This change extends pf(4) limiters so administrator
can specify action the rule executes when limit is
reached. By default when limit is reached the limiter
overrides action specified by rule to no-match.
If administrator wants to block packet instead then
rule with limiter should be changed to:
pass in from any to any state limiter test (block)
OK dlg@
Fix ASN1_ADB_END macro, make it compatible with OpenSSL
In asn1t.h r1.18 (commit 9b72422d) I removed the app_items member from
ASN1_ADB and failed to fix up the ASN1_ADB_END() macro that populates
the ASN1_ADB. This means ASN1_ADB_END() tried to initialize one member
too many and would thus cause a compilation failure, so nobody uses this
with LibreSSL. Internally, we have expanded all its uses.
We could leave it broken or fix it up. Take the opportunity to add an
unused adb_cb() argument instead, making the macro invocation compatible
with OpenSSL.
ok jsing kenjiro
Fix a bug in .ll handling:
When formatting two input files in a row, a line length set with .ll
in the first file leaked to the second file.
Also, mandoc used the changed line length for the page footer,
whereas groff resets .ll before the page footer.
Fix this as follows:
1. Set defrmargin only at program startup, based on -O width / paper.
2. Copy defrmargin to maxrmargin whenever starting an input file or footer.
3. Let .ll / setwidth() only change maxrmargin, not defrmargin.
Remove "support" for the WIZ command. This used to be a command to
execute commands on the smtp server in old sendmail implementations.
This was obviously added as a joke, probably added for testing Enhanced
Status Code, and basically only changes the text of the 500 error
message, but with it came a lot of exta plumbing. While I appreciate the
joke, it's very obscure and especially the filter plumbing takes up
unneeded space.
OK millert@, chris@
No objection from kirill@
chunk forgotten for previous commit by chris:
KVA TLB entries can exist under PCID_TEMP after pmap_map_ptes() + interrupts
so KVA shootdowns must invalidate PCID_TEMP too
ok deraadt, mlarkin discussion and approval guenther
KVA TLB entries can exist under PCID_TEMP after pmap_map_ptes() + interrupts
so KVA shootdowns must invalidate PCID_TEMP too
ok deraadt, mlarkin discussion and approval guenther
Strangely, groff accepts .ll arguments with multiple signs. For odd numbers
of minus signs, the intended behaviour is decreasing the line length, for
even numbers, increasing it. The code in term_setwidth() resulted in
incorrect behaviour in two cases: for more than two signs, the line length
wasn't changed at all because a2roffsu() was called incorrectly and failed,
and if the second sign was negative, a negative width was passed to the
setwidth() callbacks, which they aren't prepared to handle.
Fix this by iterating over all signs to find the correct iop operation
code (0=absolute, 1=increase, -1=decrease). Also improve code clarity
by making the width argument of the setwidth() callbacks unsigned and
removing some ugly casts in these callbacks.
This patch adds an apple variant to the de keyboard encoding for
wskdb. It doesn't attempt to map all additional keysyms, only those that
are required in the shell and for programming.
It is similar to the applealu_iso variant that can be specified in X11
with setxkbmap.
ok miod@
Request 64k-aligned IOVA blocks. It's a bit unfortunate the alignment
requirements only diffuse through to the bus dma API when we allocate
memory; at that point we already have IOVA allocated, so it's hard to
apply the right alignment. The good thing is that we basically cannot
run out of an IOMMU domain's IOVA (which for us is per device), so we
can easily bump the alignment of each DMA map. This helps qwz(4) FW
come up on the Orion O6.
Advertise MSI multiple-vector support. This is assuming that in ACPI
mode we probably have a GIC with MSI support that should give us have
plenty of MSI vectors for us to use. Improves qwz(4) behavior on the
Orion O6.
ok kettenis@
TAILQs are hard, let's go shopping.
If the pglist is empty, p will be NULL, inserting
an iterator after it will prove challenging.
Bug was introduced in version 1.145
Clear and reinitialize the HAL state in our softc when we resume. While it
may be ok to keep the state around during a normal suspend/resume, it is
questionable to do so for unhibernate, where the hardware has been
fully reset. This fixes hangs when trying to bring down the interface
(including when we do so for a suspend or reboot) after an unhibernate.
ok stsp@
Don't starve nowait failures behind a large queue of pmr requests.
1.126 replaced ths flag used to indicate that a nowait allocation
had failed with a static to be addded to the list for the page
daemon to process in this case. ensuring the check is done with a lock
instead of fiddling with a volatile.. ok fine.
Unlike the previous flag, which was considered before processing the list,
the static was added to to the tail of the list, therefore adding it behind a
potentially large queue of pmr requests - which was already known
to be a problem in version 1.107 as witnessed by this commit message:
" Make sure low pages are deactivated first when there is a shortage of inactive
pages. Without this the system can have a ton of high pages on the active list
and never swapout anything if there's a shortage of low pages."
The previous flag could also have been set repeatedly by multipled nowait failures so
repeated failures would always push the pagedaemon down this path instead of
processing the list. This change also ensured that only one such "nowait" request
[19 lines not shown]
Introduce OF_is_enabled(), a helper function to figure out whether the
device tree node is available to use or not. So far we have done this
manually by explicitly checking for "disabled". Nowadays though there's
also "reserved" for devices that are there but shouldn't be touched, and
at some point we might need to handle "fail", too. We can't just check
for "okay" as some device trees only have "ok" or not even a status
property, which we should treat as "okay".
ok kettenis@
Only advertise HWCAP2_SVE2 (and other SVE features) if SVE is actually
supprted. The SVEver field in ID_AA64ZFR0_EL1 is also for streaming SVE
mode, which is also known as SME. An Apple decided to implement SME but
not SVE on their M4 CPU cores. So do what Linux does and only set these
if HWCAP_SVE is set.
ok jca@, patrick@, kurt@
