- Add support for bi-directional NAT and redirection / port forwarding.
- Finish filtering on ICMP type/code and add filtering on TCP flags.
- Add support for TCP reset (RST) or ICMP destination unreachable on block.
- Fix a bunch of bugs; misc cleanup.
tre will be compiled without approx and wchar/mulibyte support to
only match the minimum requirement to replace our spencer regex.
This needs a lot of testing.
Only enabled when USE_LIBTRE is set to `yes'.
Note that the solution is not optimal. If ichlpcib(4) provides SpeedStep
support, possible I/O resource conflicts may occur with acpicpu(4). Ideally,
as noted for instance in Windows design documents, ichlpcib(4) should never
expose SpeedStep when ACPI is being used. The probability for potential race
conditions is however very small, being limited to few P4-era machines and
being dependent on user actions.
will go backwards; K7 will not be supported already due doubts about
availability and reliability of ACPI during that era. Some unfortunate code
duplication is present (but not overly much). Thanks to cegger@ and jakllsch@
for patiently testing this.
- Designed to be fully MP-safe and highly efficient.
- Tables/IP sets (hash or red-black tree) for high performance lookups.
- Stateful filtering and Network Address Port Translation (NAPT).
Framework for application level gateways (ALGs).
- Packet inspection engine called n-code processor - inspired by BPF -
supporting generic RISC-like and specific CISC-like instructions for
common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual.
- Convenient userland utility npfctl(8) with npf.conf(8).
NOTE: This is not yet a fully capable alternative to PF or IPFilter.
Further work (support for binat/rdr, return-rst/return-icmp, common ALGs,
state saving/restoring, logging, etc) is in progress.
Thanks a lot to Matt Thomas for various useful comments and code review.
Aye by: board@
kernconfig_mutex. Update module subsystem to use this mutex rather than
its own internal (non-recursive) mutex. Make module_autoload() do its
own locking to be consistent with the rest of the module_xxx() calls.
Update module(9) man page appropriately.
As discussed on tech-kern over the last few weeks.
Welcome to NetBSD 5.99.39 !
- the return value from modcmd(MODULE_CMD_FINI) is not ignored;
the module is only unloaded if the return value is 0
- if loading a module fails, the dependents won't be unloaded until
the auto_unload timer goes off
- clarify that <module>.prop is merged with the dictionary passed
in by modctl()
- clarify that other parts of the kernel shouldn't normally call
module_unload()
- add some more source references and mention routines expected to
be supplied by architecture dependent code
that we can attach a power management handler. The handler prevents
a suspend if the watchdog is active, to be consistent with other
watchdog drivers.
As discussed on tech-kern.
vnode that may disappear before the caller has a chance to reference it.
Reference the vnode while the specfs cache is locked.
Welcome to 5.99.37.
No objections on tech-kern.
vnode that may disappear before the caller has a chance to reference it.
Reference the vnode while the name cache is locked.
No objections on tech-kern.
This change adds the ATFFILE variable, which can take the following values:
- yes: The source directory contains a static Atffile to be installed.
- auto: The Atffile is automatically generated.
- no: Do not install any Atffile (replaces the previous NOATFFILE variable).
The ugly bit of this is that I have to add a TESTS_SUBDIRS variable that
lists the subdirectories that contain test cases (so that they can be listed
in the Atffiles, without including auxiliary directories without tests).
This is a subset of SUBDIR.
Addresses a minor part of PR bin/43394.
Add MI flags PMAP_WRITE_COMBINE, PMAP_WRITE_BACK, PMAP_NOCACHE_OVR.
Update pmap(9) manpage.
hppa: Remove MD PMAP_NOCACHE flag as it exists as MI flag
mips: Rename MD PMAP_NOCACHE to PGC_NOCACHE.
x86: Implement new MI flags using Page-Attribute Tables.
x86: Implement BUS_SPACE_MAP_PREFETCHABLE.
Patch presented on tech-kern@:
http://mail-index.netbsd.org/tech-kern/2010/06/30/msg008458.html
No comments on this last version.
we're ELF now, and there are many missing checks against OBJECT_FMT.
if we ever consider switching, the we can figure out what new ones
we need but for now it's just clutter.
this doesn't remove any of the support for exec_aout or any actually
required-for-boot a.out support, only the ability to build a netbsd
release in a.out format. ie, most of this code has been dead for
over a decade.
i've tested builds on vax, amd64, i386, mac68k, macppc, sparc, atari,
amiga, shark, cats, dreamcast, landisk, mmeye and x68k. this covers
the 5 MACHINE_ARCH's affected, and all the other arch code touched.
it also includes some actual run-time testing of sparc, i386 and
shark, and i performed binary comparison upon amiga and x68k as well.
some minor details relevant:
- move shlib.[ch] from ld.aout_so into ldconfig proper, and cut them
down to only the parts ldconfig needs
- remove various unused source files
- switch amiga bootblocks to using elf2bb.h instead of aout2bb.h
IEEE 802.11b/g WLAN device, ported from OpenBSD by FUKAUMI Naoki:
http://mail-index.NetBSD.org/current-users/2010/05/28/msg013570.html
Slightly modified by me to use recently added config_mountroot(9)
to defer some device initialization until mountroot for firmload(9).
Tested on Sharp W-ZERO3 WS003SH with internal WLAN.
Note currently we cannot redistribute firmware files for upgt(4) so
they have to be downloaded and copied into /libdata/firmware/upgt manually.
See upgt(4) man page about firmware details.
- VOP_LOCK(vp, flags): Limit the set of allowed flags to LK_EXCLUSIVE,
LK_SHARED and LK_NOWAIT. LK_INTERLOCK is no longer allowed as it
makes no sense here.
- VOP_ISLOCKED(vp): Remove the for some time unused return value
LK_EXCLOTHER. Mark this operation as "diagnostic only".
Making a lock decision based on this operation is no longer allowed.
Discussed on tech-kern.
building X11 without inet6 support. the support to maintain patches to
generated files and other files is too great. PR#42856
- add TOOL_PIGZ, which defaults to the (not yet default) built tools/pigz.
- kill MKPIGZ.
- add MKPIGZGZIP. if it is "no", then only install pigz as pigz. if it is
not "no", don't install mrgzip, install pigz as gzip.
in all cases, the z* scripts.
i don't like the name MKPIGZGZIP so if anyone has a better name, feel free
to replace it. i don't care enough since killing the ugly name is just
more incentive to get pigz doing .bz2, .Z and .z.
make test may yield misleading results but should work in many cases. This
target is supposed to simplify the execution of tests but does not preclude
developers from running the installed versions.
Addresses PR misc/38326.
the diff -u is more obvious than a description:
-X11FLAGS.VERSION= -DOSMAJORVERSION=1 -DOSMINORVERSION=6 # XXX
+X11FLAGS.VERSION= -DOSMAJORVERSION=5 -DOSMINORVERSION=99 # XXX
In aps(4) note that sensor values are refreshed every 0.5 seconds, which may
have a negative effect on battery life.
(Since the sensors are purely descriptive and no time-sensitive protective
measures are being carried out, it would probably be a good idea to remove
the whole callout(9) from the driver and let the sysmon's poll cycle take
over.)
according to the appearance in FUNCTIONS. Fix typo; cnm_trap() -> cn_trap().
Remove the .Va typedef struct cnm_state cnm_state_t; in SYNOPSIS. And some
miscellaneous markup improvements.
man pages to use mandoc unconditional as it gives reasonable output for
all man pages, not only a subset of mdoc(7). Use the newly installed
style.css for formatting and produce hyperlinks for .Xr.
