1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-23 11:18:54 +00:00
Commit Graph

2706 Commits

Author SHA1 Message Date
Luigi Rizzo
830cc17841 Two main changes here:
+ implement "limit" rules, which permit to limit the number of sessions
   between certain host pairs (according to masks). These are a special
   type of stateful rules, which might be of interest in some cases.
   See the ipfw manpage for details.

 + merge the list pointers and ipfw rule descriptors in the kernel, so
   the code is smaller, faster and more readable. This patch basically
   consists in replacing "foo->rule->bar" with "rule->bar" all over
   the place.
   I have been willing to do this for ages!

MFC after: 1 week
2001-09-27 23:44:27 +00:00
Ian Dowse
2510719736 The -A option (beep when packets are dropped) didn't work quite
right; after a single packet was dropped it beeped after every
transmission.

Change its implementation to only output a bell when there is an
increase in the maximum value of the number of packets that were
sent but not yet received. This has the benefit that even for very
long round-trip times, ping -A will do roughly the right thing
after a few inital false-positives.

Reviewed by:	ru
2001-09-25 20:22:33 +00:00
Robert Watson
2d742f7bbc o Reduce userland inclusion of kernel headers -- remove unneeded include
of <sys/mbuf.h>.

Reviewed by:	jlemon
2001-09-24 15:00:16 +00:00
Luigi Rizzo
32f967a3c0 A bunch of minor changes to the code (see below) for readability, code size
and speed. No new functionality added (yet) apart from a bugfix.
MFC will occur in due time and probably in stages.

BUGFIX: fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (there is a PR on this).

OTHER CHANGES: minor changes to the internal struct for static and dynamic rules.
Requires rebuild of ipfw binary.

Add comments to show how data structures are linked together.
(It probably makes no sense to keep the chain pointers separate
from actual rule descriptors. They will be hopefully merged soon.

keep a (sysctl-readable) counter for the number of static rules,
to speed up IP_FW_GET operations

initial support for a "grace time" for expired connections, so we
can set timeouts for closing connections to much shorter times.

merge zero_entry() and resetlog_entry(), they use basically the
same code.

clean up and reduce replication of code for removing rules,
both for readability and code size.

introduce a separate lifetime for dynamic UDP rules.

fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (PR ...)

restructure dynamic rule descriptors

introduce some local variables to avoid multiple dereferencing of
pointer chains (reduces code size and hopefully increases speed).
2001-09-20 13:52:49 +00:00
Peter Wemm
12f8604fde Deal with nfs server module changes for autoloading. 2001-09-20 02:18:06 +00:00
Peter Wemm
4a0785aaff Deal with module name changes and autoloading. 2001-09-20 02:15:17 +00:00
Ruslan Ermilov
4387c7c2af Non-decimal ``skipto'' rule numbers are meaningless.
Noticed by:	"Marc G. Fournier" <scrappy@hub.org>
MFC after:	3 days
2001-09-19 15:12:14 +00:00
Peter Wemm
9119623471 Userland part of nfs client/server split and cleanup. 2001-09-18 23:34:44 +00:00
Jonathan Lemon
5fc10eaf8e Split hwcsum into rxcsum and txcsum components. 2001-09-18 20:13:48 +00:00
Jonathan Lemon
f35b9d165f Teach ifconfig about the new interface capability words. 2001-09-18 17:43:30 +00:00
Andrew Gallatin
c97e08fb94 fix savecore so that it works on the alpha after the size change
of dumpmag from an int to a u_long in rev 1.41 -- without this
change, savecore will always fail like this:

