summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-01-12syncTheo de Raadt
2010-01-12bump this to updater, so that progress is shown again.Marc Espie
2010-01-12check the new pfsync_subheader len field on input.David Gwynne
this makes sure there is enough of the message to try and parse it, and allows implementations to skip past regions prefixed by unknown subheaders. based on discussion with mcbride@ deraadt@ and simon perreault
2010-01-12more auto-cache goodnessMarc Espie
2010-01-12dont let the antisemaphore clear the WAITING flag so NO_CCB doesnt causeDavid Gwynne
us to loop forever. follow sdstart through to to an adapters scsi_cmd handler and assume that handler returns NO_CCB to enjoy the bug in full. ok kettenis@ krw@ beck@
2010-01-12Add explicit stat so we reliably detect nologin with bad perms. ok djm markusDarren Tucker
2010-01-12the comment is right, this can indeed go away.Jasper Lievisse Adriaanse
it's unused inside libkvm, and nothing else is allowed to use it. ok guenther@ "sure" deraadt@
2010-01-12two corrections from David A. Holland (netbsd -r1.24 of calendar.history);Jason McIntyre
2010-01-12tweak previous;Jason McIntyre
2010-01-12when setting up lo0 use 127.0.0.1/8 instead of 127.0.0.1 for clarity andHenning Brauer
correctness. it's not 1992 any more, kids. ok mcbride dlg krw
2010-01-12After calling pipex_pppoe_input(), we must goto done to restore the spl.YASUOKA Masahiko
ok mcbride@
2010-01-12Add TCP/UDP checksum display for v6 and clean up the checksumChristian Weisgerber
calculation. Mostly from tcpdump.org; ok jsing@
2010-01-12Remove simple_unlock() that is mistakenly introduced and add requiredYASUOKA Masahiko
splx().
2010-01-12Since ifinit() is now safe to be called earlier, call it just beforeTheo de Raadt
configure(), since some upcoming changes will require it. ok henning
2010-01-12Move initialization of the MCLGETI ticker to mbinit(), instead of ifinit()Theo de Raadt
ok henning
2010-01-12Unify the various fake ethernet generators as ether_fakeaddr() whichTheo de Raadt
is safe for both hardware devices and virtual devices ok mpf, kettenis, moaning and groaning and slow acceptance from mcbride XXX should loop checking for uniqueness after new henning diff goes in
2010-01-12Don't leak @if0 format routing host names, pointed out by claudio.Ryan Thomas McBride
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
actions. Allow interfaces to be specified in special table entries for the routing actions. Lists of addresses can now only be done using tables, which pfctl will generate automatically from the existing syntax. Functionally, this deprecates the use of multiple tables or dynamic interfaces in a single nat or rdr rule. ok henning dlg claudio
2010-01-12Remove bpfdetach() call right in front of the if_detach() call sinceClaudio Jeker
bpfdetach() will be called in if_detach(). Diff by Gleydson Soares
2010-01-12Delete unused structures. Pointed out by deraadt@.YASUOKA Masahiko
ok mcbride@
2010-01-12fix ioctl number that conflicted with tun(4)'s ioctl number.YASUOKA Masahiko
ok mcbride@
2010-01-12Remove the "bump the advskew to 240 in case of errors" hack.Marco Pfatschbacher
The demote counter can handle that. This lets carp hosts with an identical demote count still know which one is the designated master and prevents them from failing over asymmetrically. Since there is a demote handling bug in all releases prior to 4.6, symmetric failover will only work against 4.6 (and newer) from now on. OK henning@
2010-01-12set the length of the send queue to 1.David Gwynne
this prevents the ultimate length of the queue of the underlying interface from being artificially inflated while hte vlan/trunk queue is filled and then dumped wholesale on the underlying interface, which will dump its massive queue wholesale on the chip. tx mitigation is only triggered on real interfaces now (which is where the cost is) ok beck@ original diff ok kjc@ henning@
