PERFORCE change 108689 for review
    Marcel Moolenaar 
    marcel at FreeBSD.org
       
    Sun Oct 29 20:55:18 UTC 2006
    
    
  
http://perforce.freebsd.org/chv.cgi?CH=108689
Change 108689 by marcel at marcel_cluster on 2006/10/29 20:54:12
	IFC @108686
Affected files ...
.. //depot/projects/ia64/UPDATING#90 integrate
.. //depot/projects/ia64/bin/cp/cp.1#13 integrate
.. //depot/projects/ia64/contrib/gcc/function.c#14 integrate
.. //depot/projects/ia64/etc/defaults/rc.conf#73 integrate
.. //depot/projects/ia64/etc/network.subr#17 integrate
.. //depot/projects/ia64/etc/pf.os#4 integrate
.. //depot/projects/ia64/etc/rc.d/auto_linklocal#3 integrate
.. //depot/projects/ia64/etc/rc.d/ppp#5 integrate
.. //depot/projects/ia64/etc/rc.firewall#6 integrate
.. //depot/projects/ia64/games/fortune/datfiles/fortunes#60 integrate
.. //depot/projects/ia64/lib/libc/gmon/Makefile.inc#5 integrate
.. //depot/projects/ia64/lib/libc/net/inet.3#8 integrate
.. //depot/projects/ia64/lib/libc/resolv/res_send.c#3 integrate
.. //depot/projects/ia64/lib/libc/stdio/xprintf.c#4 integrate
.. //depot/projects/ia64/lib/libkvm/kvm_proc.c#30 integrate
.. //depot/projects/ia64/lib/libtacplus/libtacplus.3#6 integrate
.. //depot/projects/ia64/release/Makefile#99 integrate
.. //depot/projects/ia64/sbin/adjkerntz/adjkerntz.c#7 integrate
.. //depot/projects/ia64/sbin/devd/devd.conf.5#10 integrate
.. //depot/projects/ia64/sbin/mount/mount.c#28 integrate
.. //depot/projects/ia64/share/man/man4/if_bridge.4#12 integrate
.. //depot/projects/ia64/share/man/man4/ng_pppoe.4#13 integrate
.. //depot/projects/ia64/share/man/man4/ng_source.4#10 integrate
.. //depot/projects/ia64/share/man/man4/sis.4#11 integrate
.. //depot/projects/ia64/share/man/man4/syscons.4#15 integrate
.. //depot/projects/ia64/share/man/man7/ports.7#20 integrate
.. //depot/projects/ia64/share/man/man9/kobj.9#7 integrate
.. //depot/projects/ia64/share/misc/usb_hid_usages#2 integrate
.. //depot/projects/ia64/share/mk/bsd.lib.mk#39 integrate
.. //depot/projects/ia64/sys/amd64/amd64/machdep.c#41 integrate
.. //depot/projects/ia64/sys/amd64/amd64/prof_machdep.c#5 integrate
.. //depot/projects/ia64/sys/amd64/amd64/trap.c#29 integrate
.. //depot/projects/ia64/sys/amd64/conf/DEFAULTS#5 integrate
.. //depot/projects/ia64/sys/amd64/conf/GENERIC#38 integrate
.. //depot/projects/ia64/sys/amd64/conf/NOTES#23 integrate
.. //depot/projects/ia64/sys/amd64/include/asmacros.h#7 integrate
.. //depot/projects/ia64/sys/amd64/include/profile.h#10 integrate
.. //depot/projects/ia64/sys/amd64/linux32/linux.h#5 integrate
.. //depot/projects/ia64/sys/amd64/linux32/linux32_dummy.c#5 integrate
.. //depot/projects/ia64/sys/amd64/linux32/linux32_proto.h#11 integrate
.. //depot/projects/ia64/sys/amd64/linux32/linux32_syscall.h#11 integrate
.. //depot/projects/ia64/sys/amd64/linux32/linux32_sysent.c#11 integrate
.. //depot/projects/ia64/sys/amd64/linux32/syscalls.master#11 integrate
.. //depot/projects/ia64/sys/arm/arm/nexus.c#7 integrate
.. //depot/projects/ia64/sys/arm/arm/trap.c#19 integrate
.. //depot/projects/ia64/sys/arm/arm/vm_machdep.c#15 integrate
.. //depot/projects/ia64/sys/arm/at91/at91_sscreg.h#3 integrate
.. //depot/projects/ia64/sys/arm/at91/kb920x_machdep.c#5 integrate
.. //depot/projects/ia64/sys/arm/at91/std.at91#3 integrate
.. //depot/projects/ia64/sys/arm/at91/std.kb920x#3 integrate
.. //depot/projects/ia64/sys/arm/conf/EP80219#2 integrate
.. //depot/projects/ia64/sys/arm/conf/IQ31244#9 integrate
.. //depot/projects/ia64/sys/arm/conf/KB920X#4 integrate
.. //depot/projects/ia64/sys/arm/conf/SIMICS#8 integrate
.. //depot/projects/ia64/sys/arm/conf/SKYEYE#3 integrate
.. //depot/projects/ia64/sys/arm/sa11x0/assabet_machdep.c#12 integrate
.. //depot/projects/ia64/sys/arm/xscale/i80321/ep80219_machdep.c#2 integrate
.. //depot/projects/ia64/sys/arm/xscale/i80321/iq31244_machdep.c#14 integrate
.. //depot/projects/ia64/sys/boot/common/load_elf.c#18 integrate
.. //depot/projects/ia64/sys/boot/i386/boot2/boot2.c#25 integrate
.. //depot/projects/ia64/sys/boot/i386/libi386/elf32_freebsd.c#4 integrate
.. //depot/projects/ia64/sys/boot/i386/libi386/elf64_freebsd.c#6 integrate
.. //depot/projects/ia64/sys/boot/pc98/boot2/boot.c#8 integrate
.. //depot/projects/ia64/sys/compat/freebsd32/freebsd32_proto.h#21 integrate
.. //depot/projects/ia64/sys/compat/freebsd32/freebsd32_syscall.h#21 integrate
.. //depot/projects/ia64/sys/compat/freebsd32/freebsd32_syscalls.c#21 integrate
