Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 29 Feb 2004 23:21:31 -0600
From:      Mark Johnston <mjohnston@skyweb.ca>
To:        current@freebsd.org
Subject:   cvs-src summary for 29/02/04
Message-ID:  <20040301052131.GA696@omoikane.mb.skyweb.ca>

next in thread | raw e-mail | index | archive | help
New this week: Lukasz Dudek is kindly translating these summaries into
Polish.  Polish versions are available at http://mocart.pinco.pl/FreeBSD/.

FreeBSD cvs-src summary for 23/02/04 to 29/02/04
++++++++++++++++++++++++++++++++++++++++++++++++
This is a regular weekly summary of FreeBSD's cutting-edge development.
It is intended to help the FreeBSD community keep up with the fast-paced
work going on in FreeBSD-CURRENT by distilling the deluge of data from
the CVS mailing list into a (hopefully) easy-to-read newsletter.  This
newsletter is marked up in reStructuredText_, so any odd punctuation
that you see is likely intended for the reST parser.

.. _reStructuredText: http://docutils.sourceforge.net/rst.html

You can get old summaries, and an HTML version of this one, at
http://www.xl0.org/FreeBSD/.  Please send any comments to Mark Johnston
(mark at xl0.org).

For Lukasz Dudek (mocart at pinco.pl)'s Polish translations of these
summaries, which lag the English ones by a couple of days, please see
http://mocart.pinco.pl/FreeBSD/.

.. contents::

============
New features
============
OpenBSD's PF packet filter imported
-----------------------------------
Max Laier (mlaier) imported OpenBSD's PF packet filter, from OpenBSD 3.4.
PF, originally written by Daniel Hartmeier, was introduced in OpenBSD 3.0
and has been available in ports since June 2003.  Max also applied the
FreeBSD-specific patches from the PF port, fixing up API differences as
well as introducing locking so that PF can work without using the Giant
system lock.  The code is now in CVS, but it has not yet been added to
the base system.  This import kicked off a huge thread; see below_ for a
(long) summary.  For details about PF and the benefits it offers, please
see the `PF User's Guide`_.

.. _below: `OpenBSD packet filter import`_
.. _`PF User's Guide`: http://www.openbsd.org/faq/pf/index.html

Kernel parts: http://docs.freebsd.org/cgi/mid.cgi?200402260204.i1Q24S8F007564

Userland parts: http://docs.freebsd.org/cgi/mid.cgi?200402281652.i1SGqkWG070550

ALTQ skeleton: http://docs.freebsd.org/cgi/mid.cgi?200402282150.i1SLooYg046952

OpenSSH 3.8p1 imported
----------------------
Dag-Erling Smorgrav (des) imported OpenSSH version 3.8p1 (the portable
release of 3.8), replacing 3.7.1p2.  Note that this change also disables
version 1 of the SSH protocol by default in the server, so if you are
using protocol version 1, make sure you adjust /etc/ssh/sshd_config
appropriately.

http://docs.freebsd.org/cgi/mid.cgi?200402261038.i1QAcsVa037628

DNS resolver made more thread-safe
----------------------------------
Brian Feldman (green) committed changes to the DNS resolver system to make
it more re-entrant (thread-safe).  Locking has been greatly reduced, and
with the changes, programs that do DNS lookups in threads can now perform
multiple lookups at a time.  This fixes the problem with Mozilla browsers
loading multiple tabs one by one, rather than all at once.  Multi-threaded
applications that use "_res" to set up the resolver will need to be
recompiled.  Some of these are Mozilla, Evolution, and gnomevfs2.

http://docs.freebsd.org/cgi/mid.cgi?200402252103.i1PL3kkh030016

ACPICA upgraded to version 20040220
-----------------------------------
Nate Lawson (njl) imported version 20040220 of ACPI-CA (Advanced
Configuration and Power Interface - Component Architecture).  This is the
code that deals with the ACPI code stored in the BIOS, enabling proper
interrupt routing and power management on newer laptops and motherboards.
Nate also applied a number of FreeBSD-specific patches.

