Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
Earlier, a white space separated string was generated containing all the section
numbers passed through command line arguments. Later on that would have to be
tokenized and processed. Instead of that, use a NULL terminated array of strings.
Thanks to christos@ for reviewing and suggesting further improvements.
mandoc(3) already generates the text node representing the value for the .Nm macro.
Doing our own parsing for .Nm on top of that leads to large duplication of text
in the database. This gets specially worse for man pages with large NAME sections,
such as queue(3).
Similar to apropos(1), whatis did not utilise the mandb_links table till now.
Therefore, if it was asked about one of the links to a man page, it would
error out. This change teaches whatis(1) to look up both the FTS table
as well as the links table, thus ensuring that it is able to answer queries
about MLINKS as well.
Comparision between outputs before this change and after this change:
#Before change
$ whatis realloc
realloc: not found
#after change
$ ./whatis realloc
realloc(3) - general memory allocation operations
realloc(3) - general purpose memory allocation functions
realloc(9) - general-purpose kernel memory allocator
apropos(1) only indexes the first .Nm entry from the NAME section in the full
text index. Rest of the .Nm entries are stored in a separate table: mandb_links.
Till now apropos(1) did not use the mandb_links table. So whenever a query
was being made for one of the man page links, such as realloc(3), it was showing
malloc(3) in the results but not as the first result. And, also the result would
show up as malloc(3), rather than realloc(3) (which can be confusing).
With this change, for single keyword queries, apropos(1) would now utilise the
mandb_links table as well. If the query is for one of the links of a man page,
it would show as the first result. Also, the result would show up as the name
of the link rather than the original man page name. For example, if the query
was for realloc, the output would be realloc(3), rather than malloc(3).
Following are some example queries showing difference in the output before this
change and after this change:
#Before changes
$ apropos -n 5 -M realloc
reallocarr (3) reallocate array
reallocarray (3) reallocate memory for an array of elements checking
for overflow
fgetwln (3) get a line of wide characters from a stream
fgetln (3) get a line from a stream
posix_memalign (3) aligned memory allocation
#After changes
$ ./apropos -n 5 -M realloc
realloc (3) general memory allocation operations
realloc (3) general purpose memory allocation functions
realloc (9) general-purpose kernel memory allocator
reallocarr (3) reallocate array
reallocarray (3) reallocate memory for an array of elements checking
for overflow
#Before changes
$ apropos -n 5 -M TAILQ_REMOVE
SLIST_HEAD (3) implementations of singly-linked lists, lists, simple
queues, tail queues, and singly-linked tail queues
#After changes
$ ./apropos -n 5 -M TAILQ_REMOVE
TAILQ_REMOVE (3) implementations of singly-linked lists, lists,
simple queues, tail queues, and singly-linked tail queues
#Before changes
$ apropos -n 5 -M falloc
filedesc (9) file descriptor tables and operations
file (9) operations on file entries
#After changes
$ ./apropos -n 5 -M falloc
falloc (9) file descriptor tables and operations
file (9) operations on file entries
ok christos@
- remove now unused field mnt_list.
- rename mount_list to mountlist and make it local to vfs_mount.c.
- make mountlist_lock local to vfs_mount.c.
Change pstat.c to retrieve vnodes by lru lists.
by the number of concurrent I/O requests. Also introduce a new disk_wait()
function to measure requests waiting in a bufq.
iostat -y now reports data about waiting and active requests.
So far only drivers using dksubr and dk, ccd, wd and xbd collect data about
waiting requests.
For unknown reasons, IPv6 multicast addresses are linked to a first
IPv6 address assigned to an interface. Due to the design, when removing
a first address having multicast addresses, we need to save them to
somewhere and later restore them once a new IPv6 address is activated.
mkludge stuffs support the operations.
This change links multicast addresses to an interface directly and
throws the kludge away.
Note that as usual some obsolete member variables remain for kvm(3)
users. And also sysctl net.inet6.multicast_kludge remains to avoid
breaking old ifmcstat.
TODO: currently ifnet has a list of in6_multi but obviously the list
should be protocol independent. Provide a common structure (if_multi
or something) to handle in6_multi and in_multi together as well as
ifaddr does for in_ifaddr and in6_ifaddr.
file_exists_exact function was introduced in 1.26 for the benefit of
cross-building on OS X case-insensitive file system. It is extremely
slow on diskless machines. That becomes especially noticeable when
you upgrade a system that has a lot of obsolete files, it can take
literally hours.
bta2dpd allows you to stream audio to and from bluetooth devices.
It features high quality stereo audio and is intended for use with pad(4)
device.
As discussed on current-users@ and tech-userlevel@
default, build a handful of tools as n64 so they work properly.
unfortunately, they're also static as dynamic n64 has a problem.
of these tools pstat is probably the lowest hanging fruit to convert
to sysctl. systat would be close were it not for the netstat screen,
which includes netstat itself.
the rest are difficult to perhaps foolish.
the upside is that netstat, pmap and fstat all work properly now.
There can be symlinks which are pointing to man pages not installed in
one of the _default locations mentioned in man.conf or MANPATH. For example
there are man pages in /usr/pkg/man which are symlinked to pages in
/usr/pkg/lib/perl5/man. If we ignore symlinks, we would not be able to
index such pages installed outside the default set of directories.
(Also, the symlink test was incorecct, so we never noticed this issue)
Ok christos@, wiz@
When dealing with high I/O throughput, we could run out of buffer
space if the filesystem was not consuming requests fast enough.
Here we slightly raise the buffer size, and we make it tunable
through the PERFUSE_BUFSIZE environment variable so that we can
cope with higher requirement later.
While there, document PERFUSE_OPTIONS environment variable.
sections multiple times. This started to happen because, pmdoc_Sh(), the handler function
responsible for parsing the Sh macros, used to recursively go through all the child
nodes and then the next nodes starting from top level Sh block node.
Now, once it has processed all the child nodes of the top level block node,
it moves to the next node, which is the top level block node of the next section and
in this way one call to pmdoc_Sh() was causing a complete pass through the
man page. Since, mandoc(3) calls pmdoc_Sh() for each .Sh macro in the man
page, it would result in parsing some of the sections multiple times.
This never happened with the previous versions of mandoc, so we never noticed.
I've fixed this by starting the parse sequence of the Sh macro from its body, which gurantees
that we will stop once that section ends.
ok christos@
flags, we no longer need the custom sppp code to detect if we are
connected or not.
Add commentary on if we really need to handle RTM_DELADDR only when
detached.
and PCI_IOC_DRVNAMEONBUS. the new ones also take a (autoconf) PCI bus
number, which allows lookups for any device on any pci bus node. use this
in pcictl which current reports the wrong values sometimes.
up next: use these in libpciaccess.
