From owner-p4-projects@FreeBSD.ORG Mon Nov 26 21:06:10 2007 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1F7AE16A473; Mon, 26 Nov 2007 21:06:10 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD45A16A46C for ; Mon, 26 Nov 2007 21:06:09 +0000 (UTC) (envelope-from jb@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 9B84713C4D5 for ; Mon, 26 Nov 2007 21:06:09 +0000 (UTC) (envelope-from jb@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id lAQL69Nf047717 for ; Mon, 26 Nov 2007 21:06:09 GMT (envelope-from jb@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id lAQL6975047714 for perforce@freebsd.org; Mon, 26 Nov 2007 21:06:09 GMT (envelope-from jb@freebsd.org) Date: Mon, 26 Nov 2007 21:06:09 GMT Message-Id: <200711262106.lAQL6975047714@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to jb@freebsd.org using -f From: John Birrell To: Perforce Change Reviews Cc: Subject: PERFORCE change 129583 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2007 21:06:10 -0000 http://perforce.freebsd.org/chv.cgi?CH=129583 Change 129583 by jb@jb_freebsd1 on 2007/11/26 21:05:38 IFC Affected files ... .. //depot/projects/dtrace/src/contrib/less/NEWS#9 integrate .. //depot/projects/dtrace/src/contrib/less/README#9 integrate .. //depot/projects/dtrace/src/contrib/less/less.man#9 integrate .. //depot/projects/dtrace/src/contrib/less/less.nro#9 integrate .. //depot/projects/dtrace/src/contrib/less/lessecho.man#7 integrate .. //depot/projects/dtrace/src/contrib/less/lessecho.nro#7 integrate .. //depot/projects/dtrace/src/contrib/less/lesskey.man#9 integrate .. //depot/projects/dtrace/src/contrib/less/lesskey.nro#9 integrate .. //depot/projects/dtrace/src/contrib/less/search.c#8 integrate .. //depot/projects/dtrace/src/contrib/less/version.c#9 integrate .. //depot/projects/dtrace/src/lib/libelf/gelf_xlatetof.3#6 integrate .. //depot/projects/dtrace/src/lib/libelf/libelf_xlate.c#7 integrate .. //depot/projects/dtrace/src/lib/libkse/thread/thr_spec.c#4 integrate .. //depot/projects/dtrace/src/release/doc/en_US.ISO8859-1/relnotes/article.sgml#14 integrate .. //depot/projects/dtrace/src/release/picobsd/tinyware/msg/msg.c#4 integrate .. //depot/projects/dtrace/src/sbin/ipfw/ipfw.8#16 integrate .. //depot/projects/dtrace/src/share/man/man9/sx.9#8 integrate .. //depot/projects/dtrace/src/sys/contrib/ipfilter/netinet/fil.c#9 integrate .. //depot/projects/dtrace/src/sys/contrib/ipfilter/netinet/ip_auth.c#8 integrate .. //depot/projects/dtrace/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c#9 integrate .. //depot/projects/dtrace/src/sys/dev/agp/agp_i810.c#2 integrate .. //depot/projects/dtrace/src/sys/dev/ata/ata-chipset.c#21 integrate .. //depot/projects/dtrace/src/sys/dev/em/if_em.c#16 integrate .. //depot/projects/dtrace/src/sys/dev/ichsmb/ichsmb_pci.c#5 integrate .. //depot/projects/dtrace/src/sys/dev/usb/usbdevs#21 integrate .. //depot/projects/dtrace/src/sys/i386/linux/linux_machdep.c#12 integrate .. //depot/projects/dtrace/src/sys/pci/if_rl.c#9 integrate .. //depot/projects/dtrace/src/sys/pci/if_rlreg.h#9 integrate .. //depot/projects/dtrace/src/sys/powerpc/include/atomic.h#6 integrate .. //depot/projects/dtrace/www/en/releases/7.0R/todo.sgml#2 integrate Differences ... ==== //depot/projects/dtrace/src/contrib/less/NEWS#9 (text+ko) ==== @@ -13,7 +13,7 @@ ====================================================================== - Major changes between "less" versions 409 and 415 + Major changes between "less" versions 409 and 416 * New --follow-name option makes F command follow the name of a file rather than the file descriptor if an open file is renamed. ==== //depot/projects/dtrace/src/contrib/less/README#9 (text+ko) ==== @@ -1,7 +1,7 @@ - Less, version 415 + Less, version 416 - This is the distribution of less, version 415, released 15 Nov 2007. + This is the distribution of less, version 416, released 22 Nov 2007. This program is part of the GNU project (http://www.gnu.org). This program is free software. You may redistribute it and/or ==== //depot/projects/dtrace/src/contrib/less/less.man#9 (text+ko) ==== @@ -445,8 +445,8 @@ buffer space is used for each file (unless the file is a pipe; see the -B option). The -b option specifies instead that n kilobytes of buffer space should be used for each file. If n is - -1, buffer space is unlimited; that is, the entire file is read - into memory. + -1, buffer space is unlimited; that is, the entire file can be + read