- Designed to be fully MP-safe and highly efficient.
- Tables/IP sets (hash or red-black tree) for high performance lookups.
- Stateful filtering and Network Address Port Translation (NAPT).
Framework for application level gateways (ALGs).
- Packet inspection engine called n-code processor - inspired by BPF -
supporting generic RISC-like and specific CISC-like instructions for
common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual.
- Convenient userland utility npfctl(8) with npf.conf(8).
NOTE: This is not yet a fully capable alternative to PF or IPFilter.
Further work (support for binat/rdr, return-rst/return-icmp, common ALGs,
state saving/restoring, logging, etc) is in progress.
Thanks a lot to Matt Thomas for various useful comments and code review.
Aye by: board@
building X11 without inet6 support. the support to maintain patches to
generated files and other files is too great. PR#42856
- add TOOL_PIGZ, which defaults to the (not yet default) built tools/pigz.
- kill MKPIGZ.
- add MKPIGZGZIP. if it is "no", then only install pigz as pigz. if it is
not "no", don't install mrgzip, install pigz as gzip.
in all cases, the z* scripts.
i don't like the name MKPIGZGZIP so if anyone has a better name, feel free
to replace it. i don't care enough since killing the ugly name is just
more incentive to get pigz doing .bz2, .Z and .z.
conflicts with shared libaries names libXX.so; as recently seen with
MKUPDATE=yes builds for libelf and libnvpair.
All now stalled regular .so files need to be manually removed from
object directories.
SSP for building the whole source tree. Set this to "yes" for
NetBSD/amd64 and NetBSD/i386. It is now possible to get the old
behavior (build libs and certain programs with SSP) by setting
"USE_SSP_DEFAULT" to "no".
makes {MK,HAVE_}BINUTILS consistent with {MK,HAVE_}{GCC,GDB}.
Allow MKBFD to defines MKBINUTILS as a backwards compatibility hook.
Update the sets lists and add conditionals for lib{bfd,opcodes}.
when installing hard links. They have no effect except when using a
metalog, in which case the information is added to the metalog. In
the future, these variables may be replaced by a method for explicitly
recording hard links in a metadata log.
Also change a few things that called ${INSTALL_LINK} without going
through bsd.links.mk.
Reviewed by perry and joerg. This should fix PR 24457 and PR 41155.
is set to "yes" -- defaults to "no" except for build.sh builds. This
results in a deterministic .a file rather than one that reflects
timestamps and permissions on the source files.
Also, clean up the ar flags we're using, and remove a redundant use of
ranlib that on a modern POSIX ar can be done with the "s" flag.
Discussed on tech-toolchain
0 Minimal output ("quiet")
1 Describe what is occurring
2 Describe what is occurring and echo the actual command
3 Ignore the effect of the "@" prefix in make commands
4 Trace shell commands using the shell's -x flag
The default remains MAKEVERBOSE=2.
- introduce X11FLAVOUR to choose src/x11 vs src/external/mit/xorg
for the X11 to build if MKX11=yes is set. it takes the values
of either Xorg or XFree86.
- default to Xorg on alpha, i386, macppc, shark, sparc and sparc64
- remove MKXORG_WITH_XSRC_XSERVER, unused and never useful
Previously, they were defined in bsd.own.mk if USETOOLS=yes, but in
bsd.sys.mk if USETOOLS!=yes. This caused makefiles that did this:
.include <bsd.own.mk>
FOO != ${TOOL_BAR} args...
to work in the USETOOLS=yes case but not in the USETOOLS!=yes case.
set to /usr/bin/bash if HOST_CYGWIN was defined, but now build.sh
tries to set HOST_SH appropriately.
Remove the HOST_CYGWIN variable, which was not used for any other purpose.
Document that HOST_SH should be an absolute path.
THis was proposed in tech-toolchain.
In bsd.README, document all TOOL_* variables that are set in bsd.sys.mk.
There are several TOOL_* variables that are set in bsd.own.mk, but not
set in bsd.sys.mk and not documented in bsd.README.
joerg