| Age | Commit message (Collapse) | Author |
|---|
|
|
|
improved by sthen@
ok reyk@
|
|
1.3.5, implement the OXM filters to use with flow matching and Set-Action,
prepare code to receive group management and add dummy flow_removed handler
to avoid closing the connection on idle flows.
|
|
small style correction and ok reyk@
|
|
message is received or a socket is closed.
This is just a temporary fix to avoid switchd(8) from hogging the cpu and
leaking memory while testing.
ok reyk@
|
|
ok reyk@
|
|
ok tb
|
|
configuration file. Sync usage() with the result.
With feedback from and ok jmc@
|
|
Add sysctl kern.allowkmem (default 0) which controls the ability to open
/dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99%
of utilities in the tree to operate on sysctl-nodes (either by themselves
or via code hiding in the guts of -lkvm).
pstat -d and -v & procmap are affected and continued use of them will
require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's
buddy sendbug) are affected, but we'll work out a solution soon.
There will be some impact in ports.
ok kettenis guenther
|
|
OK jca@, deraadt@
|
|
OK jca
|
|
OK jca@
|
|
so make it a common/shared code path.
|
|
|
|
|
|
|
|
from bluhm and myself
|
|
|
|
|
|
Written together with jmc@
|
|
ok reyk@
|
|
for TCP or TLS connections than before. It makes no sense to buffer
messages in kernel, the dynamic limit there makes testing the dropped
message statistics unreliable. Syslog has no high performance
requirements, so limit all TCP socket buffers to 64 KB.
OK henning@ deraadt@
|
|
suggested by and ok reyk@
|
|
Written together with jmc@
|
|
reported by florian@
|
|
"unsigned char *keyname" to make it clear that an array size can not
be inferred. Suggested by millert@
|
|
ok krw@ millert@ claudio@
|
|
|
|
This fixes rtadvd on (at least) armv7. Problem reported and fix tested
by Martin Brandenburg.
|
|
This currently has no effect because route sockets are datagram
(PR_ATOMIC) sockets, so we only get one message at a time. This means
that the parsing code could be simplified. route(4) sockets cluebat
from claudio@
|
|
|
|
client certificates. This prevent that malicious clients can send
fake messages.
OK deraadt@
|
|
input semarie
ok deraadt
|
|
noticed by & ok florian@
|
|
must be called before proc_init() otherwise child process won't have this
configured.
ok reyk@
|
|
|
|
The filemode(), ttymode() and vnodemode() functions can be split into two
pieces. The *_prep() piece must be hoisted to before pledge and the rest
can run under pledge "stdio rpath vminfo". The magic block that decides
which ones of the *_prep() pieces must be run with which combination of
command line switches is quite impressive.
Patch from Rob Pierce, thanks!
ok deraadt
|
|
leads to entering codepaths that try to work with only partially
initialized kvm structures -- with unsurprising outcomes.
Problem found by Rob Pierce, ok deraadt
|
|
from joel knight
|
|
uintptr_t. It is safe here to pass a 'const' to exec*().
improved by and ok millert@
|
|
We can get rid of inet_aton(3) and use the AF independent getaddrinfo(3).
OK natano@, krw@, millert@, claudio@
|
|
|
|
it can be worked on in the tree).
ok florian@ deraadt@
|
|
it was always a copy of ps->ps_env.
You might access the env variable now with: p->p_ps->ps_env.
ok reyk@
|
|
elf(5)
feedback from guenther@
ok guenther@ kettenis@
|
|
it also does proper traversal of the tree (ie, it does FOREACH)
which in turn uses MIN and NEXT operations to iterate over the whole
tree. theyre complicated and need code.
so for now this pulls in subr_tree.c from the kernel and builds it
as part of procmap. that allows for traversal of the RBT using the
same code that the kernel uses.
it is a bit ugly though because procmap updates the pointers between
items in the tree so they point at local copies instead of kernel
addresses. its made worse because RBT code has pointers between
rb_entry structs, not between the nodes.
im putting this in now to unbreak the tree. it can be polished after
coffee/naps.
|
|
|
|
|
|
rdaemon() works like daemon(3) but requires its caller to pre-open
/dev/null. This makes it possible to go in the background after
a chroot(2), allowing for more error checking. The pattern is basically
- open /dev/null
- chroot
- privdrop
- rdaemon
"design" initialy discussed with semarie@ a while ago, ok dlg@
|
|
This commit mostly removes the parent SIGCHLD handler, the rest of the
code is already in proc.c.
ok reyk@
|