.. //depot/projects/ia64/sys/compat/freebsd32/freebsd32_sysent.c#21 integrate
.. //depot/projects/ia64/sys/compat/freebsd32/syscalls.master#21 integrate
.. //depot/projects/ia64/sys/compat/linprocfs/linprocfs.c#45 integrate
.. //depot/projects/ia64/sys/compat/linux/linux_aio.c#2 delete
.. //depot/projects/ia64/sys/compat/linux/linux_aio.h#2 delete
.. //depot/projects/ia64/sys/compat/linux/linux_emul.c#3 integrate
.. //depot/projects/ia64/sys/compat/linux/linux_emul.h#2 integrate
.. //depot/projects/ia64/sys/compat/linux/linux_misc.c#48 integrate
.. //depot/projects/ia64/sys/compat/linux/linux_misc.h#1 branch
.. //depot/projects/ia64/sys/conf/NOTES#106 integrate
.. //depot/projects/ia64/sys/conf/files#147 integrate
.. //depot/projects/ia64/sys/conf/files.amd64#41 integrate
.. //depot/projects/ia64/sys/conf/files.i386#80 integrate
.. //depot/projects/ia64/sys/conf/files.ia64#67 integrate
.. //depot/projects/ia64/sys/conf/files.pc98#67 integrate
.. //depot/projects/ia64/sys/conf/files.powerpc#29 integrate
.. //depot/projects/ia64/sys/conf/files.sparc64#49 integrate
.. //depot/projects/ia64/sys/conf/kern.post.mk#63 integrate
.. //depot/projects/ia64/sys/conf/kern.pre.mk#41 integrate
.. //depot/projects/ia64/sys/ddb/db_ps.c#31 integrate
.. //depot/projects/ia64/sys/dev/atkbdc/atkbd.c#6 integrate
.. //depot/projects/ia64/sys/dev/bce/if_bcereg.h#6 integrate
.. //depot/projects/ia64/sys/dev/dc/if_dc.c#8 integrate
.. //depot/projects/ia64/sys/dev/em/if_em.c#54 integrate
.. //depot/projects/ia64/sys/dev/em/if_em.h#34 integrate
.. //depot/projects/ia64/sys/dev/em/if_em_hw.c#21 integrate
.. //depot/projects/ia64/sys/dev/em/if_em_hw.h#20 integrate
.. //depot/projects/ia64/sys/dev/em/if_em_osdep.h#19 integrate
.. //depot/projects/ia64/sys/dev/sound/pcm/dsp.c#27 integrate
.. //depot/projects/ia64/sys/dev/ubsec/ubsec.c#29 integrate
.. //depot/projects/ia64/sys/dev/usb/ukbd.c#19 integrate
.. //depot/projects/ia64/sys/fs/msdosfs/denode.h#12 integrate
.. //depot/projects/ia64/sys/fs/msdosfs/direntry.h#8 integrate
.. //depot/projects/ia64/sys/fs/msdosfs/msdosfs_conv.c#15 integrate
.. //depot/projects/ia64/sys/fs/msdosfs/msdosfs_denode.c#25 integrate
.. //depot/projects/ia64/sys/fs/msdosfs/msdosfs_vnops.c#35 integrate
.. //depot/projects/ia64/sys/fs/nwfs/nwfs_subr.c#9 integrate
.. //depot/projects/ia64/sys/fs/procfs/procfs_status.c#20 integrate
.. //depot/projects/ia64/sys/fs/smbfs/smbfs_subr.c#9 integrate
.. //depot/projects/ia64/sys/i386/conf/DEFAULTS#5 integrate
.. //depot/projects/ia64/sys/i386/conf/GENERIC#68 integrate
.. //depot/projects/ia64/sys/i386/conf/NOTES#78 integrate
.. //depot/projects/ia64/sys/i386/i386/machdep.c#73 integrate
.. //depot/projects/ia64/sys/i386/i386/trap.c#56 integrate
.. //depot/projects/ia64/sys/i386/include/asmacros.h#7 integrate
.. //depot/projects/ia64/sys/i386/include/profile.h#14 integrate
.. //depot/projects/ia64/sys/i386/isa/prof_machdep.c#8 integrate
.. //depot/projects/ia64/sys/i386/linux/linux.h#11 integrate
.. //depot/projects/ia64/sys/i386/linux/linux_dummy.c#12 integrate
.. //depot/projects/ia64/sys/i386/linux/linux_proto.h#21 integrate
.. //depot/projects/ia64/sys/i386/linux/linux_syscall.h#21 integrate
.. //depot/projects/ia64/sys/i386/linux/linux_sysent.c#22 integrate
.. //depot/projects/ia64/sys/i386/linux/syscalls.master#20 integrate
.. //depot/projects/ia64/sys/ia64/conf/DEFAULTS#5 integrate
.. //depot/projects/ia64/sys/ia64/conf/GENERIC#51 integrate
.. //depot/projects/ia64/sys/ia64/conf/NOTES#11 integrate
.. //depot/projects/ia64/sys/ia64/ia64/machdep.c#120 integrate
.. //depot/projects/ia64/sys/ia64/ia64/trap.c#85 integrate
.. //depot/projects/ia64/sys/kern/init_main.c#58 integrate
.. //depot/projects/ia64/sys/kern/kern_clock.c#40 integrate
.. //depot/projects/ia64/sys/kern/kern_exit.c#74 integrate
.. //depot/projects/ia64/sys/kern/kern_fork.c#67 integrate
.. //depot/projects/ia64/sys/kern/kern_idle.c#19 integrate
.. //depot/projects/ia64/sys/kern/kern_intr.c#42 integrate
.. //depot/projects/ia64/sys/kern/kern_kse.c#17 integrate
.. //depot/projects/ia64/sys/kern/kern_malloc.c#41 integrate
.. //depot/projects/ia64/sys/kern/kern_poll.c#19 integrate
.. //depot/projects/ia64/sys/kern/kern_proc.c#68 integrate
.. //depot/projects/ia64/sys/kern/kern_resource.c#40 integrate
.. //depot/projects/ia64/sys/kern/kern_sig.c#95 integrate
.. //depot/projects/ia64/sys/kern/kern_subr.c#35 integrate
.. //depot/projects/ia64/sys/kern/kern_switch.c#47 integrate