into memory. -B or --auto-buffers By default, when data is read from a pipe, buffers are allocated @@ -456,8 +456,8 @@ buffers for pipes, so that only 64K (or the amount of space specified by the -b option) is used for the pipe. Warning: use of -B can result in erroneous display, since only the most - recently viewed part of the file is kept in memory; any earlier - data is lost. + recently viewed part of the piped data is kept in memory; any + earlier data is lost. -c or --clear-screen Causes full screen repaints to be painted from the top line @@ -533,42 +533,44 @@ -jn or --jump-target=n Specifies a line on the screen where the "target" line is to be - positioned. A target line is the object of a text search, tag - search, jump to a line number, jump to a file percentage, or - jump to a marked position. The screen line may be specified by - a number: the top line on the screen is 1, the next is 2, and so - on. The number may be negative to specify a line relative to - the bottom of the screen: the bottom line on the screen is -1, - the second to the bottom is -2, and so on. Alternately, the - screen line may be specified as a fraction of the height of the - screen, starting with a decimal point: .5 is in the middle of - the screen, .3 is three tenths down from the first line, and so - on. If the line is specified as a fraction, the actual line + positioned. The target line is the line specified by any com- + mand to search for a pattern, jump to a line number, jump to a + file percentage or jump to a tag. The screen line may be speci- + fied by a number: the top line on the screen is 1, the next is + 2, and so on. The number may be negative to specify a line rel- + ative to the bottom of the screen: the bottom line on the screen + is -1, the second to the bottom is -2, and so on. Alternately, + the screen line may be specified as a fraction of the height of + the screen, starting with a decimal point: .5 is in the middle + of the screen, .3 is three tenths down from the first line, and + so on. If the line is specified as a fraction, the actual line number is recalculated if the terminal window is resized, so that the target line remains at the specified fraction of the - screen height. If the -j option is used, searches begin at the - line immediately after the target line. For example, if "-j4" - is used, the target line is the fourth line on the screen, so - searches begin at the fifth line on the screen. + screen height. If any form of the -j option is used, forward + searches begin at the line immediately after the target line, + and backward searches begin at the target line. For example, if + "-j4" is used, the target line is the fourth line on the screen, + so forward searches begin at the fifth line on the screen. -J or --status-column - Displays a status column at the left edge of the screen. The - status column shows the lines that matched the current search. - The status column is also used if the -w or -W option is in + Displays a status column at the left edge of the screen. The + status column shows the lines that matched the current search. + The status column is also used if the -w or -W option is in effect. -kfilename or --lesskey-file=filename - Causes less to open and interpret the named file as a lesskey + Causes less to open and interpret the named file as a lesskey (1) file. Multiple -k options may be specified. If the LESSKEY - or LESSKEY_SYSTEM environment variable is set, or if a lesskey + or LESSKEY_SYSTEM environment variable is set, or if a lesskey file is found in a standard place (see KEY BINDINGS), it is also used as a lesskey file. -K or --quit-on-intr - Causes less to exit immediately when an interrupt character - (usually ^C) is typed. Normally, an interrupt character causes - less to stop whatever it is doing and return to its command - prompt. + Causes less to exit immediately when an interrupt character + (usually ^C) is typed. Normally, an interrupt character causes + less to stop whatever it is doing and return to its command + prompt. Note that use of this option makes it impossible to + return to the command prompt from the "F" command. -L or --no-lessopen Ignore the LESSOPEN environment variable (see the INPUT PREPRO- @@ -739,8 +741,8 @@ -xn,... or --tabs=n,... Sets tab stops. If only one n is specified, tab stops are set at multiples of n. If multiple values separated by commas are - specified, tab stops are set at