2010-01-12add a buffer_get_string_ptr_ret() that does the same asDamien Miller
buffer_get_string_ptr() but does not fatal() on error; ok dtucker@
2010-01-12Do not allow logins if /etc/nologin exists but is not readable by the userDarren Tucker
logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
2010-01-12Allow the queueing of multiple fragments on virtual interfaces with aBob Beck
queue length of one - i.e. vlans with the forthcoming change from dlg. this allows fragmented frames to be sent on such an interface, hoping that the interface underneath copes correctly - A better fix for this will be forthcoming soon, but this is good enough for now, and will allow the change for vlans to use an ifq length of 1. tested by me and dlg@, ok dlg@, claudio@, deraadt@
2010-01-12Use M_ZERO in malloc instead of doing a bzeor right afterwards.Claudio Jeker
From Gleydson Soares, OK beck@
2010-01-12delete with extreme prejudice a debug() that fired with every keypress;Damien Miller
ok dtucker deraadt
2010-01-12avoid spinning when fd passing on nonblocking sockets by calling poll()Damien Miller
in the EINTR/EAGAIN path, much like we do in atomicio; ok dtucker@
2010-01-12Do not check malloc return value against NULL, as M_WAITOK is used.Charles Longeau
ok miod@
2010-01-12Make the structures for ifa_msghdr and friends even more likeTheo de Raadt
the route messages so that people and compilers will not get confused. ok claudio
2010-01-12Remove dead assignment and newly created unused variable.Charles Longeau
Found by LLVM/Clang Static Analyzer. ok grange@ krw@
2010-01-12Fix bug introduced in r1.78 (incorrect brace location) that broke key auth.Darren Tucker
Patch from joachim joachimschipper nl.
2010-01-11key should be an int not a char.Nicholas Marriott
2010-01-11Make the detach function handle the case of a partial attach, and make sureMark Kettenis
we also free the additional mapped BAR on "cyclone" chips. ok deraadt@
2010-01-11Increase/decrease the per-CPU interrupt depth variable around APIC interruptsMark Kettenis
like we do for PIC interrupts. ok art@, deraadt@, oga@
2010-01-11encourage use of setreseuid(), and warn there are other privs; ok henningTheo de Raadt
2010-01-11Fix wrong logic in error checking of buf_dynamic, found by pcc.Jacek Masiulaniec
2010-01-11sometimes, I manage to finish some stuffMarc Espie
2010-01-11quirks is special here too, oops.Marc Espie
2010-01-11When resuming from suspend, prime play buffers with silence,Alexandre Ratchov
otherwise the client would underrun by more than its own buffer size, which currently is not allowed (causes the client to deadlock). Set the minimum client buffer size to two blocks. Single block buffers don't work properly yet. with help from jakemsr
2010-01-11allow installation to proceed even without -r if it's an actual updateMarc Espie
(all markers match, conflict and pkgpath, and the pkgname is newer if it's the same stem/flavor combo)
2010-01-11works much better if I actually add the option...Marc Espie
2010-01-11move the oldlibs code into its separate file, prior to fixing it.Marc Espie
allow replacement if it only touches partial or libs
2010-01-11protect gzip against weird file namesMarc Espie
2010-01-11dlg@ lost the SCSI_IGNORE_ILLEGAL_REQUEST flag on all SYNCHRONIZE_CACHEKenneth R Westerback
commands. Noticed & fix tested by halex@. ok dlg@
2010-01-11Do not use after free kif->if_index; discovered with claudioTheo de Raadt
ok dlg
2010-01-11when converting keys, truncate key comments at 72 chars as per RFC4716;Damien Miller
bz#1630 reported by tj AT castaglia.org; ok markus@
2010-01-11Add PIPEX option, disabled by default for now.Ryan Thomas McBride
ok deraadt yasuoka
2010-01-11various cleanup, including a fix from Daniel Dickman;Jason McIntyre
ok espie