cvs-src summary for August 2-9

Mark Johnston mjohnston at
Tue Aug 10 20:28:48 PDT 2004

Here's the summary, albeit a bit delayed; things are back on track after the 


FreeBSD cvs-src summary for 02/08/04 to 09/08/04
This is a regular weekly summary of FreeBSD's cutting-edge development.
It is intended to help the FreeBSD community keep up with the fast-paced
work going on in FreeBSD-CURRENT by distilling the deluge of data from
the CVS mailing list into a (hopefully) easy-to-read newsletter.  This
newsletter is marked up in reStructuredText_, so any odd punctuation
that you see is likely intended for the reST parser.

.. _reStructuredText:

You can get old summaries, and an HTML version of this one, at  Please send any comments to Mark Johnston
(mark at

For Lukasz Dudek and Szymon Roczniak's Polish translations of these
summaries, which may lag the English ones slightly, please see

.. contents::

New features
Support for Thread Local Storage added
Doug Rabson (dfr) added support for Thread Local Storage (TLS), a GCC
feature that allows a variable to be declared as separate for each thread,
so if one thread changes it, the changes will not affect other threads.
The main user of this is OpenGL.

ipfw gains antispoof option

Andre Oppermann (andre) added an option called "antispoof" to ipfw.  The
antispoof option checks the source address of a packet; if that adress
is on a directly connected network, but the packet is coming in on a
different interface than that network is connected to, antispoof *does
not* match.  That means that it should be used as follows::

  ipfw add deny ip from any to any not antispoof in

FILE updated to 4.10
David O'Brien (obrien) imported Christos Zoulas's FILE version 4.10.  FILE
is a tool that identifies files and prints information about them.

bsnmpd updated to 1.7
Hartmut Brandt (harti) updated bsnmpd, a lightweight SNMP server.  This
update introduces fixups, cleanups, and the ability for gensnmptree to
merge multiple trees.

sendmail 8.13.1 MFC'ed
Gregory Neil Shapiro (gshapiro) MFC'ed the sendmail 8.13.1 update.

Notable changes
Packet mode enabled by default in boot0cfg
David O'Brien (obrien) enabled packet mode by default in boot0cfg, the
program that installs the bootloader code.  Packet mode allows the system
to boot from partitions above cylinder 1024, but can affect compatibility,
especially on SCSI drives.

Command-line arguments in make now propagate to all sub-makes
Hartmut Brandt (harti) modified make to propagate its command-line
arguments to sub-makes as command-line arguments, as required by POSIX.
This primarily affects prople using MAKEOBJDIR and MAKEOBJDIRPREFIX
as command-line arguments; they should instead be used as environment
variables, so they don't propagate to sub-makes.

Some discussion followed from this commit, but it was generally of a
technical support nature and isn't summarized here.

The committed code was derived from NetBSD.

null.ko removed
Mark Murray (markm) removed the null.ko kernel module, which provided
/dev/null and /dev/zero in module form.  Those devices are now built in to
all kernels statically.

CARP placeholder added; recompile of network modules required
Max Laier (mlaier) added a placeholder to the network interface structure
to permit adding CARP, the Common Address Redundancy Protocol, from
OpenBSD, in the future.  Any modules that use the ifnet structure will
need to be recompiled.

TCP in-flight sysctls moved into a subtree
Andre Oppermann (andre) moved the sysctls net.inet.tcp.inflight_enable,
net.inet.tcp.inflight_debug, net.inet.tcp.inflight_min,
net.inet.tcp.inflight_max, and net.inet.tcp.inflight_stab to their
own subtree, net.inet.tcp.inflight.  The result of this is that the
underscores in the old names become dots in the new ones.

Discussion topics
Dealing with duplicate modules
David O'Brien (obrien) removed the recently-added mem.ko module from the
kernel Makefile, saying, "Currently one cannot load the mem.ko module
without panicing if mem is compiled into the kernel and one cannot build a
kernel w/o 'device mem' right now either."

John Baldwin (jhb) replied, "You need to file a bug report, not start a
commit war.  Revert this commit and give Mark [Murray] a chance of trying
to fix this."

