us to scale up to sb_max, aka kern.ipc.maxsockbuf.
We do this because there are broken firewalls that will corrupt the window
scale option, leading to the other endpoint believing that our advertised
window is unscaled. At scale factors larger than 5 the unscaled window will
drop below 1500 bytes, leading to serious problems when traversing these
broken firewalls.
With the default maxsockbuf of 256K, a scale factor of 3 will be chosen by
this algorithm. Those who choose a larger maxsockbuf should watch out
for the compatiblity problems mentioned above.
Reviewed by: andre
queue so the output network card must support the same tagging mechanism as
how the frame was input (prepended Ethernet header tag or stripped HW mflag).
Now the vlan Ethernet header is _always_ stripped in ether_input and the mbuf
flagged, only only network cards with VLAN_HWTAGGING enabled would properly
re-tag any outgoing vlan frames.
If the outgoing interface does not support hardware tagging then readd the vlan
header to the front of the frame. Move the common vlan encapsulation in to
ether_vlanencap().
Reported by: Erik Osterholm, Jon Otterholm
MFC after: 1 week
From the OpenSSL advisory:
Andy Polyakov discovered a flaw in OpenSSL's DTLS
implementation which could lead to the compromise of clients
and servers with DTLS enabled.
DTLS is a datagram variant of TLS specified in RFC 4347 first
supported in OpenSSL version 0.9.8. Note that the
vulnerabilities do not affect SSL and TLS so only clients and
servers explicitly using DTLS are affected.
We believe this flaw will permit remote code execution.
Security: CVE-2007-4995
Security: http://www.openssl.org/news/secadv_20071012.txt
leaving space for adding missing options. Negative options are sorted
after removing their "no" prefix, and generic options are sorted before
msdosfs-specific ones.
At least one port (net-mgmt/net-snmp) creates man-pages which are
in the format:
.SH NAME
The Net-SNMP agent \- The snmp agent responds to SNMP queries from management stations.
.PP
.SS "Modules"
At this moment, makewhatis determines the end of the .SH NAME section
as where it finds .SH again, but there is none here, is it "terminated"
by the .SS.
PR: bin/116706
Submitted by: edwin@
Approved by: re (Ken Smith), grog (mentor)
MFC after: 1 week
(except indirectly for the size pseudo-attribute). If anything deserves
a sync update, then it is ids and immutable flags, since these are
related to security, but ffs never synced these and msdosfs doesn't
support them. (ufs_setattr() only does an update in one case where
it is least needed (for timestamps); it did pessimal sync updates for
timestamps until 1998/03/08 but was changed for unlogged reasons related
to soft updates.)
Now msdosfs calls deupdat() with waitfor == 0, which normally gives a
delayed update to disk but always gives a sync update of timestamps
in core, while for ffs everything is delayed until the syncer daemon
or other activity causes an update (except for timestamps).
This gives a large optimization mainly for things like cp -p, where
attribute adjustment could easily triple the number of physical I/O's
if it is done synchronously (but cp -p to msdosfs is not as bad as
that, since msdosfs doesn't support many attributes so null adjustments
are more common, and msdosfs doesn't support ctimes so even if cp
doesn't weed out null adjustments they don't become non-null after
clobbering the ctime).
- Check for duplicated symbols and suggest moving them to ObsoleteVersions.
- Improve and unify error handling.
- Make the regular expressions more uniform, robust, and less sensitive
to harmless variations in the input such as those to whitespace amount.
Reviewed by: deischen
Tested with: md5 (Version.map files in /usr/obj stay the same)
It can be missed easily that the following blank line formally
belongs to the xterm-basic entry due to the unneeded backslash.
PR: bin/80256 (audit trail)
support for wide characters.
If the sizeof (wchar_t) times max_length would yield a value beyond
representation in a size_t, exit with a usage error up front, rather than
strange errors down the line from trying to malloc (well, realloc) with a size
of 0.
This is perhaps not the optimal behaviour - a clamp may be more appropriate as
we clamp the value of max_length now anyway, but this is at least better than
segfaulting or worse. On systems which are friendly to malloc with a value of 0
the results could end up being strange corruption of the output.
since "local" includes also synthetic file systems (e.g. /dev, /proc)
and loopback mounts.
This version uses lsvfs to identify file system types that are local
and additionally not synthetik, loopback mounts, or read-only. This
has been suggested by Craig Rodrigues half a year ago. The patch that
has been committed is based on his suggestion, but slightly modified.
The comments in locate.rc have been updated to reflect the change and
o include zfs and xfs in the example file system parameter that can
be used to override the default outlined above.
PR: 114101
Submitted by: rodrigc at crodrigues dot org (Craig Rodrigues)
MFC: 2 weeks