.. //depot/projects/ia64/sys/kern/kern_synch.c#66 integrate
.. //depot/projects/ia64/sys/kern/kern_thr.c#28 integrate
.. //depot/projects/ia64/sys/kern/kern_thread.c#97 integrate
.. //depot/projects/ia64/sys/kern/kern_umtx.c#23 integrate
.. //depot/projects/ia64/sys/kern/sched_4bsd.c#36 integrate
.. //depot/projects/ia64/sys/kern/sched_ule.c#50 integrate
.. //depot/projects/ia64/sys/kern/subr_fattime.c#2 integrate
.. //depot/projects/ia64/sys/kern/subr_trap.c#53 integrate
.. //depot/projects/ia64/sys/kern/sys_process.c#39 integrate
.. //depot/projects/ia64/sys/kern/tty.c#49 integrate
.. //depot/projects/ia64/sys/kern/vfs_bio.c#87 integrate
.. //depot/projects/ia64/sys/kern/vfs_syscalls.c#76 integrate
.. //depot/projects/ia64/sys/modules/linux/Makefile#16 integrate
.. //depot/projects/ia64/sys/modules/powermac_nvram/Makefile#2 integrate
.. //depot/projects/ia64/sys/netinet/ip_dummynet.c#43 integrate
.. //depot/projects/ia64/sys/nfsserver/nfs_serv.c#39 integrate
.. //depot/projects/ia64/sys/pc98/conf/DEFAULTS#5 integrate
.. //depot/projects/ia64/sys/pc98/conf/GENERIC#58 integrate
.. //depot/projects/ia64/sys/pc98/conf/NOTES#39 integrate
.. //depot/projects/ia64/sys/pc98/pc98/machdep.c#11 integrate
.. //depot/projects/ia64/sys/pci/if_sis.c#47 integrate
.. //depot/projects/ia64/sys/posix4/ksched.c#15 integrate
.. //depot/projects/ia64/sys/powerpc/conf/DEFAULTS#3 integrate
.. //depot/projects/ia64/sys/powerpc/conf/GENERIC#37 integrate
.. //depot/projects/ia64/sys/powerpc/conf/NOTES#3 integrate
.. //depot/projects/ia64/sys/powerpc/powerpc/machdep.c#49 integrate
.. //depot/projects/ia64/sys/powerpc/powerpc/trap.c#38 integrate
.. //depot/projects/ia64/sys/security/mac/mac_framework.h#3 integrate
.. //depot/projects/ia64/sys/sparc64/conf/DEFAULTS#3 integrate
.. //depot/projects/ia64/sys/sparc64/conf/GENERIC#62 integrate
.. //depot/projects/ia64/sys/sparc64/conf/NOTES#19 integrate
.. //depot/projects/ia64/sys/sparc64/sparc64/machdep.c#62 integrate
.. //depot/projects/ia64/sys/sparc64/sparc64/trap.c#41 integrate
.. //depot/projects/ia64/sys/sun4v/conf/DEFAULTS#2 integrate
.. //depot/projects/ia64/sys/sun4v/conf/NOTES#3 integrate
.. //depot/projects/ia64/sys/sun4v/sun4v/machdep.c#3 integrate
.. //depot/projects/ia64/sys/sys/clock.h#5 integrate
.. //depot/projects/ia64/sys/sys/param.h#77 integrate
.. //depot/projects/ia64/sys/sys/proc.h#104 integrate
.. //depot/projects/ia64/sys/sys/queue.h#16 integrate
.. //depot/projects/ia64/sys/sys/rtprio.h#6 integrate
.. //depot/projects/ia64/sys/sys/sched.h#14 integrate
.. //depot/projects/ia64/sys/sys/soundcard.h#11 integrate
.. //depot/projects/ia64/sys/vm/swap_pager.c#62 integrate
.. //depot/projects/ia64/sys/vm/uma_core.c#74 integrate
.. //depot/projects/ia64/sys/vm/vm_fault.c#58 integrate
.. //depot/projects/ia64/sys/vm/vm_glue.c#52 integrate
.. //depot/projects/ia64/sys/vm/vm_kern.c#39 integrate
.. //depot/projects/ia64/sys/vm/vm_zeroidle.c#20 integrate
.. //depot/projects/ia64/usr.bin/awk/Makefile#11 integrate
.. //depot/projects/ia64/usr.bin/awk/tran.c.diff#1 branch
.. //depot/projects/ia64/usr.bin/calendar/calendars/de_DE.ISO8859-1/calendar.musik#5 integrate
.. //depot/projects/ia64/usr.bin/lorder/lorder.1#6 integrate
.. //depot/projects/ia64/usr.bin/su/su.c#21 integrate
.. //depot/projects/ia64/usr.sbin/config/config.5#3 integrate
.. //depot/projects/ia64/usr.sbin/config/config.h#11 integrate
.. //depot/projects/ia64/usr.sbin/config/config.y#15 integrate
.. //depot/projects/ia64/usr.sbin/config/main.c#15 integrate
.. //depot/projects/ia64/usr.sbin/config/mkmakefile.c#16 integrate
.. //depot/projects/ia64/usr.sbin/fdcontrol/fdcontrol.8#8 integrate
.. //depot/projects/ia64/usr.sbin/fwcontrol/Makefile#5 integrate
.. //depot/projects/ia64/usr.sbin/fwcontrol/fwcontrol.8#15 integrate
.. //depot/projects/ia64/usr.sbin/fwcontrol/fwcontrol.c#18 integrate
.. //depot/projects/ia64/usr.sbin/fwcontrol/fwdv.c#4 integrate
.. //depot/projects/ia64/usr.sbin/fwcontrol/fwmethods.h#1 branch
.. //depot/projects/ia64/usr.sbin/fwcontrol/fwmpegts.c#1 branch
.. //depot/projects/ia64/usr.sbin/smbmsg/smbmsg.8#4 integrate
.. //depot/projects/ia64/usr.sbin/sysinstall/dist.c#36 integrate
.. //depot/projects/ia64/usr.sbin/sysinstall/install.c#37 integrate
.. //depot/projects/ia64/usr.sbin/sysinstall/sysinstall.h#39 integrate
Differences ...
==== //depot/projects/ia64/UPDATING#90 (text+ko) ====
@@ -21,6 +21,14 @@
 	developers choose to disable these features on build machines
 	to maximize performance.
 
