13 characters, not 14. The 13 characters (104bit) secret will be
combined with 24-bit IV to consist the seed for 128-bit RC4.
Though maximum 14 characters can be configured in seven 16-bit hardware
registers, the last charactoer is apparently ignored both for encryption
and decryption.
register for a port under high load. The effect is that the port is wedged
waiting for an interrupt that will never come.
Add a callout-based watchdog which periodically (hz/10) scan trough the ports
for missed interrupts.
Problem also noted by Chris Jones, and this fix also helped him.
drivers less aggressive about use of cluster mbufs.
this chnage affects drivers with m_devget()-emulation. many of
recent drivers do not look at MINCLSIZE any more, not sure why.
basis. default: 100pps
set default value for net.inet.tcp.rstratelimit to 0 (disabled),
NOTE: it does not work right for smaller-than-1/hz interval. maybe we should
nuke it, or make it impossible to set smaller-than-1/hz value.
is illegal to flush on user addresses. In theory the race exists
on MIPS1, but it is rather unlikely in common use. I have
seen it with regress/sys/kern/sigtramp on a QED 5231 system.
unspecified address (::) to mean "unbounded" or "unconnected",
and can be confused by packets from outside.
use of :: as source is not documented well in IPv6 specification.
not sure if it presents a real threat. the worst case scenario is a DoS
against TCP listening socket:
- outsider transmit TCP SYN with :: as IPv6 source
- receiving side creates TCP control block with:
local address = my addres
remote address = :: (meaning "unconnected")
state = SYN_RCVD
note that SYN ACK will not be sent due to ip6_output() filter.
this stays until it timeouts.
- the TCP control block prevents listening TCP control block from
being contacted (DoS).
udp6/raw6 socket may have similar problem, but as they are connectionless,
it may too much to filter it out.
and so it shouldn't use __P. (this should probably be done better, by
not declaring the parser functions in headers used by host programs,
but this works well enough.)
gid to -1.) Don't bother checking 'unpriv' when it's redundant with the
uid/gid == -1 check. (Doing the uid/gid handling consistently also fixes
the directory-creation code, which didn't check unpriv and did chmod/chown
anyway.) One minor spaces/tabs cleanup at one of the uid/gid checks.
onoe