those positions, and then - continue with the same spacing as the last two. For example, + specified, tab stops are set at those positions, and then con- + tinue with the same spacing as the last two. For example, -x9,17 will set tabs at positions 9, 17, 25, 33, etc. The default for n is 8. @@ -1159,10 +1161,10 @@ is followed by a single character (shown as X above) which spec- ifies the line whose byte offset is to be used. If the charac- ter is a "t", the byte offset of the top line in the display is - used, an "m" means use the middle line, a "b" means use the - bottom line, a "B" means use the line just after the bottom - line, and a "j" means use the "target" line, as specified by the - -j option. + used, an "m" means use the middle line, a "b" means use the bot- + tom line, a "B" means use the line just after the bottom line, + and a "j" means use the "target" line, as specified by the -j + option. %B Replaced by the size of the current input file. @@ -1509,10 +1511,10 @@ expressions turned off via ^R, and also does not occur when less is compiled to use the PCRE regular expression library. - In certain cases, when search highlighting is enabled and a search - pattern begins with a ^, more text than the matching string may be - highlighted. (This problem does not occur when less is compiled to use - the POSIX regular expression package.) + In certain cases, when search highlighting is enabled and a search pat- + tern begins with a ^, more text than the matching string may be high- + lighted. (This problem does not occur when less is compiled to use the + POSIX regular expression package.) On some systems, setlocale claims that ASCII characters 0 thru 31 are control characters rather than binary characters. This causes less to @@ -1554,4 +1556,4 @@ - Version 415: 15 Nov 2007 LESS(1) + Version 416: 22 Nov 2007 LESS(1) ==== //depot/projects/dtrace/src/contrib/less/less.nro#9 (text+ko) ==== @@ -1,4 +1,4 @@ -.TH LESS 1 "Version 415: 15 Nov 2007" +.TH LESS 1 "Version 416: 22 Nov 2007" .SH NAME less \- opposite of more .SH SYNOPSIS @@ -462,7 +462,7 @@ The \-b option specifies instead that \fIn\fP kilobytes of buffer space should be used for each file. If \fIn\fP is \-1, buffer space is unlimited; that is, -the entire file is read into memory. +the entire file can be read into memory. .IP "\-B or \-\-auto-buffers" By default, when data is read from a pipe, buffers are allocated automatically as needed. @@ -473,7 +473,7 @@ (or the amount of space specified by the \-b option) is used for the pipe. Warning: use of \-B can result in erroneous display, since only the -most recently viewed part of the file is kept in memory; +most recently viewed part of the piped data is kept in memory; any earlier data is lost. .IP "\-c or \-\-clear-screen" Causes full screen repaints to be painted from the top line down. @@ -555,9 +555,9 @@ .IP "\-j\fIn\fP or \-\-jump-target=\fIn\fP" Specifies a line on the screen where the "target" line is to be positioned. -A target line is the object of a text search, -tag search, jump to a line number, -jump to a file percentage, or jump to a marked position. +The target line is the line specified by any command to +search for a pattern, jump to a line number, +jump to a file percentage or jump to a tag. The screen line may be specified by a number: the top line on the screen is 1, the next is 2, and so on. The number may be negative to specify a line relative to the bottom @@ -569,10 +569,11 @@ If the line is specified as a fraction, the actual line number is recalculated if the terminal window is resized, so that the target line remains at the specified fraction of the screen height. -If the \-j option is used, searches begin at the line immediately -after the target line. +If any form of the \-j option is used, +forward searches begin at the line immediately after the target line, +and backward searches begin at the target line. For example, if "\-j4" is used, the target line is the -fourth line on the screen, so searches begin at the fifth line +fourth line on the screen, so forward searches begin at the fifth line on the screen. .IP "\-J or \-\-status-column" Displays a status column at the left edge of the screen. @@ -597,6 +598,8 @@ Normally, an interrupt character causes .I less to stop whatever it is doing and return to its command prompt. +Note that use of this option makes it impossible to return to the +command prompt from the "F" command. .IP "\-L or \-\-no-lessopen" Ignore the LESSOPEN environment variable (see the INPUT PREPROCESSOR section below). ==== //depot/projects/dtrace/src/contrib/less/lessecho.man#7 (text+ko) ==== @@ -46,4 +46,4 @@ - Version 415: 15 Nov 2007 LESSECHO(1) + Version 416: 22 Nov 2007 LESSECHO(1) ==== //depot/projects/dtrace/src/contrib/less/lessecho.nro#7 (text+ko) ==== @@ -1,4 +1,4 @@ -.TH LESSECHO 1 "Version 415: 15 Nov 2007" +.TH LESSECHO 1 "Version 416: 22 Nov 2007" .SH NAME lessecho \- expand metacharacters .SH SYNOPSIS ==== //depot/projects/dtrace/src/contrib/less/lesskey.man#9 (text+ko) ==== @@ -357,4 +357,4 @@ - Version 415: 15 Nov 2007 LESSKEY(1) + Version 416: 22 Nov 2007 LESSKEY(1) ==== //depot/projects/dtrace/src/contrib/less/lesskey.nro#9 (text+ko) ==== @@ -1,4 +1,4 @@ -.TH LESSKEY 1 "Version 415: 15 Nov 2007" +.TH LESSKEY 1 "Version 416: 22 Nov 2007" .SH NAME lesskey \- specify key bindings for less .SH SYNOPSIS ==== //depot/projects/dtrace/src/contrib/less/search.c#8 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/contrib/less/search.c,v 1.10 2007/11/16 22:24:31 delphij Exp $ */ +/* $FreeBSD: src/contrib/less/search.c,v 1.11 2007/11/26 08:58:07 delphij Exp $ */ /* * Copyright (C) 1984-2007 Mark Nudelman * @@ -120,13 +120,16 @@ int len; int ops; { - if (utf_mode && (ops & CVT_TO_LC)) + if (utf_mode) /* - * Converting case can cause a UTF-8 string to increase in length. - * Multiplying by 3 is the worst case. + * Just copying a string in UTF-8 mode can cause it to grow + * in length. + * Six output bytes for one input byte is the worst case + * (and unfortunately is far more than is needed in any + * non-pathological situation, so this is very wasteful). */ - len *= 3; - return len+1; + len *= 6; + return len + 1; } /* ==== //depot/projects/dtrace/src/contrib/less/version.c#9 (text+ko) ==== @@ -701,6 +701,7 @@ v413 11/6/07 Fix search highlight bug with non-ASCII text. v414 11/6/07 Fix display bug with no-wrap terminals. v415 11/14/07 Add --follow-name option. +v416 11/22/07 Fix crash when searching text with invalid UTF-8 sequences. */ -char version[] = "415"; +char version[] = "416"; ==== //depot/projects/dtrace/src/lib/libelf/gelf_xlatetof.3#6 (text+ko) ==== @@ -21,7 +21,7 @@ .\" out of the use of this software, even if advised of the possibility of .\" such damage. .\" -.\" $FreeBSD: src/lib/libelf/gelf_xlatetof.3,v 1.2 2006/11/13 09:46:16 ru Exp $ +.\" $FreeBSD: src/lib/libelf/gelf_xlatetof.3,v 1.3 2007/11/26 03:09:33 jkoshy Exp $ .\" .Dd July 24, 2006 .Os @@ -208,12 +208,6 @@ .It Bq Er ELF_E_DATA The .Ar src -argument had a zero -.Va d_size -field. -.It Bq Er ELF_E_DATA -The -.Ar src argument specified a buffer size that was not an integral multiple of its underlying type. .It Bq Er ELF_E_DATA ==== //depot/projects/dtrace/src/lib/libelf/libelf_xlate.c#7 (text+ko) ==== @@ -25,7 +25,7 @@ */ #include -__FBSDID("$FreeBSD: src/lib/libelf/libelf_xlate.c,v 1.2 2006/12/24 09:45:10 jkoshy Exp $"); +__FBSDID("$FreeBSD: src/lib/libelf/libelf_xlate.c,v 1.3 2007/11/26 03:09:33 jkoshy Exp $"); #include #include @@ -78,8 +78,8 @@ return (NULL); } - if ((fsz = (elfclass == ELFCLASS32 ? elf32_fsize : elf64_fsize)(src->d_type, - (size_t) 1, src->d_version)) == 0) + if ((fsz = (elfclass == ELFCLASS32 ? elf32_fsize : elf64_fsize) + (src->d_type, (size_t) 1, src->d_version)) == 0) return (NULL); msz = _libelf_msize(src->d_type, elfclass, src->d_version); @@ -132,8 +132,8 @@ dst->d_type = src->d_type; dst->d_size = dsz; - if (db == sb && encoding == LIBELF_PRIVATE(byteorder) && - fsz == msz) + if (src->d_size == 0 || + (db == sb && encoding == LIBELF_PRIVATE(byteorder) && fsz == msz)) return (dst); /* nothing more to do */ (_libelf_get_translator(src->d_type, direction, elfclass))(dst->d_buf, ==== //depot/projects/dtrace/src/lib/libkse/thread/thr_spec.c#4 (text+ko) ==== @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libkse/thread/thr_spec.c,v 1.26 2007/11/19 02:09:07 davidxu Exp $ + * $FreeBSD: src/lib/libkse/thread/thr_spec.c,v 1.27 2007/11/26 02:35:17 davidxu Exp $ */ #include #include @@ -63,9 +63,13 @@ int _pthread_key_create(pthread_key_t *key, void (*destructor) (void *)) { - struct pthread *curthread = _get_curthread(); + struct pthread *curthread; int i; + if (_thr_initial == NULL) + _libpthread_init(NULL); + curthread = _get_curthread(); + /* Lock the key table: */ THR_LOCK_ACQUIRE(curthread, &_keytable_lock); for (i = 0; i < PTHREAD_KEYS_MAX; i++) { @@ -90,13 +94,9 @@ int _pthread_key_delete(pthread_key_t key) { - struct pthread *curthread; + struct pthread *curthread = _get_curthread(); int ret = 0; - if (_thr_initial == NULL) - _libpthread_init(NULL); - curthread = _get_curthread(); - if ((unsigned int)key < PTHREAD_KEYS_MAX) { /* Lock the key table: */ THR_LOCK_ACQUIRE(curthread, &_keytable_lock); ==== //depot/projects/dtrace/src/release/doc/en_US.ISO8859-1/relnotes/article.sgml#14 (text+ko) ==== @@ -20,7 +20,7 @@ The &os; Project - $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/article.sgml,v 1.1075 2007/11/16 22:28:00 delphij Exp $ + $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/article.sgml,v 1.1076 2007/11/26 08:58:52 delphij Exp $ 2000 @@ -210,7 +210,7 @@ 4.1.23 to 4.1.28. less has been updated from - v408 to v415. + v408 to v416. sendmail has been updated from 8.14.1 to 8.14.2. &merged; ==== //depot/projects/dtrace/src/release/picobsd/tinyware/msg/msg.c#4 (text+ko) ==== @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/release/picobsd/tinyware/msg/msg.c,v 1.3 2001/07/03 19:51:53 tmm Exp $ + * $FreeBSD: src/release/picobsd/tinyware/msg/msg.c,v 1.4 2007/11/26 05:03:55 sam Exp $ */ /* @@ -32,6 +32,7 @@ #include +#include #include #include @@ -45,13 +46,13 @@ /* We use sysctlbyname, because the oid is unknown (OID_AUTO) */ /* get the buffer size */ - i=sysctlbyname(mib,NULL,&len,NULL,NULL); + i=sysctlbyname(mib,NULL,&len,NULL,0); if(i) { perror("buffer sizing"); exit(-1); } buf=(char *)malloc(len*sizeof(char)); - i=sysctlbyname(mib,buf,&len,NULL,NULL); + i=sysctlbyname(mib,buf,&len,NULL,0); if(i) { perror("retrieving data"); exit(-1); ==== //depot/projects/dtrace/src/sbin/ipfw/ipfw.8#16 (text+ko) ==== @@ -1,7 +1,7 @@ .\" -.\" $FreeBSD: src/sbin/ipfw/ipfw.8,v 1.206 2007/11/17 21:54:57 oleg Exp $ +.\" $FreeBSD: src/sbin/ipfw/ipfw.8,v 1.207 2007/11/26 00:36:40 danger Exp $ .\" -.Dd November 17, 2007 +.Dd November 26, 2007 .Dt IPFW 8 .Os .Sh NAME @@ -527,7 +527,7 @@ This can be useful for a number of applications such as random packet drop or (in conjunction with -.Xr dummynet 4 ) +.Nm dummynet ) to simulate the effect of multiple paths leading to out-of-order packet delivery. .Pp @@ -543,7 +543,7 @@ .Dv LOG_SECURITY facility. The logging only occurs if the sysctl variable -.Em net.inet.ip.fw.verbose +.Va net.inet.ip.fw.verbose is set to 1 (which is the default when the kernel is compiled with .Dv IPFIREWALL_VERBOSE ) @@ -554,7 +554,7 @@ If no .Cm logamount is specified, the limit is taken from the sysctl variable -.Em net.inet.ip.fw.verbose_limit . +.Va net.inet.ip.fw.verbose_limit . In both cases, a value of 0 removes the logging limit. .Pp Once the limit is reached, logging can be re-enabled by @@ -656,7 +656,7 @@ .Nm .Cm disable Ar altq . The usage of -.Em net.inet.ip.fw.one_pass +.Va net.inet.ip.fw.one_pass is irrelevant to ALTQ traffic shaping, as the actual rule action is followed always after adding an ALTQ tag. .El @@ -750,7 +750,7 @@ Section for further information. .It Cm pipe Ar pipe_nr Pass packet to a -.Xr dummynet 4 +.Nm dummynet .Dq pipe (for bandwidth limitation, delay, etc.). See the @@ -760,12 +760,12 @@ the .Xr sysctl 8 variable -.Em net.inet.ip.fw.one_pass +.Va net.inet.ip.fw.one_pass is not set, the packet is passed again to the firewall code starting from the next rule. .It Cm queue Ar queue_nr Pass packet to a -.Xr dummynet 4 +.Nm dummynet .Dq queue (for bandwidth limitation using WF2Q+). .It Cm reject @@ -823,12 +823,12 @@ The search terminates. If packet is later returned from netgraph it is either accepted or continues with the next rule, depending on -.Em net.inet.ip.fw.one_pass +.Va net.inet.ip.fw.one_pass sysctl variable. .It Cm ngtee Ar cookie A copy of packet is diverted into netgraph, original packet is either accepted or continues with the next rule, depending on -.Em net.inet.ip.fw.one_pass +.Va net.inet.ip.fw.one_pass sysctl variable. See .Xr ng_ipfw 4 @@ -1165,7 +1165,7 @@ .Ar types . The list may be specified as any combination of individual types (numeric) separated by commas. -.Em Ranges are not allowed. +.Em Ranges are not allowed . The supported ICMP types are: .Pp echo reply @@ -1203,7 +1203,7 @@ .Ar types . The list may be specified as any combination of individual types (numeric) separated by commas. -.Em Ranges are not allowed. +.Em Ranges are not allowed . .It Cm in | out Matches incoming or outgoing packets, respectively. .Cm in @@ -1743,7 +1743,7 @@ .Sh TRAFFIC SHAPER (DUMMYNET) CONFIGURATION .Nm is also the user interface for the -.Xr dummynet 4 +.Nm dummynet traffic shaper. .Pp .Nm dummynet @@ -1756,15 +1756,36 @@ TCP connection, or from/to a given host, or entire subnet, or a protocol type, etc. .Pp -There are two modes of dummynet operation: normal and fast. -Normal mode tries to emulate real link: dummynet scheduler ensures packet will -not leave pipe faster than it would be on real link with given bandwidth. -Fast mode allows certain packets to bypass dummynet scheduler (if packet flow -does not exceed pipe's bandwidth). Thus fast mode requires less cpu cycles -per packet (in average) but packet latency can be significantly lower comparing -to real link with same bandwidth. Default is normal mode, fast mode can be -enabled by setting net.inet.ip.dummynet.io_fast sysctl(8) variable to non-zero -value. +There are two modes of +.Nm dummynet +operation: +.Dq normal +and +.Dq fast . +The +.Dq normal +mode tries to emulate a real link: the +.Nm dummynet +scheduler ensures that the packet will not leave the pipe faster than it +would on the real link with a given bandwidth. +The +.Dq fast +mode allows certain packets to bypass the +.Nm dummynet +scheduler (if packet flow does not exceed pipe's bandwidth). +This is the reason why the +.Dq fast +mode requires less CPU cycles per packet (on average) and packet latency +can be significantly lower in comparison to a real link with the same +bandwidth. +The default mode is +.Dq normal . +The +.Dq fast +mode can be enabled by setting the +.Va net.inet.ip.dummynet.io_fast +.Xr sysctl 8 +variable to a non-zero value. .Pp Packets belonging to the same flow are then passed to either of two different objects, which implement the traffic regulation: @@ -1869,7 +1890,7 @@ Default value is 64 controlled by the .Xr sysctl 8 variable -.Em net.inet.ip.dummynet.hash_size , +.Va net.inet.ip.dummynet.hash_size , allowed range is 16 to 65536. .Pp .It Cm mask Ar mask-specifier @@ -1912,7 +1933,9 @@ where the latter means all bits in all fields are significant. .Pp .It Cm noerror -When a packet is dropped by a dummynet queue or pipe, the error +When a packet is dropped by a +.Nm dummynet +queue or pipe, the error is normally reported to the caller routine in the kernel, in the same way as it happens when a device queue fills up. Setting this @@ -1958,30 +1981,33 @@ (thresholds are computed in bytes if the queue has been defined in bytes, in slots otherwise). The -.Xr dummynet 4 +.Nm dummynet also supports the gentle RED variant (gred). Three .Xr sysctl 8 variables can be used to control the RED behaviour: .Bl -tag -width indent -.It Em net.inet.ip.dummynet.red_lookup_depth +.It Va net.inet.ip.dummynet.red_lookup_depth specifies the accuracy in computing the average queue when the link is idle (defaults to 256, must be greater than zero) -.It Em net.inet.ip.dummynet.red_avg_pkt_size +.It Va net.inet.ip.dummynet.red_avg_pkt_size specifies the expected average packet size (defaults to 512, must be greater than zero) -.It Em net.inet.ip.dummynet.red_max_pkt_size +.It Va net.inet.ip.dummynet.red_max_pkt_size specifies the expected maximum packet size, only used when queue thresholds are in bytes (defaults to 1500, must be greater than zero). .El .El .Pp -When used with IPv6 data, dummynet currently has several limitations. +When used with IPv6 data, +.Nm dummynet +currently has several limitations. Information necessary to route link-local packets to an -interface is not avalable after processing by dummynet so those packets -are dropped in the output path. +interface is not available after processing by +.Nm dummynet +so those packets are dropped in the output path. Care should be taken to insure that link-local packets are not passed to -dummynet. +.Nm dummynet . .Sh CHECKLIST Here are some important points to consider when designing your rules: @@ -2095,7 +2121,7 @@ .El .Pp To let the packet continue after being (de)aliased, set the sysctl variable -.Em net.inet.ip.fw.one_pass +.Va net.inet.ip.fw.one_pass to 0. For more information about aliasing modes, refer to .Xr libalias 3 @@ -2121,71 +2147,80 @@ .Xr sysctl 8 command what value is actually in use) and meaning: .Bl -tag -width indent -.It Em net.inet.ip.dummynet.expire : No 1 +.It Va net.inet.ip.dummynet.expire : No 1 Lazily delete dynamic pipes/queue once they have no pending traffic. You can disable this by setting