when a TCP "stealth" scan is directed at a *BSD box by ensuring the window
is 0 for all RST packets generated through tcp_respond()
Reviewed by: Don Lewis <Don.Lewis@tsc.tdk.com>
Obtained from: Bugtraq (from: Darren Reed <avalon@COOMBS.ANU.EDU.AU>)
cache. If the cached result lets us say "yes", then go with that. If
we're not sure, or we think the answer might be "no", go to the wire to be
certain. This avoids all of the possible false veto cases, and allows us
to key the cached value with just the UID for which the cached value holds,
reducing the bloat of the nfsnode structure from 104 bytes to just 12 bytes.
Since the "yes" case is by far the most common, this should still provide
a substantial performance improvement. Also default the cache to on, with
a conservative timeout (2 seconds). This improves performance if NFS is
loaded as a KLD module, as there's not (yet) code to parse an option out
of the module arguments to set it, and sysctl doesn't work (yet) for OIDs
in modules.
The 'accelerator' mode was suggested by Bjoern Groenvall (bg@sics.se)
Feedback on this would be appreciated as testing has been necessarily
limited by Comdex, and it would be valuable to have this in 2.2.8.
* Update drivers to the latest version of the bus interface.
The ISA drivers' use of the new resource api is minimal. Garrett has
some much cleaner drivers which should be more easily shared between
i386 and alpha. This has only been tested on cia based machines. It
should work on lca and apecs but I might have broken something.
warnings for the recent change of the type of a module event handler.
Fixed a rotted comment (numeric types of filesystems are not listed here).
Made the function protototype in VFS_SET() more like the corresponding
function definition (don't use extern for prototypes).
Enforce a semicolon after the LKM case of VFS_SET().
MALLOC_DEFINE() and MALLOC_DEFINE() is needed by the recently
reenabled "reallocblks" code, but <sys/kernel.h> was only included
if CLUSTERDEBUG was defined. This was too harmless. gcc only
warns about garbage like `SYSINIT(blech);' at file scope ...
devstart_start_transaction() call is misplaced - it is after the
wdustart() call that queues the transaction on the controller queue.
Normally this doesn't matter because we're running at splbio() so
nothing will look at the controller queue. However, obsolescent
code for syncing labels sometimes slept after the transaction was
started, so the transaction sometimes completed before it was
[recorded as] started. This code was misplaced even for syncing
labels. Move it to the right place. It should go away, but
something may depend on its side effects.
o Move fixups into extraction routine so all consumers don't have to duplicate
the right behavior.
o Make some things more orthogonal (just for asthetics sake)
o Add option to go back and do it again if XF86Setup fails (possibly with
a different setup - this one has always annoyed me).
- Interface wth the new resource manager.
- Allow for multiple drivers implementing a single devclass.
- Remove ordering dependencies between header files.
- Style cleanup.
- Add DEVICE_SUSPEND and DEVICE_RESUME methods.
- Move to a single-phase interrupt setup scheme.
Kernel builds on the Alpha are brken until Doug gets a chance to incorporate
these changes on that side.
Agreed to in principle by: dfr
This avoids the fsck-on-reboot symptoms if you're shutting down with a
hung or unreachable NFS server mounted. Also remove non-local
filesystems from the mount list to prevent the system hanging when it tries
to unmount them (for the same reason).
Drew points out that there's a good argument for forcibly removing all
"non syncable" filesystems from the mount list (eg. NFS mounts, disks
that aren't responding, etc.) as this then allows you to sync and
cleanly unmount their parents. No such change is included in this
patch.
Submitted by: Andrew Gallatin <gallatin@cs.duke.edu>
pid space somewhat more sparse which improves the performance of finding
an unused pid on systems with large numbers of processes. The new value
was chosen so that it doesn't overflow the 5 digit pid fields in various
programs.