basis. default: 100pps
set default value for net.inet.tcp.rstratelimit to 0 (disabled),
NOTE: it does not work right for smaller-than-1/hz interval. maybe we should
nuke it, or make it impossible to set smaller-than-1/hz value.
is illegal to flush on user addresses. In theory the race exists
on MIPS1, but it is rather unlikely in common use. I have
seen it with regress/sys/kern/sigtramp on a QED 5231 system.
unspecified address (::) to mean "unbounded" or "unconnected",
and can be confused by packets from outside.
use of :: as source is not documented well in IPv6 specification.
not sure if it presents a real threat. the worst case scenario is a DoS
against TCP listening socket:
- outsider transmit TCP SYN with :: as IPv6 source
- receiving side creates TCP control block with:
local address = my addres
remote address = :: (meaning "unconnected")
state = SYN_RCVD
note that SYN ACK will not be sent due to ip6_output() filter.
this stays until it timeouts.
- the TCP control block prevents listening TCP control block from
being contacted (DoS).
udp6/raw6 socket may have similar problem, but as they are connectionless,
it may too much to filter it out.
and so it shouldn't use __P. (this should probably be done better, by
not declaring the parser functions in headers used by host programs,
but this works well enough.)
gid to -1.) Don't bother checking 'unpriv' when it's redundant with the
uid/gid == -1 check. (Doing the uid/gid handling consistently also fixes
the directory-creation code, which didn't check unpriv and did chmod/chown
anyway.) One minor spaces/tabs cleanup at one of the uid/gid checks.
appropriate, but worse: 'cpp' (real-UNIX or stock gnu) takes args
[infile [outfile]]. I.e., the second arg (ioctl_compat.h) would
end up being nuked by this script if using a vendor or stock gnu cpp!
Our /usr/bin/cpp works Differently.
the change uses extra variables which can be avoided,
it is to make the change look similar to BIND8 change.
question: timeout resolution is 1 second (time_t). should we use
timevals instead?
PR 6410 From: maximum entropy <entropy@venom.bernstein.com>
in the parent bus format (i.e. an INO) rather than being represented as
an PCI interrupt line. Provide a hack to work around this in pci_attach_hook().