+20061026:
+	KSE in the kernel has now been made optional and turned on by
+	default. Use 'nooption KSE' in your kernel config to turn it
+	off. All kernel modules *must* be recompiled after this change.
+	There-after, modules from a KSE kernel should be compatible with
+	modules from a NOKSE kernel due to the temporary padding fields
+	added to 'struct proc'.
+
 20060929:
 	mrouted and its utilities have been removed from the base system.
 
@@ -631,4 +639,4 @@
 Contact Warner Losh if you have any questions about your use of
 this document.
 
-$FreeBSD: src/UPDATING,v 1.460 2006/09/30 20:01:15 ru Exp $
+$FreeBSD: src/UPDATING,v 1.462 2006/10/26 22:05:24 jb Exp $
==== //depot/projects/ia64/bin/cp/cp.1#13 (text+ko) ====
@@ -30,9 +30,9 @@
 .\" SUCH DAMAGE.
 .\"
 .\"	@(#)cp.1	8.3 (Berkeley) 4/18/94
-.\" $FreeBSD: src/bin/cp/cp.1,v 1.36 2006/10/07 22:14:43 trhodes Exp $
+.\" $FreeBSD: src/bin/cp/cp.1,v 1.38 2006/10/27 08:26:24 trhodes Exp $
 .\"
-.Dd October 7, 2006
+.Dd October 27, 2006
 .Dt CP 1
 .Os
 .Sh NAME
@@ -251,38 +251,24 @@
 utility had a
 .Fl r
 option.
-This implementation supports that option, however, its use is strongly
-discouraged as its behavior is very implementation dependent.
-In this version of
-.Nm ,
+This implementation supports that option, however, its behavior
+is different from historical
+.Fx
+behavior.
+Use of this option
+is strongly discouraged as the behavior is
+implementation-dependent.
+In
+.Fx ,
 .Fl r
-is just a synonym for
-.Fl RL .
-The
-.Fl R
-option gives the correct behavior while
-.Fl L
-preserves the sometimes-useful historical behavior of following symbolic links. 
-The
+is a synonym for
+.Fl RL
+and works the same unless modified by other flags.
+Historical implemenations
+of
 .Fl r
-option is deprecated in
-.Tn POSIX 
- and its behavior is likely to be different
-in future versions of 
-.Nm
-and its behavior is likely to be different
-in future versions of
-.Fx .
-Previous versions of
-.Nm
-in
-.Fx ,
-the
-.Fl r
-behavior was to not correctly copy special files, symbolic links
-or fifos.
-Symbolic links were followed, and the contents of special
-files and fifos were copied to regular files.
+differ as they copy special files as normal
+files while recreating a hierarchy.
 .Pp
 The
 .Fl v
==== //depot/projects/ia64/contrib/gcc/function.c#14 (text+ko) ====
@@ -19,7 +19,7 @@
 Software Foundation, 59 Temple Place - Suite 330, Boston, MA
 02111-1307, USA.  */
 