#savecore -v /var/crash
dumplo = 874356736 (1707728 * 512)
savecore: magic number mismatch (8fca0101 != 8fca0101)
savecore: no core dump
2001-09-13 21:19:13 +00:00
Ruslan Ermilov
cda2a9b2f0 Set BINOWN=root explicitly for setuid root binaries.
This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.
2001-09-13 06:48:18 +00:00
Ruslan Ermilov
69f568ec4d Use ${MACHINE}, it works with cross-builds. 2001-09-12 12:21:08 +00:00
Ruslan Ermilov
8083488514 mdoc(7) police: restore fix in rev. 1.52; .Dt should be in CAPITALS. 2001-09-11 10:00:48 +00:00
Ruslan Ermilov
e8ae41c3db mdoc(7) police: restore the correct sorting of SEE ALSO. 2001-09-11 09:58:34 +00:00
Ruslan Ermilov
35ef781131 mdoc(7) police: markup nits, improve -W option text,
mount_msdos(8) is called mount_msdosfs(8) nowadays.
2001-09-11 09:57:31 +00:00
Ruslan Ermilov
5788dd0ee8 Removed -M and -N from getopt(3) call as well. 2001-09-11 09:49:36 +00:00
Greg Lehey
65aeaec006 Use a better stripe size in the examples.
Noted by:	Sean Eric Fagan <sef@kithrup.com>
2001-09-09 02:23:06 +00:00
Semen Ustimenko
cc6b9b02be Stole unicode translation table from mount_msdos. Add kernel code
to support this translation.

MFC after:	2 weeks
2001-09-08 23:03:52 +00:00
Kris Kennaway
dff462c363 * Switch from doing compress(1)ed crashdumps with the -z flag to using
gzip(1).  gdb doesn't understand these, but then again it didn't
  understand compressed crashdumps either.
* Change a stray lseek() into a Lseek()
* Remove the extraneous prototype for log() which has apparently never
  existed in FreeBSD's sources

Obtained from:  NetBSD (partially)
MFC after:      2 weeks
2001-09-06 09:30:09 +00:00
Dima Dorfman
f328d583a2 Use CFLAGS, not COPTS, in the Makefile. bsd.prog.mk conveniently adds
COPTS towards the end of final CFLAGS so that it can be used to
override Makefile and other defaults.  Using it in Makefiles risks
having options set using it clobbered when somebody uses it on the
command line.

Approved by:	bde
2001-09-05 20:10:59 +00:00
Ruslan Ermilov
4a315a9af3 SECURITY.
Notify operators using wall(1)'s -g option.
Drop ``setgid tty'' privilege.

Obtained from:	OpenBSD
MFC after:	1 month
2001-09-05 15:37:01 +00:00
Ruslan Ermilov
857dcea0fe The defaults for bsize and fsize were interchanged.
PR:		docs/30330
2001-09-05 08:51:21 +00:00
Ruslan Ermilov
d6669bbcc2 Don't reinvent the wheel; use strptime(3).
MFC after:	2 weeks
2001-09-04 16:17:17 +00:00
Ruslan Ermilov
ee355dcb9e mdoc(7) police: removed hard sentence breaks. 2001-09-04 09:28:48 +00:00
Poul-Henning Kamp
ae919cce4a Duh! forgot this bit of the NCCD patch.
Submitted by:	sobomax
Reviewed by:	phk
2001-09-04 09:19:48 +00:00
Murray Stokely
cc2a5b08a7 Mention collision attacks on MD5. From the md5(3) man page.
PR:		docs/14158
Reviewed by:	kris
Submitted by:	Eric Frias <efrias@sg505.net>
2001-09-04 01:01:07 +00:00
Jonathan Lemon
050783e980 IPFilter source code in contrib/ipfilter apparently can't make up its mind
where the headers should live, as the code references both "ip_fil.h" and
"netinet/ip_fil.h" (among others).  As a consequence, put both
sys/contrib/ipfilter and sys/contrib/ipfilter/netinet to the include path
so either variant works.

PR: 29384
Pointed out by: Thomas.Quinot@Cuivre.FR.EU.ORG
2001-09-03 16:37:16 +00:00
Ruslan Ermilov
3b7e5ccc6a SECURITY: Drop `setgid kmem' bit as early as possible. 2001-08-31 16:26:37 +00:00
Ruslan Ermilov
162c0b2eff Synch with NetBSD and OpenBSD.
Allow non-superuser to open, listen to, and send safe commands on the
routing socket.  Superuser priviledge is required for all commands
but RTM_GET.

Lose `setuid root' bit of route(8).