the variable to 0, in which case the pipes/queues will only be deleted when the threshold is reached. -.It Em net.inet.ip.dummynet.hash_size : No 64 +.It Va net.inet.ip.dummynet.hash_size : No 64 Default size of the hash table used for dynamic pipes/queues. This value is used when no .Cm buckets option is specified when configuring a pipe/queue. -.It Em net.inet.ip.dummynet.io_fast : No 0 -If set to non-zero value enables "fast" mode of dummynet operation (see above). -.It Em net.inet.ip.dummynet.io_pkt -Number of packets passed to by dummynet. -.It Em net.inet.ip.dummynet.io_pkt_drop -Number of packets dropped by dummynet. -.It Em net.inet.ip.dummynet.io_pkt_fast -Number of packets bypassed dummynet scheduler. -.It Em net.inet.ip.dummynet.max_chain_len : No 16 +.It Va net.inet.ip.dummynet.io_fast : No 0 +If set to a non-zero value, +the +.Dq fast +mode of +.Nm dummynet +operation (see above) is enabled. +.It Va net.inet.ip.dummynet.io_pkt +Number of packets passed to +.Nm dummynet . +.It Va net.inet.ip.dummynet.io_pkt_drop +Number of packets dropped by +.Nm dummynet . +.It Va net.inet.ip.dummynet.io_pkt_fast +Number of packets bypassed by the +.Nm dummynet +scheduler. +.It Va net.inet.ip.dummynet.max_chain_len : No 16 Target value for the maximum number of pipes/queues in a hash bucket. The product .Cm max_chain_len*hash_size is used to determine the threshold over which empty pipes/queues will be expired even when .Cm net.inet.ip.dummynet.expire=0 . -.It Em net.inet.ip.dummynet.red_lookup_depth : No 256 -.It Em net.inet.ip.dummynet.red_avg_pkt_size : No 512 -.It Em net.inet.ip.dummynet.red_max_pkt_size : No 1500 +.It Va net.inet.ip.dummynet.red_lookup_depth : No 256 +.It Va net.inet.ip.dummynet.red_avg_pkt_size : No 512 +.It Va net.inet.ip.dummynet.red_max_pkt_size : No 1500 Parameters used in the computations of the drop probability for the RED algorithm. -.It Em net.inet.ip.fw.autoinc_step : No 100 +.It Va net.inet.ip.fw.autoinc_step : No 100 Delta between rule numbers when auto-generating them. The value must be in the range 1..1000. -.It Em net.inet.ip.fw.curr_dyn_buckets : Em net.inet.ip.fw.dyn_buckets +.It Va net.inet.ip.fw.curr_dyn_buckets : Va net.inet.ip.fw.dyn_buckets The current number of buckets in the hash table for dynamic rules (readonly). -.It Em net.inet.ip.fw.debug : No 1 +.It Va net.inet.ip.fw.debug : No 1 Controls debugging messages produced by .Nm . -.It Em net.inet.ip.fw.dyn_buckets : No 256 +.It Va net.inet.ip.fw.dyn_buckets : No 256 The number of buckets in the hash table for dynamic rules. Must be a power of 2, up to 65536. It only takes effect when all dynamic rules have expired, so you are advised to use a .Cm flush command to make sure that the hash table is resized. -.It Em net.inet.ip.fw.dyn_count : No 3 +.It Va net.inet.ip.fw.dyn_count : No 3 Current number of dynamic rules (read-only). -.It Em net.inet.ip.fw.dyn_keepalive : No 1 +.It Va net.inet.ip.fw.dyn_keepalive : No 1 Enables generation of keepalive packets for .Cm keep-state rules on TCP sessions. A keepalive is generated to both sides of the connection every 5 seconds for the last 20 seconds of the lifetime of the rule. -.It Em net.inet.ip.fw.dyn_max : No 8192 +.It Va net.inet.ip.fw.dyn_max : No 8192 Maximum number of dynamic rules. When you hit this limit, no more dynamic rules can be installed until old ones expire. -.It Em net.inet.ip.fw.dyn_ack_lifetime : No 300 -.It Em net.inet.ip.fw.dyn_syn_lifetime : No 20 -.It Em net.inet.ip.fw.dyn_fin_lifetime : No 1 -.It Em net.inet.ip.fw.dyn_rst_lifetime : No 1 -.It Em net.inet.ip.fw.dyn_udp_lifetime : No 5 -.It Em net.inet.ip.fw.dyn_short_lifetime : No 30 +.It Va net.inet.ip.fw.dyn_ack_lifetime : No 300 +.It Va net.inet.ip.fw.dyn_syn_lifetime : No 20 +.It Va net.inet.ip.fw.dyn_fin_lifetime : No 1 +.It Va net.inet.ip.fw.dyn_rst_lifetime : No 1 +.It Va net.inet.ip.fw.dyn_udp_lifetime : No 5 +.It Va net.inet.ip.fw.dyn_short_lifetime : No 30 These variables control the lifetime, in seconds, of dynamic rules. Upon the initial SYN exchange the lifetime is kept short, @@ -2198,31 +2233,31 @@ must be strictly lower than 5 seconds, the period of repetition of keepalives. The firewall enforces that. -.It Em net.inet.ip.fw.enable : No 1 +.It Va net.inet.ip.fw.enable : No 1 Enables the firewall. Setting this variable to 0 lets you run your machine without firewall even if compiled in. -.It Em net.inet6.ip6.fw.enable : No 1 +.It Va