-/* $FreeBSD: src/contrib/gcc/function.c,v 1.22 2005/06/03 04:02:19 kan Exp $ */
+/* $FreeBSD: src/contrib/gcc/function.c,v 1.23 2006/10/25 07:29:22 bde Exp $ */
 
 /* This file handles the generation of rtl code from tree structure
    at the level of the function as a whole.
@@ -7129,7 +7129,9 @@
       if (!initialized)
 	{
 	  mexitcount_libfunc = init_one_libfunc (".mexitcount");
+#if 0 /* Turn this off to prevent erroneous garbage collection.  */
 	  initialized = 1;
+#endif
 	}
       emit_library_call (mexitcount_libfunc, LCT_NORMAL, VOIDmode, 0);
     }
==== //depot/projects/ia64/etc/defaults/rc.conf#73 (text+ko) ====
@@ -15,7 +15,7 @@
 # For a more detailed explanation of all the rc.conf variables, please
 # refer to the rc.conf(5) manual page.
 #
-# $FreeBSD: src/etc/defaults/rc.conf,v 1.300 2006/10/15 15:55:00 ceri Exp $
+# $FreeBSD: src/etc/defaults/rc.conf,v 1.301 2006/10/28 20:08:12 phk Exp $
 
 ##############################################################
 ###  Important initial Boot-time options  ####################
@@ -104,6 +104,16 @@
 firewall_quiet="NO"		# Set to YES to suppress rule display
 firewall_logging="NO"		# Set to YES to enable events logging
 firewall_flags=""		# Flags passed to ipfw when type is a file
+firewall_myservices=""		# List of TCP ports on which this host
+				#  offers services
+firewall_allowservices=""	# List of IPs which has access to
+				#  $firewall_myservices
+firewall_trusted=""		# List of IPs which has full access to this host
+firewall_logdeny="NO"		# Set to YES to log default denied incoming
+				#  packets.
+firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports
+				#  for which denied incoming packets are not
+				#  logged.
 ip_portrange_first="NO"		# Set first dynamically allocated port
 ip_portrange_last="NO"		# Set last dynamically allocated port
 ike_enable="NO"			# Enable IKE daemon (usually racoon or isakmpd)
==== //depot/projects/ia64/etc/network.subr#17 (text+ko) ====
@@ -22,7 +22,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $FreeBSD: src/etc/network.subr,v 1.175 2006/10/07 15:45:56 ume Exp $
+# $FreeBSD: src/etc/network.subr,v 1.176 2006/10/29 13:29:49 mlaier Exp $
 #
 
 #
@@ -690,7 +690,7 @@
 		if [ ${rtsol_available} = yes -a ${rtsol_interface} = yes ]
 		then
 			case ${i} in
-			lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*)
+			lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*|pflog[0-9]*|pfsync[0-9]*)
 				;;
 			*)
 				rtsol_interfaces="${rtsol_interfaces} ${i}"
==== //depot/projects/ia64/etc/pf.os#4 (text+ko) ====
@@ -1,5 +1,5 @@
-# $FreeBSD: src/etc/pf.os,v 1.3 2004/09/14 00:30:14 mlaier Exp $
-# $OpenBSD: pf.os,v 1.17 2004/04/28 01:01:27 deraadt Exp $
+# $FreeBSD: src/etc/pf.os,v 1.4 2006/10/23 05:09:44 delphij Exp $
+# $OpenBSD: pf.os,v 1.21 2006/07/28 21:51:12 david Exp $
 # passive OS fingerprinting
 # -------------------------
 #
@@ -223,9 +223,10 @@
 S4:64:1:60:M1360,S,T,N,W0:	Linux:google::Linux (Google crawlbot)
 
 S2:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4 (big boy)
-S3:64:1:60:M*,S,T,N,W0:		Linux:2.4:18-21:Linux 2.4.18 and newer
-S4:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4/2.6
-S4:64:1:60:M*,S,T,N,W0:		Linux:2.6::Linux 2.4/2.6
+S3:64:1:60:M*,S,T,N,W0:		Linux:2.4:.18-21:Linux 2.4.18 and newer
+S4:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4/2.6 <= 2.6.7
+S4:64:1:60:M*,S,T,N,W0:		Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7
+S4:64:1:60:M*,S,T,N,W7:		Linux:2.6:8:Linux 2.6.8 and newer (?)
 
