Age | Commit message (Collapse) | Author |
|
Flushing all filter parameters does not make sense on one specific
interface only as already noted. However, the main ruleset as well as
all tables were still cleared on such invalid usage.
Furthermore, an empty interface name was treated like no interface at
all, hence source tracking entries, statistics and interface flags were
cleared also.
Immediately error out if `-i' is given regardless of its argument before
flushing anything.
OK sashan
|
|
collisions with global tables, but only in certain cases and with
limited information sometimes leaving users clueless.
Deferring the check to process_tabledefs() where tables are eventually
created, both anchor and table name are known which allows for checking
all existing anchors.
With this, warn on all duplicates even in dry-runs (`-n') and print
quoted names so they can be copied to fix configurations right away.
No functional change in parsing or ruleset production.
Discussed with and OK sashan
|
|
Killing source tracking entries per interface does not make sense and
`-i interface' along with `-K key' is completely ignored anyway.
There since import in 2006, probably just copy/pasta.
OK sashan
|
|
another process is doing. We don't want that, so instead have it
always return that memory is in core.
ok deraadt kettenis
|
|
|
|
physio(9) to prevent another thread from unmapping the memory and triggering
an assertion or even corruption random physical memory pages.
ok deraadt@
Should fix:
Reported-by: syzbot+b8e7faf688f8c9d341b1@syzkaller.appspotmail.com
Reported-by: syzbot+b6a9255faa0605669432@syzkaller.appspotmail.com
|
|
it is entirely unavoidable (for example libc/*/exec.c), because any erroneous
size controlled by an attacker turns into a known-location object placement
in a very dangerous region. So use malloc() instead.
|
|
include new virtio_pcireg.h header
|
|
ok mpi@, tedu@, deraadt@
|
|
by me and others indicate that it is the optimum.
|
|
making the number of pools variable. Do not document the malloc
conf settings atm, don't know yet if they will stay. Thanks to all
the testers. ok deraadt@
|
|
|
|
Everything above 0x1040 is 1.x only.
Also tweak descriptoin of memory balloon device. There will be a memory
device, too
ok mlarkin@
|
|
It accidentally contained a part of a different diff.
|
|
Also add some virtio 1.0 status and feature bits
|
|
|
|
And fix some comments
|
|
ok jca@ visa@ guenther@ deraadt@
|
|
Now that nanosleep(2) handles the full input range transparently there
is no longer a 100 million second upper bound and we can remove this loop.
ok phessler@ jca@ visa@
|
|
POSIX APIs".
Also sprach guenther@. So switch PF_ROUTE to AF_ROUTE in socket() and
setsockopt() calls. Keep PF_ROUTE in sysctl(2) uses. adding a comment
for future visitors,
Also replace PF_UNSPEC with 0 in socketpair(), as socketpair(2) points
out this is the only sensible value.
Cluebat from and ok guenther@
|
|
Use memset(3) instead of bzero(3) since POSIX recommends using the former and
because it's also more portable (conforms to ANSI C standard)
OK tedu@ tb@
|
|
while here also use NULL as its second argument, instead of "", like it's
done everywhere else in the tree.
OK florian@
|
|
anchor file (create it if it doesn't exist).
pledge & unveil accordingly
OK sthen
|
|
ok gilles@
|
|
having to write empty list elements for non-compact .Bl -tag lists:
1. Add margin-bottom to the <dd>.
Note that margin-top on the <dt> doesn't work because it would put
a short <dt> lower than the <dd>; margin-bottom on the <dt> doesn't
work because it would put vertical space before the <dd> for a long
<dt>; and margin-top on the <dd> doesn't work because it would put
a short <dt> higher than the <dd>. Only margin-bottom on the <dd>
has none of these adverse effects.
2. Of course, margin-bottom on the <dd> fails to take care of the
vertical spacing before the first list element, so implement that
separately by margin-top on the <dl>.
3. For .Bl -tag -compact, reset both to zero.
|
|
constants, and while stderr is a compile-time constant in OpenBSD,
Kelvin Sherlock <ksherlock at gmail dot com> reports that it isn't
on some other systems, for example on FreeBSD or Linux.
So do the initialization by calling mandoc_msg_setoutfile()
from main() instead.
|
|
overlapping the framebuffer. Prompted by ring tests failing.
Diagnosed, fix suggested by and ok kettenis@
|
|
suggested by and ok kettenis@
|
|
Pointed out by Matteo Niccoli, ok bluhm@ sthen@
|
|
corresponding digits. So the change the ddb x/x output.
OK sashan@ deraadt@ visa@ mpi@
|
|
|
|
This way the expansion can happen with the correct values and files do not
show up as modified.
|
|
This can happen on new RCS files.
Fixes $Log$ keyword expansion.
|
|
rd_lock member of the matching delta.
Other keyword substitution will not properly work in cases where the
RCS file did not have a lock for the revision yet or if the lock is
being removed.
|
|
a couple of AF_ROUTE.
|
|
declared static.
OK guenther@
|
|
OK millert@ bluhm@
|
|
ok kettenis
|
|
bzero is defined in strings.h.
ok deraadt@
|
|
ok visa@
|
|
ok visa@
|
|
in rasops(9) to allow selecting larger fonts when available.
Summary of the changes:
- Enable spleen8x16 for all architectures, replacing bold8x16_iso1.
- Enable spleen12x24 on all arches but sparc64, replacing gallant12x22.
- Enable spleen16x32 and spleen32x64 on amd64, i386, and arm64 for
GENERIC kernels.
- Modify the font selection logic in rasops(9) so the 16x32 and 32x64
fonts are selected if at least 120 columns can be displayed. Screens
with widths equal or larger than 1920px will use the 16x32 font, and
screens with widths equal or larger than 3840px the 32x64 one.
OK kettenis@, ratchov@, deraadt@
|
|
|
|
this allows vlan packets to bypass the ifq handling, which allows
packets to be encapsulated concurrently by any context. the code
falls back to ifqs if hfsc is enabled on the vlan interface, otherwise
it encaps the packet immedate and enqueues it on the parent interface.
hrove popovski has seen a performance bump in certain configurations
from this change.
ok mpi@
no objections claudio@
|
|
if_enqueue() still makes sure packets get handled by pf on the way
out, and seen by bridge if needed. however instead of falling through
to ifq mapping and output, it now calls a function pointer in the
ifnet struct. that pointer defaults to the ifq handling, but drivers
can override it to bypass ifq processing.
the most obvious users of the function pointer will be virtual
interfaces, eg, vlan(4). ifqs are good if you need to serialise
access to the thing that transmits packets (like hardware rings on
nics), or mitigate the number of times you do ring processing, but
neither of those things are desirable on vlan interfaces. ideally
vlan could transmit on any cpu without having packets serialised
by it's own ifq before being pushed down to an arbitrary number of
rings on the parent interface. bypassing ifqs means the driver can
push the vlan tag on concurrently and push down to the parent frmo
any cpu.
ok mpi@
no objection from claudio@
|
|
|
|
to regain build performance.
OK deraadt@ guenther@ kettenis@
|
|
|
|
|
|
available.
Assuming a httpd.conf based on /etc/examples/httpd.conf, httpd(8)
will only listen on port 80 and serve the acme-challenge directory
for acme-client(1).
The workflow to get a certificate then becomes
acme-client -vAD example.com && rcctl reload httpd
Without the need to edit the httpd.conf yet again. Once the cert
is in place and httpd is reloaded it starts to serve on port 443.
Idea, tweaks & OK deraadt, OK benno
|