Reviewed by:	wollman, dd
2001-08-31 12:31:09 +00:00
Ruslan Ermilov
860ca8fd85 restore(8) doesn't need to be setgid `tty', and never did.
At the times, restore(8) and rrestore(8) were the different
utilities.  rrestore(8) was installed setuid `root', while
restore(8) with usual ownership and privileges.  Later on,
on August 28, 1991 (what a coincidence!), rrestore(8) code
was merged with restore(8).  The setgid `tty' bit then was
accidentally put.
2001-08-30 09:18:55 +00:00
Peter Wemm
241ca2287a Banish hard-coded KERNBASE references from savecore. Dynamically
adjust to whatever kernbase is in the kernel that we are dumping.
2001-08-24 09:26:17 +00:00
Yaroslav Tykhiy
b8a7fd3f3f `create'' and `destroy'' are command modifiers (.Cm), not flags (.Fl). 2001-08-22 18:37:47 +00:00
Ruslan Ermilov
265c01df49 mdoc(7) police: Fixed broken xrefs. 2001-08-22 14:16:31 +00:00
Brian Somers
9cfe90fe1f Handle snprintf() returning < 0 (not just -1)
MFC after:	2 weeks
2001-08-20 14:53:05 +00:00
Brian Somers
327e849ae1 Handle snprintf() returning -1.
MFC after:	2 weeks
2001-08-20 12:56:45 +00:00
Dima Dorfman
a5ef8459cc Fix grammar. 2001-08-20 02:16:41 +00:00
Dima Dorfman
b9595aa55f Respect the -N flag when changing directory attributes in setdirmode).
PR:		29671
Submitted by:	Sascha Blank <sblank@addcom.de>
2001-08-20 02:15:22 +00:00
Kris Kennaway
5979df34a6 Silence non-constant format string warnings by marking functions
as __printflike()/__printf0like(), adding const, or adding missing "%s"
format strings, as appropriate.

MFC after:	2 weeks
2001-08-19 08:19:37 +00:00
Brooks Davis
1ce95f7862 Actuall make plumb work in addition to create as per the manpage.
PR:		bin/29812
Submitted by:	Joao Carlos Mendes Luis <jonny@eng05.embratel.net.br>
2001-08-17 22:16:11 +00:00
Ruslan Ermilov
f1845f5ba8 mdoc(7) police: restore markup bit that got accidentally lost in rev. 1.44. 2001-08-16 11:31:18 +00:00
Ruslan Ermilov
9916c5d299 mdoc(7) police: replace \*(Ba' with a simple |', it's handled specially. 2001-08-16 11:09:00 +00:00
Ruslan Ermilov
6a68a83e56 mdoc(7) police: Section cross-references are marked with .Sx.
-compat is not a valid keyword.
2001-08-16 07:43:16 +00:00
Dima Dorfman
f7acb7e404 Implement a better compatibility mode with mount_mfs. It is the
default if the executable is named (called as) "mount_*", or can be
enabled with the -C option.  This allows users to leave their old
fstab entires unchanged (modulo symlink'ing mdmfs to mount(md|mfs))
and have things behave the way they should (by emulating mount_mfs
silliness), while still allowing mdmfs to be used as a generic
make-an-md-and-mount-it type thing.

Right now, the only effects of this option is to set the mount-point
mode to 01777 as if "-p 1777" was given, and to complain about getting
command-line options that mount_mfs didn't take (e.g., -X, -L, et al).
The latter is mostly to try to catch operator errors.

Also implement -U, which turns on soft-updates.  It's redundant (since
softdep is the default), but implement it anyway for compatibility.
2001-08-16 02:40:29 +00:00
Ruslan Ermilov
d628d776c4 mdoc(7) police: utilize the new .Ex macro. 2001-08-15 09:09:47 +00:00
David E. O'Brien
94ddc5afe9 style(9) tweak
Approved by:	dd
2001-08-14 14:14:20 +00:00
Ruslan Ermilov
753d686d34 mdoc(7) police: s/BSD/.Bx/ where appropriate. 2001-08-14 10:01:54 +00:00
Peter Wemm
98815cc740 ftrace is already initialized 2001-08-13 21:56:09 +00:00
Ruslan Ermilov
c5e7e03a14 Spell "FreeBSD" with "F" and "BSD" in uppercase. 2001-08-13 16:33:00 +00:00
Ruslan Ermilov
8af1452cf8 Removed duplicate VCS ID tags, as per style(9). 2001-08-13 14:06:34 +00:00