David replied, "I'll back it out, but I'm now asking for a back out of
the entire mem as a module commit -- it is only 1/2 baked [ . . . ]."

David also followed up to his original post, saying, "Please find a way
for all your /dev KO's to detect if they are already active and not panic
if loaded(initialized) twice."

Roman Kurakin (rik) responded, "Take a look how ctau(4)/cx(4)/cp(4) solve
this problem.", giving some sample code.

Mark Murray (markm) replied too, saying, "I am investigating. In the
meanwhile, please back out this commit [ . . . ]."

David responded, "You've been investigating for years.  I've reported the
problem about random.ko more than once.", also backing out his original
commit as Mark asked.

Mark answered, "What I'm having problems with is fixing the module system,
particularly when it works with some modules and not with others."

Brooks Davis (brooks) also replied to David, saying, "IMO this is a module
system bug not a bug in any given module."

Mark replied, "I'm looking to see if MODULE_VERSION() may fix this."

Nate Lawson (njl) responded, "The case where mem is compiled into the
kernel and then an attempt is made to load it as a module needs to be
detected by looking for an instance of the devclass."

John pointed out, "mem is a dev_t aka struct cdev \*, not a device_t.
There is no devclass."

Brooks added, "Similarly, where I've seen this problem is pseudo network
interfaces which are nothing but ifnet entries.  This is why I think we
need to handle this in the module layer and stop requring hack in every

Cryptography in releases and legal concerns

Nate Lawson (njl) moved the crypto distribution into base, making all
releases cryptography-enabled.  He noted, "The -DNOCRYPT build option
still exists for anyone who really wants to build non-cryptographic
binaries [ . . . ]."

Paul Richards replied, "From information I've received recently it seems
that exporting crypto from the UK now requires an export license."

Poul-Henning Kamp (phk) responded, "No it doesn't.  Read the Waasenaar

Colin Percival also answered Paul, saying, "When I asked [the UK
Department of Trade and Industry] about crypto a couple years ago, their
response was 'it's open source?  In that case, go right ahead'.  Of
course, the usual caveats about not exporting to embargoed countries and
not assisting in the production of WMD still apply, but those restrictions
would apply regardless of whether we ship cryptographic binaries."

Paul replied, "In this case it wasn't open source, it was a commercial
product that had FreeBSD in it, specifically it was "tangible" and that's
significant when interpreting the export rules."  He also gave a link to
the crypto law survey at .
In a second posting, he clarified that "It's not an issue for FreeBSD to
be distributed as open source [but] It doesn't however follow that FreeBSD
is always exempt from export controls because it might not be if your
exporting it as a product, even if that product is just FreeBSD on a CD."

Mark Murray (markm) answered, "This is just plain incorrect. If it is Open
Source, it is exportable."

Paul asked, "Do you have a reference for that assumption?"

Mark replied, "Not offhand, but our company lawyers OKed it.", and
suggested and as well.

Paul responded, "I'm only reporting what I was told by a UK FreeBSD user
[ . . . ]. For their product the fact that FreeBSD was bundled into an
embedded product meant that it was not considered to be an open source
product and therefore possibly needed an export license."

Mark clarified, "If the product's web site has a downloadable copy of
the cryptographic stuff available for public download, you don't need to
license. If the cryptographic code is in some way _NOT_ available to the
general public, you need to seek permission."

Important bug fixes
mbuf exhaustion panic fixed
Brian Feldman (green) changed the UMA (uniform memory access) code,
allowing UMA to return an error if the memory requested could not be
allocated.  This eliminates the panics when you run out of memory for mbuf

Other bug fixes
Nate Lawson (njl) made EISA probing less invasive; this fixes hangs on
some laptops (Thinkpads, for instance) when booting with ACPI disabled,
but breaks the old Adaptec 2842 VLB controller.  VLB (Vesa Local Bus) is a
bus technology that predates PCI, and that was commonly found on 486es.

Joe Marcus Clarke (marcus) fixed a segfault in natd when trying to process
a PPTP (used for VPN connections) or Skinny (SCCP, used for Cisco IP
phones) packet.

More information about the freebsd-current mailing list