net.inet6.ip6.fw.enable : No 1 provides the same functionality as above for the IPv6 case. -.It Em net.inet.ip.fw.one_pass : No 1 +.It Va net.inet.ip.fw.one_pass : No 1 When set, the packet exiting from the -.Xr dummynet 4 +.Nm dummynet pipe or from .Xr ng_ipfw 4 node is not passed though the firewall again. Otherwise, after an action, the packet is reinjected into the firewall at the next rule. -.It Em net.inet.ip.fw.verbose : No 1 +.It Va net.inet.ip.fw.verbose : No 1 Enables verbose messages. -.It Em net.inet.ip.fw.verbose_limit : No 0 +.It Va net.inet.ip.fw.verbose_limit : No 0 Limits the number of messages produced by a verbose firewall. -.It Em net.inet6.ip6.fw.deny_unknown_exthdrs : No 1 +.It Va net.inet6.ip6.fw.deny_unknown_exthdrs : No 1 If enabled packets with unknown IPv6 Extension Headers will be denied. -.It Em net.link.ether.ipfw : No 0 +.It Va net.link.ether.ipfw : No 0 Controls whether layer-2 packets are passed to .Nm . Default is no. -.It Em net.link.bridge.ipfw : No 0 +.It Va net.link.bridge.ipfw : No 0 Controls whether bridged packets are passed to .Nm . Default is no. @@ -2370,7 +2405,7 @@ The following rules show some of the applications of .Nm and -.Xr dummynet 4 +.Nm dummynet for simulations and the like. .Pp This rule drops random incoming packets with a probability @@ -2378,7 +2413,9 @@ .Pp .Dl "ipfw add prob 0.05 deny ip from any to any in" .Pp -A similar effect can be achieved making use of dummynet pipes: +A similar effect can be achieved making use of +.Nm dummynet +pipes: .Pp .Dl "ipfw add pipe 10 ip from any to any" .Dl "ipfw pipe 10 config plr 0.05" @@ -2593,7 +2630,7 @@ .Nm utility first appeared in .Fx 2.0 . -.Xr dummynet 4 +.Nm dummynet was introduced in .Fx 2.2.8 . Stateful extensions were introduced in @@ -2618,7 +2655,7 @@ as part of a Summer of Code 2005 project. .Pp Work on -.Xr dummynet 4 +.Nm dummynet traffic shaper supported by Akamba Corp. .Sh BUGS The syntax has grown over the years and sometimes it might be confusing. ==== //depot/projects/dtrace/src/share/man/man9/sx.9#8 (text+ko) ==== @@ -24,9 +24,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH .\" DAMAGE. .\" -.\" $FreeBSD: src/share/man/man9/sx.9,v 1.42 2007/11/25 01:55:53 attilio Exp $ +.\" $FreeBSD: src/share/man/man9/sx.9,v 1.43 2007/11/26 15:21:21 brueffer Exp $ .\" -.Dd February 1, 2006 +.Dd November 25, 2007 .Dt SX 9 .Os .Sh NAME ==== //depot/projects/dtrace/src/sys/contrib/ipfilter/netinet/fil.c#9 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/contrib/ipfilter/netinet/fil.c,v 1.54 2007/10/30 15:23:26 darrenr Exp $ */ +/* $FreeBSD: src/sys/contrib/ipfilter/netinet/fil.c,v 1.55 2007/11/26 08:18:19 darrenr Exp $ */ /* * Copyright (C) 1993-2003 by Darren Reed. @@ -17,7 +17,7 @@ #include #if defined(__NetBSD__) # if (NetBSD >= 199905) && !defined(IPFILTER_LKM) && defined(_KERNEL) -# if (__NetBSD_Version__ < 399001400) +# if (__NetBSD_Version__ < 301000000) # include "opt_ipfilter_log.h" # else # include "opt_ipfilter.h" @@ -155,7 +155,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/fil.c,v 1.54 2007/10/30 15:23:26 darrenr Exp $"; +static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/fil.c,v 1.55 2007/11/26 08:18:19 darrenr Exp $"; /* static const char rcsid[] = "@(#)$Id: fil.c,v 2.243.2.125 2007/10/10 09:27:20 darrenr Exp $"; */ #endif @@ -2307,8 +2307,7 @@ if (FR_ISAUTH(pass)) { if (fr_newauth(fin->fin_m, fin) != 0) { #ifdef _KERNEL - if ((pass & FR_RETMASK) == 0) - fin->fin_m = *fin->fin_mp = NULL; + fin->fin_m = *fin->fin_mp = NULL; #else ; #endif @@ -2600,7 +2599,8 @@ * Here rather than fr_firewall because fr_checkauth may decide * to return a packet for "keep state" */ - if ((pass & FR_KEEPSTATE) && !(fin->fin_flx & FI_STATE)) { + if ((pass & FR_KEEPSTATE) && (fin->fin_m != NULL) && + !(fin->fin_flx & FI_STATE)) { if (fr_addstate(fin, NULL, 0) != NULL) { ATOMIC_INCL(frstats[out].fr_ads); } else { ==== //depot/projects/dtrace/src/sys/contrib/ipfilter/netinet/ip_auth.c#8 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.c,v 1.46 2007/10/30 15:23:26 darrenr Exp $ */ +/* $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.c,v 1.47 2007/11/26 08:18:19 darrenr Exp $ */ /* * Copyright (C) 1998-2003 by Darren Reed & Guido van Rooij. @@ -120,7 +120,7 @@ /* END OF INCLUDES */ #if !defined(lint) -static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.c,v 1.46 2007/10/30 15:23:26 darrenr Exp $"; >>> TRUNCATED FOR MAIL (1000 lines) <<<