http://docs.freebsd.org/cgi/mid.cgi?200402282023.i1SKNZNi020682

New routed imported
-------------------
Bruce M. Simpson (bms) imported rhyolite.com routed 2.27.  The previous
version was 2.22 with some FreeBSD-specific patches, which have been
carried forward.  2.27 changes the way MD5 authentication is handled,
making routed compatible with Cisco routers and Sun routed code, but it is
not backwards-compatible with routed before 2.26.  See the `Rhyolite free
source page` for more information.

.. _`Rhyolite free source page`: http://www.rhyolite.com/src/

http://docs.freebsd.org/cgi/mid.cgi?200402252320.i1PNKNY2062940

New GNU regex library imported
------------------------------
Andrew A. Chernov imported a new version of the GNU regex regular
expression library, which was packaged with GNU grep 2.4.2.

http://docs.freebsd.org/cgi/mid.cgi?200402250227.i1P2Rpca040890

Watchdog enhancements
---------------------
Poul-Henning Kamp (phk) added a generic watchdog facility, so that all
the watchdog implementations can be controlled through a single point.
He also adapted the software watchdog to use that interface and renamed
the kernel configuration option from WATCHDOG to SW_WATCHDOG - if you
use WATCHDOG, be sure to update your kernel configuration file.  Later,
he committed support for the hardware watchdog in the Geode SC1100 chip,
which is found on embedded systems like the Soekris net4801.

Main commit: http://docs.freebsd.org/cgi/mid.cgi?200402282056.i1SKuZTe034073

Geode addition: http://docs.freebsd.org/cgi/mid.cgi?200402282233.i1SMXSXI058464

Major USB merge to -STABLE
--------------------------
Julian Elischer (julian) committed a major update to the 4.x USB code,
making it much more similar to the code in -CURRENT.  This update will
allow 4.10 to support USB 2 and make debugging easier.

http://docs.freebsd.org/cgi/mid.cgi?200403010007.i2107QbD056747

Netgraph improvements merged from -CURRENT
------------------------------------------
Ruslan Ermilov (ru) merged a number of minor improvements to Netgraph, a
modular system to hook together networking functions, to -STABLE.  The
merge introduces new API functions and fixes a memory leak.  At the same
time, Ruslan also merged code to allow socket buffers to be changed on the
fly, via sysctl.

Netgraph MFC: http://docs.freebsd.org/cgi/mid.cgi?200402231123.i1NBNCpj040938

Socket buffer sysctls: http://docs.freebsd.org/cgi/mid.cgi?200402231017.i1NAHXMj024334

=================
Discussion topics
=================
OpenBSD packet filter import
----------------------------
This was a long and complex thread, and I've tried to summarize each major
turn in the discussion.  This is an important issue, so I suggest that you
read the full thread, starting from the link below.

As noted above_, Max Laier imported OpenBSD's PF to the system.  Steve
Kargl asked where and what discussion had taken place before the import.
Bruce M. Simpson (bms) explained that discussions took place between
several network developers, with core@ involved.  Bruce also mentioned
that he has some plans for PF, like IPSEC NAT passthrough, higher-level
filtering for Kazaa and the like, and perhaps some improvements to
connections with different send and receive paths, like one-way satellite.
Further posts clarified that there are no plans for removal of ipfw/ipfw2
or IPFilter.

Luigi Rizzo (luigi) chimed in, pointing out that ipfw2's microcode-based
approach to rules is simpler to extend, and suggesting that an ideal
firewall would have ipfw2's microcode-based rules and PF's in-kernel NAT.
Sam Leffler (sam) agreed with this assessment.  Some discussion followed
about converting ipfw2 to use the new PFIL_HOOKS packet filtering API, and
Luigi said he would look and see what he could do.  Dag-Erling Smorgrav
(des) suggested that converting the entire stack to netgraph would be
ideal, so filtering could be inserted at any point.  Several people argued
against this, for performance and difficulty of implementation reasons.

