o Drop all broadcast and multicast source addresses in tcp_input.
o Enable ICMP_BANDLIM in GENERIC.
o Change default to 200/s from 100/s. This will still stop the attack, but
is conservative enough to do this close to code freeze.
This is not the optimal patch for the problem, but is likely the least
intrusive patch that can be made for this.
Obtained from: Don Lewis and Matt Dillon.
Reviewed by: freebsd-security
kernel IPv6 multicast routing support.
pim6 dense mode daemon
pim6 sparse mode daemon
netstat support of IPv6 multicast routing statistics
Merging to the current and testing with other existing multicast routers
is done by Tatsuya Jinmei <jinmei@kame.net>, who writes and maintainances
the base code in KAME distribution.
Make world check and kernel build check was also successful.
malloc region (kmem_map) to be wrong and semi-random on systems with more
than 1GB of RAM. This is not a complete fix, but is sufficient for
machines with 4GB or less of memory. A complete fix will require some
changes to the getenv stuff so that 64bit values can be passed around.
NOT FIXED: machines with more than 4GB of RAM (e.g. some large Alphas)
since we're still using ints to hold some of the values.
Reviewed by: bde
uhci_check_intr() routine needs to be more careful about deciding when
the end of a transfer has been detected.
This allows me to remove the nasty workaround code from if_aue and if_cue.
Receive performance is now much better for these adapters (500KB/sec
vs. 350KB/sec).
Also removed unused KUE_CUTOFF define from if_kuereg.h.
Submitted by: Lennart Augustsson
Reviewed by: n_hibma
just use _foo() <-- foo(). In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate. In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().
Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().
Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().
Make thread cancellation fully POSIX-compliant.
Suggested by: deischen
with 'options DDB'). Setting this to `ddb' or `gdb' breaks into the
kernel debugger in the corresponding mode. This mechanism has proven
very useful at Whistle for setting breakpoints, etc., while doing
remote serial line kernel debugging.
Obtained from: Whistle source tree
- Fix btxldr to preserve a NULL bootinfo pointer when it copies the kernel
arguments.
- Add the cdldr bootstrap program. This program is tacked onto the
beginning of the standard 3rd stage boot loader (/boot/loader) to form
the CD boot loader (/boot/cdboot). When a CD is booted, the cdboot file
is copied into memory instead and executed. The cdldr stub emulates the
environment normally provided by boot2 and then starts the loader. This
booting method does not emulate a floppy drive, but boots directly off of
the CD. This should fix the problems some BIOS's have with emulating a
2.88 MB floppy image.
- Add support to the loader to recognize that it has been booted by cdldr
instead of boot2 and use a simpler method of extracting the BIOS boot
device.
string to u_long and back using two functions, flags_to_string and
string_to_flags, which co-existed with 'ls'. As time has progressed
more and more other tools have used these private functions to
manipulate the file flags.
Recently I moved these functions from /usr/src/bin/ls to libutil,
but after some discussion with bde it's been decided that they
really ought to go in libc.
There are two already existing libc functions for manipulating file
modes: setmode and getmode. In keeping with these flags_to_string
has been renamed getflags and string_to_flags to setflags.
The manual page could probably be improved upon ;)
of %cr0 wasn't reloaded into %eax before being modified to turn protected
mode off if PAGING was not defined. The result was that the processor did
not exit protected mode, so when it tried to jump to segment 0x0 in the
next instruction to clear the prefetch cache like one should when leaving
protected mode, it actually tried to jump to a null selector, causing a
GPF.
page of -mdoc manual pages in troff mode. The problem has been
introduced in rev 1.12; apparently ending a line inside a macro
definition with \c doesn't behave as Bill expected, and troff was
fooled to believe previous output was already pending thus a new page
needed to be emitted. Using a troff comment .\" instead of \c seems
to solve this, alas the brain^Wnice sed(1) magic needs to be taught to
_not_ strip those comments now.
I think -stable is not affected by this.
o Do not override `environ' if realloc() fails, leave it intact.
o Set `alloced' only when memory is actually allocated.
PR: bin/5604 (2nd part)
Reviewed by: bde