 S3:64:1:60:M*,S,T,N,W1:		Linux:2.5::Linux 2.5 (sometimes 2.4)
 S4:64:1:60:M*,S,T,N,W1:		Linux:2.5-2.6::Linux 2.5/2.6
@@ -260,27 +261,28 @@
 
 # ----------------- FreeBSD -----------------
 
-16384:64:1:44:M*:		FreeBSD:2.0-2.2::FreeBSD 2.0-4.1
-16384:64:1:44:M*:		FreeBSD:3.0-3.5::FreeBSD 2.0-4.1
-16384:64:1:44:M*:		FreeBSD:4.0-4.1::FreeBSD 2.0-4.1
+16384:64:1:44:M*:		FreeBSD:2.0-2.2::FreeBSD 2.0-4.2
+16384:64:1:44:M*:		FreeBSD:3.0-3.5::FreeBSD 2.0-4.2
+16384:64:1:44:M*:		FreeBSD:4.0-4.2::FreeBSD 2.0-4.2
 16384:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.4::FreeBSD 4.4
 
 1024:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.4::FreeBSD 4.4
 
 57344:64:1:44:M*:		FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
-57344:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.6-4.8::FreeBSD 4.6-4.8
+57344:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.6-4.9::FreeBSD 4.6-4.9
 
-32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X)
+32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X)
 32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
-65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X)
-65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
-65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:4.7-4.9::FreeBSD 4.7-5.1
-65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:5.0-5.1::FreeBSD 4.7-5.1
+65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X)
+65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X)
+65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
+65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
 
 # XXX need quirks support
-# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-current (1)
-# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-current (2)
-# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-current (3)
+# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1)
+# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2)
+# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (3)
+# 65535:64:1:44:M*:Z:FreeBSD:5.2::FreeBSD 5.2 (no RFC1323)
 
 # 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps)
 
@@ -297,12 +299,12 @@
 # ----------------- OpenBSD -----------------
 
 16384:64:0:60:M*,N,W0,N,N,T:		OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
-16384:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-3.5::OpenBSD 3.0-3.5
-16384:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-3.5:no-df:OpenBSD 3.0-3.5 (scrub no-df)
-57344:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-3.5::OpenBSD 3.3-3.5
-57344:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-3.5:no-df:OpenBSD 3.3-3.5 (scrub no-df)
+16384:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0::OpenBSD 3.0-4.0
+16384:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0:no-df:OpenBSD 3.0-4.0 (scrub no-df)
+57344:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-4.0::OpenBSD 3.3-4.0
+57344:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df)
 
-65535:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-3.5:opera:OpenBSD 3.0-3.5 (Opera)
+65535:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera)
 
 # ----------------- Solaris -----------------
 
@@ -317,7 +319,8 @@
 
 4096:64:0:44:M1460:			SunOS:4.1::SunOS 4.1.x
 
-S34:64:1:52:M*,N,W0,N,N,S:		Solaris:10::Solaris 10 (beta)
+S34:64:1:52:M*,N,W0,N,N,S:		Solaris:10:beta:Solaris 10 (beta)
+32850:64:1:64:M*,N,N,T,N,W1,N,N,S:	Solaris:10::Solaris 10 1203
 
 # ----------------- IRIX --------------------
 
@@ -329,6 +332,9 @@
 61440:64:0:48:M*,N,N,S:			IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21
 49152:64:0:48:M*,N,N,S:			IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21
 
+49152:60:0:64:M*,N,W2,N,N,T,N,N,S:	IRIX:6.5:IP27:IRIX 6.5 IP27
+
+
 # ----------------- Tru64 -------------------
 
 32768:64:1:48:M*,N,W0:			Tru64:4.0::Tru64 4.0 (or OS/2 Warp 4)
@@ -428,6 +434,11 @@
 16384:128:1:52:M536,N,W0,N,N,S:		Windows:2000:ZoneAlarm:Windows 2000 w/ZoneAlarm?
 2048:255:0:40:.:			Windows:.NET::Windows .NET Enterprise Server
 
+44620:64:0:48:M*,N,N,S:			Windows:ME::Windows ME no SP (?)
+S6:255:1:48:M536,N,N,S:			Windows:95:winsock2:Windows 95 winsock 2
+32768:32:1:52:M1460,N,W0,N,N,S:		Windows:2003:AS:Windows 2003 AS
+
+
 # No need to be more specific, it passes:
 # *:128:1:48:M*,N,N,S:U:-Windows:XP/2000 while downloading (leak!) XXX quirk
 # there is an equiv similar generic sig w/o the quirk
@@ -442,7 +453,6 @@
 # Whoa. Hardcore WSS.
 0:64:0:48:M*,W0,N:			HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323)
 
-
 # ----------------- RiscOS ------------------
 
 # We don't yet support the ?12 TCP option
@@ -453,6 +463,7 @@
 # 4096:64:1:56:M1460,N,N,T:T:			RISC OS:3.70:freenet:RISC OS 3.70 freenet 2.00
 
 
+
 # ----------------- BSD/OS ------------------
 
 # Once again, power of two WSS is also shared by MacOS X with DF set
@@ -466,6 +477,7 @@
 
 # ---------------- NeXTSTEP -----------------
 
+S4:64:0:44:M1024:		NeXTSTEP:3.3::NeXTSTEP 3.3
 S8:64:0:44:M512:		NeXTSTEP:3.3::NeXTSTEP 3.3
 
 # ------------------ BeOS -------------------
@@ -501,15 +513,18 @@
 
 # ----------------- SCO ------------------
 S3:64:1:60:M1460,N,W0,N,N,T:	SCO:UnixWare:7.1:SCO UnixWare 7.1
+S17:64:1:60:M1380,N,W0,N,N,T:	SCO:UnixWare:7.1:SCO UnixWare 7.1.3 MP3
 S23:64:1:44:M1380:		SCO:OpenServer:5.0:SCO OpenServer 5.0
 
