Mortals do not need to be able to generate PCI Configuration Space
read transactions, which are not entirely without side effect, as
reported in PR#16300.
- Designed to be fully MP-safe and highly efficient.
- Tables/IP sets (hash or red-black tree) for high performance lookups.
- Stateful filtering and Network Address Port Translation (NAPT).
Framework for application level gateways (ALGs).
- Packet inspection engine called n-code processor - inspired by BPF -
supporting generic RISC-like and specific CISC-like instructions for
common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual.
- Convenient userland utility npfctl(8) with npf.conf(8).
NOTE: This is not yet a fully capable alternative to PF or IPFilter.
Further work (support for binat/rdr, return-rst/return-icmp, common ALGs,
state saving/restoring, logging, etc) is in progress.
Thanks a lot to Matt Thomas for various useful comments and code review.
Aye by: board@
Under some circumstances, ${TOOL_CAT} may refer to an executable
that does not exist. As a stopgap fix, use cat(1) instead of
${TOOL_CAT} in emit_dist_file.
that assembles /etc/mtree/NetBSD.dist. Instead, use the Makefile's
new target, emit_dist_file, to assemble the correct NetBSD.dist.
Previously, 'postinstall -m amd64 -s $SRC_TOP' would install a
NetBSD.dist that was missing /usr/lib/i386/ et cetera.
the command being executed. This is to allow rc.d scripts to do:
run_rc_command "${@}"
instead of:
run_rc_command "${1}"
and let the command handler (start, stop, etc.) receive the arguments after
the command name.
None of the default commands allow extra arguments, and they will error out
if any are given. This is mostly useful for script-specific commands that
are only supposed to be used through the command line and, therefore, need
to provide a friendly interface.
Proposed in tech-userlevel@. No major objections except for some minor
concerns regarding whether this should be allowed or not at all. Note that
I'm not touching any of the rc.d scripts in the base system, so this is
effectively a no-op from the user point of view.
s/MP/UP/ kernels were otherwise in place.
in my testing on a U60, i couldn't really notice any different in
speed, but we need testing on a U1/U5/U10 systems to be sure that
GENERIC.UP isn't necessary.
for sparc64, this is some what required as USIIIi systems have the
memory controller on the CPU, and unless the CPU is spunup, a UP
kernel will not function on these systems. (we obviously need to
join the NUMA-for-netbsd camp now, too! :-)
this should enable the installer to function on all systems that we
support, but also give the option for people to install GENERIC.UP
on their single-cpu systems if they choose.
XXX: i haven't actually tested sysinst with this, but i have built
both sparc and sparc64 release iso's successfully with this change
(sans having to comment out kern_ctf.c.)
favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose
of this is to only have to define the location of the packages database
in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a
warning in that case, asking the administrator to migrate to the
PKG_DBDIR setting. We can't remove this compatibility workaround until,
at least, after NetBSD 6 is released.
remains world-readable. Otherwise, it ends up with 600 permissions which
make it unusable for building pkgsrc packages as non-root.
Problem found by wiz@.