Andre Oppermann (andre) suggested that if any firewall should be removed,
it should be IPFilter, as PF replaces it.  Jacques Vidrine (nectar)
pointed out that IPFilter is the only system firewall that's also
available on commercial UNIXes like Solaris and IRIX.  Tim Kientzle
(kientzle) posted a wish for a feature where address sets could be
created, then addresses added and removed on the fly, without changing the
rules.  Several replies noted that this is possible with PF out of the
box.

.. _above: `OpenBSD's PF packet filter imported`_

http://docs.freebsd.org/cgi/mid.cgi?200402260234.i1Q2YDx1014240

How wide is the effect of libkvm changes?
-----------------------------------------
Andre Opperman (andre) committed code to convert the TCP reassembly queue
to UMA, which changed libkvm, requiring all programs that use it to be
recompiled.  Kris Kennaway (kris) pointed out that libkvm is used by
ports, not just the base system.  Andre asked for more detail, and Kris
provided a rough list of 80 ports that use the library.  Andre clarified
that only ports that access the TCP structures will need to be recompiled.

Andre's commit: http://docs.freebsd.org/cgi/mid.cgi?200402241527.i1OFRgdm072232

Kris's port list: http://docs.freebsd.org/cgi/mid.cgi?20040224223404.GA55257

They don't make 'em like they used to
-------------------------------------
Poul-Henning Kamp (phk) committed an update to the manual page for
fdcontrol, the floppy drive control program, adding an example for 8"
floppies.  Wilko Bulte (wilko) offered an appropriate disk, starting a
thread about old storage media and devices.  Wilko told a story about an
old AC-powered drive running fill of sand and cement, and Kevin Oberman
compared 8" floppies with the old, indestructible DECtape system.

The commit was brought on by Poul-Henning's work for a new computer museum
in Denmark.  Poul-Henning is looking for a scan or copy of a manual for
the Y-E Data YD174 8" drive, so please let him know if you have a copy.

Start of thread: http://docs.freebsd.org/cgi/mid.cgi?200402251355.i1PDtu6Y018589

More information about the museum: http://docs.freebsd.org/cgi/mid.cgi?27174.1077734003

===================
Important bug fixes
===================
FreeBSD-SA-04:03 - Jailed processes moving around
-------------------------------------------------
Last week, there was `a commit by Jacques Vidrine (nectar)`_ that dealt
with processes moving around from jail to jail.  `FreeBSD-SA-04:03`_ has
since been issued for this problem, so I wanted to give it a second
mention.

.. _`a commit by Jacques Vidrine (nectar)`: http://excel.xl0.org/FreeBSD/22-02-04.html#jailed-processes-moving-around-corrected
.. _`FreeBSD-SA-04:03`: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.mail.asc

SMB directory/file creation bug fix merged from -CURRENT
--------------------------------------------------------
Tim J. Robbins (tjr) merged the SMB bug fix `mentioned two weeks ago`_ to
-STABLE.  The bug would cause problems when a file was replaced with a
directory of the same name, or vice versa.

.. _`mentioned two weeks ago`: http://excel.xl0.org/FreeBSD/15-02-04.html#problem-with-creating-directories-under-smbfs-corrected

http://docs.freebsd.org/cgi/mid.cgi?200402261112.i1QBChxE047414

===============
Other bug fixes
===============

Kirk McKusick (mckusick) fixed a bug in UFS that was causing deadlocks and
machine lockups.

http://docs.freebsd.org/cgi/mid.cgi?200402230640.i1N6eHcs064986

Jeffrey Hsu (hsu) fixed a condition in the TCP code that could cause a
panic under certain conditions when a connection was closed.

http://docs.freebsd.org/cgi/mid.cgi?200402250853.i1P8rIK5041945



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040301052131.GA696>