 # ------------------- DOS -------------------
 
 2048:255:0:44:M536:		DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05
+T2:255:0:44:M984:		DOS:WATTCP:1.05Arachne:Arachne via WATTCP/1.05 (eepro)
 
 # ------------------ OS/2 -------------------
 
 S56:64:0:44:M512:		OS/2:4::OS/2 4
+28672:64:0:44:M1460:		OS/2:4::OS/2 Warp 4.0
 
 # ----------------- TOPS-20 -----------------
 
@@ -517,6 +532,10 @@
 # XXX QUIRK 0:64:0:44:M1460:A:TOPS-20:version 7
 0:64:0:44:M1460:		TOPS-20:7::TOPS-20 version 7
 
+# ----------------- FreeMiNT ----------------
+
+S44:255:0:44:M536:		FreeMiNT:1:16A:FreeMiNT 1 patch 16A (Atari)
+
 # ------------------ AMIGA ------------------
 
 # XXX TCP option 12
@@ -539,7 +558,6 @@
 S12:64:1:44:M1460:			@Checkpoint:::Checkpoint (unknown 1)
 S12:64:1:48:N,N,S,M1460:		@Checkpoint:::Checkpoint (unknown 2)
 4096:32:0:44:M1460:			ExtremeWare:4.x::ExtremeWare 4.x
-60352:64:0:52:M1460,N,W2,N,N,S:		Clavister:7::Clavister firewall 7.x
 
 # XXX TCP option 12
 # S32:64:0:68:M512,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO w/Checkpoint NG FP3
@@ -549,6 +567,9 @@
 
 8192:64:1:44:M1460:			Eagle:::Eagle Secure Gateway
 
+S52:128:1:48:M1260,N,N,N,N:		LinkSys:WRV54G::LinkSys WRV54G VPN router
+
+
 
 # ------- Switches and other stuff ----------
 
@@ -581,6 +602,10 @@
 
 16384:255:0:40:.:			Proxyblocker:::Proxyblocker (what's this?)
 
+65535:255:0:48:M*,N,N,S:		Redline:::Redline T|X 2200
+
+32696:128:0:40:M1460:			Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine
+
 # ----------- Embedded systems --------------
 
 S9:255:0:44:M536:			PalmOS:Tungsten:C:PalmOS Tungsten C
@@ -589,10 +614,15 @@
 S4:255:0:44:M536:			PalmOS:3:5:PalmOS 3.5
 2948:255:0:44:M536:			PalmOS:3:5:PalmOS 3.5.3 (Handera)
 S29:255:0:44:M536:			PalmOS:5::PalmOS 5.0
+16384:255:0:44:M1398:			PalmOS:5.2:Clie:PalmOS 5.2 (Clie)
+S14:255:0:44:M1350:			PalmOS:5.2:Treo:PalmOS 5.2.1 (Treo)
 
 S23:64:1:64:N,W1,N,N,T,N,N,S,M1460:	SymbianOS:7::SymbianOS 7
-8192:255:0:44:M1460:			SymbianOS:6048::SymbianOS 6048 (on Nokia 7650?)
-8192:255:0:44:M536:			SymbianOS:::SymbianOS (on Nokia 9210?)
+
+8192:255:0:44:M1460:			SymbianOS:6048::Symbian OS 6048 (Nokia 7650?)
+8192:255:0:44:M536:			SymbianOS:9210::Symbian OS (Nokia 9210?)
+S22:64:1:56:M1460,T,S:			SymbianOS:P800::Symbian OS ? (SE P800?)
+S36:64:1:56:M1360,T,S:			SymbianOS:6600::Symbian OS 60xx (Nokia 6600?)
 
 
 # Perhaps S4?
@@ -608,8 +638,8 @@
 
 S12:64:0:44:M1452:			AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64
 
+3100:32:1:44:M1460:			Windows:CE:2.0:Windows CE 2.0
 
-
 ####################
 # Fancy signatures #
 ####################
@@ -619,11 +649,23 @@
 3072:64:0:40:.:				*NMAP:syn scan:3:NMAP syn scan (3)
 4096:64:0:40:.:				*NMAP:syn scan:4:NMAP syn scan (4)
 
+# Requires quirks support
+# 1024:64:0:40:.:A:*NMAP:TCP sweep probe (1)
+# 2048:64:0:40:.:A:*NMAP:TCP sweep probe (2)
+# 3072:64:0:40:.:A:*NMAP:TCP sweep probe (3)
+# 4096:64:0:40:.:A:*NMAP:TCP sweep probe (4)
+
 1024:64:0:60:W10,N,M265,T:		*NMAP:OS:1:NMAP OS detection probe (1)
 2048:64:0:60:W10,N,M265,T:		*NMAP:OS:2:NMAP OS detection probe (2)
 3072:64:0:60:W10,N,M265,T:		*NMAP:OS:3:NMAP OS detection probe (3)
 4096:64:0:60:W10,N,M265,T:		*NMAP:OS:4:NMAP OS detection probe (4)
 
+32767:64:0:40:.:			*NAST:::NASTsyn scan
+
+# Requires quirks support
+# 12345:255:0:40:.:A:-p0f:sendsyn utility
+
+
 #####################################
 # Generic signatures - just in case #
 #####################################
@@ -633,6 +675,8 @@
 
