Obtained from: Christos Zoulas <christos@deshaw.com> via NetBSD PR 2621,
[ slightly modified since we don't use libcompat anymore. ]
I'm not sure if this fixes the rdist security bug completely, but it
sure can't hurt!
pr_usrreq mechanism which was poorly designed and error-prone. This
commit renames pr_usrreq to pr_ousrreq so that old code which depended on it
would break in an obvious manner. This commit also implements the new
interface for TCP, although the old function is left as an example
(#ifdef'ed out). This commit ALSO fixes a longstanding bug in the
TCP timer processing (introduced by davidg on 1995/04/12) which caused
timer processing on a TCB to always stop after a single timer had
expired (because it misinterpreted the return value from tcp_usrreq()
to indicate that the TCB had been deleted). Finally, some code
related to polling has been deleted from if.c because it is not
relevant t -current and doesn't look at all like my current code.
standards and to clean up some of the English. The job is
nowhere complete.
This man page would be a good project for someone who knows
something about the firewall software, and would like to
contribute to the documentation effort. Many of the things
in this man page are out of date and do not reflect reality.
This stuff should not be too destructive if the IPDIVERT is not compiled in..
be aware that this changes the size of the ip_fw struct
so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
apm_setup.s was storing apm_cs16_base and apm_cs32_base addresses in
each others slots, and apm.c was reversing the result so the bugs
cancelled out, but the code looked wrong.
No functional differences unfortunately.
Submitted by: dave edmondson <davided@sco.com>
purpose, other than to get in the way of the ARP table and cause
"can't allocate llinfo" errors.
This change may cause gated or routed to start complaining when adding
such routes. If so, these programs will need to be fixed to not try
to add these routes.
Reviewed by: wollman
(suggested by Darryl Okahata).
* Add explanation of what virtual consoles are
(suggested by Francisco Reyes)
* Minor formatting change to fix docs/1378 (could some kind person
close this for me? Thanks!)
* Removed references to obsolete /usr/share/FAQ/Text directory.
* Added details of UK supplier of FreeBSD CDs.
* Made the consequences of running ``make world'' more explicit.
* More cleaning and tidying up.
- State when we've reached the limit on a particular rule in the kernel logfile
- State when a rule or all rules have been zero'd.
This gives a log of all actions that occur w/regard to the firewall
occurances, and can explain why a particular break-in attempt might not
get logged due to the limit being reached.
Reviewed by: alex
the high kernel calls into a protocol stack to perform requests on the
user's behalf. We replace the pr_usrreq() entry in struct protosw with a
pointer to a structure containing pointers to functions which implement
the various reuqests; each function is declared with the correct type and
number of arguments. (This is unlike the current scheme in which a quarter
of the requests take arguments of type other than (struct mbuf *) and the
difference is papered over with casts.) There are a few benefits to this
new scheme:
1) Arguments are passed with their correct types, and null-pointer dummies
are no longer necessary.
2) There should be slightly better caching effects from eliminating
the prximity to extraneous code and th switch in pr_usrreq().
3) It becomes much easier to change the types of the arguments to something
other than `struct mbuf *' (e.g.,pushing the work of sosend() into
the protocol as advocated by Van Jacobson).
There is one principal drawback: existing protocol stacks need to
be modified. This is alleviated by compatibility code in
uipc_socket2.c and uipc_domain.c which emulates the new interface
in terms of the old and vice versa.
This idea is not original to me. I read about what Jacobson did
in one of his papers and have tried to implement the first steps
towards something like that here. Much work remains to be done.