
This fixes long-standing problems when changing settings of the adapter.
Discussed in:
https://lists.freebsd.org/pipermail/freebsd-net/2016-June/045509.html
Reported by: Franco Fichtner <franco@opnsense.org>
MFH: 2 days
As a followup to r310638, update libsysdecode (and kdump) to decode the
'mode' argument to getfsstat(). sysdecode_getfsstat_flags() has been
renamed to sysdecode_getfsstat_mode() and now treats the argument as an
enumerated value rather than a mask of flags.
On systems without a configured swap device, an attempt to launder pages
from a swap object will always fail and result in the page being
reactivated. This means that the page daemon will continuously scan pages
that can never be evicted. With this change, anonymous pages are instead
moved to PQ_UNSWAPPABLE after a failed laundering attempt when no swap
devices are configured. PQ_UNSWAPPABLE is not scanned unless a swap device
is configured, so unreferenced unswappable pages are excluded from the page
daemon's workload.
Reviewed by: alc
MK_KERBEROS_SUPPORT != no
This fixes the odd case where someone specified MK_GSSAPI=no and
MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense,
but the build system doesn't prevent this case today, and it didn't when
I filed the bug back in 2011 either).
MFC after: 2 weeks
PR: 159745
Without this change, indent(1) would only look to load options from ~/.indent.pro if it's there and -npro wasn't used on the command line. This option lets the user set their own path to the file.
Approved by: pfg (mentor)
Differential Revision: https://reviews.freebsd.org/D9010
For the case that someone set WITHOUT_GSSAPI=, now WITHOUT_KERBEROS_SUPPORT
will be properly set.
This will likely fix the issue for the default case noted in the PR I filed
back in 2011. I am trying to fix the less obvious case documented in the PR
still.
MFC after: 2 weeks
PR: 159745
During the clang/llvm 3.9.0 import, the build structure for it was
completely revamped. This broke the native-xtools target.
It first attempts to build libllvmminimal, then the llvm-tblgen and
clang-tblgen executables, but these fail to link because they are linked
to the 'full' libllvm by default, as they normally are during the
'world' stage.
To make these link against libllvmminimal instead, define TOOLS_PREFIX,
similarly as during the bootstrap-tools phase. The value itself is
empty, as we don't really want to use a prefix.
Reviewed by: imp
PR: 215684
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D9026
and prison enforcement. Do it on the caller buffer directly.
Besides eliminating memory copies, this change also removes large
structure from the kernel stack.
Extracted from: ino64 work by gleb
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Our previous ntp.conf file configured 3 servers from freebsd.pool.ntp.org
using 3 separate 'server' config lines. That is now replaced with a single
'pool' line which causes ntpd to add multiple servers from the pool.
More than just making the config smaller, the pool feature in ntpd has one
major advantage over configuring 3 separate servers from a pool: if a server
that was added using a 'pool' statement provides bad time (initially or at
some later date), ntpd automatically discards it and configures a new
different server from the pool without needing to be restarted.
These changes also add a 'tos' line to control how many pool servers get
added, a 'restrict source' line that is required to allow ntpd to add new
peers from the pool, and it deletes a 'restrict 127.127.1.0' line that does
nothing and should never have been there (127.127.1.0 is not a valid IP
address, it's a refclock identifier).
Differential Revision: https://reviews.freebsd.org/D9011
Change ksw_used and ksw_total to unsigned, which increases the maximum
total swap that can be displayed properly from ~8TB to ~16TB.
Obtained from: DragonflyBSD (ecc2e461)
MFC after: 2 weeks
- iflib - add checksum in place support (mmacy)
- iflib - initialize IP for TSO (going to be needed for e1000) (mmacy)
- iflib - move isc_txrx from shared context to softc context (mmacy)
- iflib - Normalize checks in TXQ drainage. (shurd)
- iflib - Fix queue capping checks (mmacy)
- iflib - Fix invalid assert, em can need 2 sentinels (mmacy)
- iflib - let the driver determine what capabilities are set and what
tx csum flags are used (mmacy)
- add INVARIANTS debugging hooks to gtaskqueue enqueue (mmacy)
- update bnxt(4) to support the changes to iflib (shurd)
Some other various, sundry updates. Slightly more verbose changelog:
Submitted by: mmacy@nextbsd.org
Reviewed by: shurd
mFC after:
Sponsored by: LimeLight Networks and Dell EMC Isilon
While the checks are considered useful, the attribute does dangerous
optimizations, removing NULL checks where they can be needed. Remove the
uses of this attribute introduced in r281130: the changes were inspired on
Google's bionic where this attribute is not used anymore.
The __nonnull() attribute will be deprecrated from our headers and
replaced with the Clang _Nonnull qualifier in the future.
MFC after: 3 days
The tests don't work when reading/writing to file descriptors in the
sandbox after entering capability mode (and wouldn't have, regardless
of the framework), so adjust the tests so they function within the
framework.
For tests that enter capability mode over the course of the test, the
following is now done:
1. Fork child process for capability mode test.
2. In child...
i. Enter capability mode.
ii. Test invariants.
iii. Exit after calling test function.
3. Collect status for child and determine whether or not it completed
successfully.
In order to test the invariants in the child process, they now use assert(3)
instead of ATF_REQUIRE*, as the atf-c-api functions right to results files
in the directories in order to determine where and how tests fail.
While in the area, fix several -Wshadow and -Wunused warnings found when I
bumped WARNS up to 6, and fix some minor style(9) issues with indentation
and type alignment.
PR: 215690
- snmp_pdu_free should be called before snmp_pdu_create is called
again
- snmp_pdu_free should be called on the resp to snmp_dialog when
successful
Tested with the following bsnmp commands:
% export SNMPUSER=bsnmp SNMPPASSWD=bsnmptest
% SNMP_ARGS="-A proto=sha -C context='' -K -P proto=des -v 3 -r 0"
% bsnmpset $SNMP_ARGS sysLocation="MyAgent"
% bsnmpget $SNMP_ARGS sysLocation
% bsnmpwalk $SNMP_ARGS
MFC after: 12 days
X-MFC with: r310729, r310892, r310894
- Call snmp_pdu_free on req and resp when done with the objects
- Call snmp_pdu_free on req before calling snmp_pdu_create on it
again
MFC after: 1 week
on the stack
Some of the callers try to determine whether or not `object` is valid by
testing the value for NULL, which will never be true if it's a stack value,
so in order to be clear and correct down the call stack, use a heap
allocated object.
This also addresses a Coverity issue by initializing all of `object` via
calloc
MFC after: 1 week
Reported by: Coverity
CID: 1006392