for use thoughout the tcp subsystem.
It is IPv4 and IPv6 aware creates a line in the following format:
"TCP: [1.2.3.4]:50332 to [1.2.3.4]:80 tcpflags <RST>"
A "\n" is not included at the end. The caller is supposed to add
further information after the standard tcp log header.
The function returns a NUL terminated string which the caller has
to free(s, M_TCPLOG) after use. All memory allocation is done
with M_NOWAIT and the return value may be NULL in memory shortage
situations.
Either struct in_conninfo || (struct tcphdr && (struct ip || struct
ip6_hdr) have to be supplied.
Due to ip[6].h header inclusion limitations and ordering issues the
struct ip and struct ip6_hdr parameters have to be casted and passed
as void * pointers.
tcp_log_addrs(struct in_conninfo *inc, struct tcphdr *th, void *ip4hdr,
void *ip6hdr)
Usage example:
struct ip *ip;
char *tcplog;
if (tcplog = tcp_log_addrs(NULL, th, (void *)ip, NULL)) {
log(LOG_DEBUG, "%s; %s: Connection attempt to closed port\n",
tcplog, __func__);
free(s, M_TCPLOG);
}
lock and unlock conditionally, not just set the flag on it conditionally.
In practice, this bug couldn't manifest, as in the current revision of
the code, no callers pass a NULL rep.
CID: 1416
Found with: Coverity Prevent(tm)
release documentation from *.TXT files to the RELNOTESng *.sgml
files. I'm pretty sure that, five years later, nobody is wondering
where the original *.TXT files went to in our source tree, so
remove this file to declutter the source tree a bit.
While ng_fec called the ioctl to let interfaces in the bundle know
the list of multicast addresses had changed, it never actually
updated that list on the interfaces in the bundle. Consequently,
the multicast filters could be programmed incorrectly.
if_lagg does this correctly, by maintaining a list of addresses
that it has added to interfaces in the bundle. This commit basically
takes the if_lagg code and adds it to ng_fec.
A version of this patch for RELENG_6 has fixed some problems with
IPv6 ND over ng_fec. This is probably the problem in PR 107523.
PR: 107523
Tested by: Rob Gallagher <robert.gallagher@heanet.ie>
Obtained from: if_lagg
MFC after: 3 weeks
function calls are no more generated for vop_lock.
Rename _vop_lock to vop_lock1 to satisfy tools/vnode_if.awk assumption
about vop naming conventions. This restores pre/post-condition calls.
scripts in rc.d to stop rc(8) from booting into multi-user mode when
a critical or severe error condition is encountered.
o Modify scripts in etc/rc.d that already implemented this functionality
independently.
o Document it.
[1] - This subroutine was implemented in FreeBSD in rc.d/fsck. I moved it
to rc.subr(8). Our version differs slightly in that it takes an
optional argument to stop the boot even if "autoboot" is not set.
Obtained from: NetBSD
MFC after: 2 weeks
vmcnts. This can be used to abstract away pcpu details but also changes
to use atomics for all counters now. This means sched lock is no longer
responsible for protecting counts in the switch routines.
Contributed by: Attilio Rao <attilio@FreeBSD.org>
speedup and will be more useful after each gains a spinlock in the
impending thread_lock() commit.
- Move initialization and asserts into init/fini routines. fini routines
are only needed in the INVARIANTS case for now.
Submitted by: Attilio Rao <attilio@FreeBSD.org>
Tested by: kris, jeff
specified in RFC4620. A new flag for icmp6_nodeinfo was added to enable the
feature.
- Also cleaned up the code so that the semantics of the icmp6_nodeinfo
flags is clearer (i.e., defined specific macro names instead of using
hard-coded values).
Approved by: gnn (mentor)
MFC after: 1 week
potentially dangerous environment variables all together. It should be
noted that the run-time linker will not honnor these environment variables
if the process is tainted currently. However, once a child of the tainted
process calls setuid(2), it's status as being tainted (as defined by
issetugid(2)) will be removed. This could be problematic because
subsequent activations of the run-time linker could honnor these
dangerous variables.
This is more of an anti foot-shot mechanism, there is nothing I am
aware of in base that does this, however there may be third party
utilities which do, and there is no real negative impact of clearing
these environment variables.
Discussed on: secteam
Reviewed by: cperciva
PR: kern/109836
MFC after: 2 weeks
previous commit and that introduced optional parameters.
Existing classes (like geli(8)) use empty strings by default
and expect the parameter to be passed to the kernel as such.
Also, the default value of a string argument can be NULL.
Fix both cases by making the optional parameter conditional
upon gc_argname being set and making sure to test for NULL
before dereferencing the pointer.
Reported by: brueffer@
- Fixed RTOinfo for bounding.
- Fixed connect() to return ECONNREFUSED when an ABORT is received.
- Added comments to direct Static Analysis not to look at some things
it does not understand (comments are /* sa_ignore XXXXX */)
- Bind when colliding was broken, missing not_found = 1 before
checking to see if the port was in use caused endless bind loop.
- Cookie life needs to be in milliseconds to conform to socket api.
- Cookie life is not supposed to change if its 0, On the assoc
level set we changed it to 0 opps.
- Two more static analysis issues identified by the cisco
tool. Null checks needed.
- An issue for sendfile(). Need to validate the correct
input argument.
- When sending failed due to a no route to host, we leaked
the mbuf chain failing to call m_freem().
- Fix #ifdef issue for getting hash block len when HAVE_SHA2 is NOT defined
Reviewed by: gnn
"forced". If some pre-condition is not met, it should fail as it normally
does and rc.subr(8) will make the appropriate decision. Incidentally, the
previous behaviour had a bug where the "force" flag was respected only
when checking rc.conf(5) knobs. The flag was ignored when verifying the
rpcbind(8) dependency.
MFC after: 2 weeks
defined. This restores the old behavior, and eliminates the
dependency on the kernconf.tmpl when INCLUDE_CONFIG_FILE isn't
included in the kernel config. There were many people in the terminal
room that had almost, but not quite, up-to-date config files that this
helps. I don't know if this is the result of skew among the cvsup
servers, or some other more subtle problem. However, this fix should
work for any config of recent vintage (I tested with the latest, and
one before the recent changes, and eye-balled the intermediate
versions).
Reviewed by: the terminal room crew