 *:128:1:52:M*,N,W0,N,N,S:		@Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
 *:128:1:52:M*,N,W0,N,N,S:		@Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
+*:128:1:52:M*,N,W*,N,N,S:		@Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
+*:128:1:52:M*,N,W*,N,N,S:		@Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
 *:128:1:64:M*,N,W0,N,N,T0,N,N,S:	@Windows:XP:RFC1323:Windows XP/2000 (RFC1323)
 *:128:1:64:M*,N,W0,N,N,T0,N,N,S:	@Windows:2000:RFC1323:Windows XP/2000 (RFC1323)
 *:128:1:64:M*,N,W*,N,N,T0,N,N,S:	@Windows:XP:RFC1323:Windows XP (RFC1323, w+)
==== //depot/projects/ia64/etc/rc.d/auto_linklocal#3 (text+ko) ====
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $FreeBSD: src/etc/rc.d/auto_linklocal,v 1.2 2006/10/13 12:41:35 ume Exp $
+# $FreeBSD: src/etc/rc.d/auto_linklocal,v 1.3 2006/10/22 17:21:03 hrs Exp $
 #
 
 # PROVIDE: auto_linklocal
@@ -15,7 +15,7 @@
 
 auto_linklocal_start()
 {
-	if ! checkyesno ipv6_enable; then
+	if ! checkyesno ipv6_enable && ${SYSCTL} net.inet6 > /dev/null 2>&1; then
 		${SYSCTL_W} net.inet6.ip6.auto_linklocal=0
 	fi
 }
==== //depot/projects/ia64/etc/rc.d/ppp#5 (text+ko) ====
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $FreeBSD: src/etc/rc.d/ppp,v 1.11 2005/10/29 05:00:25 yar Exp $
+# $FreeBSD: src/etc/rc.d/ppp,v 1.12 2006/10/26 00:29:43 avatar Exp $
 #
 
 # PROVIDE: ppp
@@ -40,9 +40,10 @@
 
 ppp_postcmd()
 {
-	# Re-Sync ipfilter so it picks up any new network interfaces
+	# Re-Sync ipfilter and pf so they pick up any new network interfaces
 	#
 	/etc/rc.d/ipfilter resync
+	/etc/rc.d/pf resync
 }
 
 load_rc_config $name
==== //depot/projects/ia64/etc/rc.firewall#6 (text+ko) ====
@@ -23,7 +23,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $FreeBSD: src/etc/rc.firewall,v 1.48 2005/11/18 02:23:59 ume Exp $
+# $FreeBSD: src/etc/rc.firewall,v 1.49 2006/10/28 20:08:12 phk Exp $
 #
 
 #
@@ -42,12 +42,14 @@
 
 ############
 # Define the firewall type in /etc/rc.conf.  Valid values are:
-#   open     - will allow anyone in
-#   client   - will try to protect just this machine
-#   simple   - will try to protect a whole network
-#   closed   - totally disables IP services except via lo0 interface
-#   UNKNOWN  - disables the loading of firewall rules.
-#   filename - will load the rules in the given filename (full path required)
+#   open        - will allow anyone in
+#   client      - will try to protect just this machine
+#   simple      - will try to protect a whole network
+#   closed      - totally disables IP services except via lo0 interface
+#   workstation - will try to protect just this machine using statefull
+#		  firewalling. See below for rc.conf variables used
+#   UNKNOWN     - disables the loading of firewall rules.
+#   filename    - will load the rules in the given filename (full path required)
 #
 # For ``client'' and ``simple'' the entries below should be customized
 # appropriately.
@@ -107,6 +109,8 @@
 #
 ${fwcmd} -f flush
 
+setup_loopback
+
 ############
 # Network Address Translation.  All packets are passed to natd(8)
 # before they encounter your remaining rules.  The firewall rules
@@ -140,7 +144,6 @@
 #
 case ${firewall_type} in
 [Oo][Pp][Ee][Nn])
-	setup_loopback
 	${fwcmd} add 65000 pass all from any to any
 	;;
 
@@ -155,8 +158,6 @@
 	mask="255.255.255.0"
 	ip="192.0.2.1"
 
-	setup_loopback
-
 	# Allow any traffic to or from my own net.
 	${fwcmd} add pass all from ${ip} to ${net}:${mask}
 	${fwcmd} add pass all from ${net}:${mask} to ${ip}
@@ -168,19 +169,19 @@
 	${fwcmd} add pass all from any to any frag
 
 	# Allow setup of incoming email
-	${fwcmd} add pass tcp from any to ${ip} 25 setup
+	${fwcmd} add pass tcp from any to me 25 setup
 
 	# Allow setup of outgoing TCP connections only
-	${fwcmd} add pass tcp from ${ip} to any setup
+	${fwcmd} add pass tcp from me to any setup
 
 	# Disallow setup of all other TCP connections
 	${fwcmd} add deny tcp from any to any setup
 
 	# Allow DNS queries out in the world
-	${fwcmd} add pass udp from ${ip} to any 53 keep-state
+	${fwcmd} add pass udp from me to any 53 keep-state
 
 	# Allow NTP queries out in the world
-	${fwcmd} add pass udp from ${ip} to any 123 keep-state
+	${fwcmd} add pass udp from me to any 123 keep-state
 
 	# Everything else is denied by default, unless the
 	# IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
@@ -206,8 +207,6 @@
 	imask="255.255.255.240"
 	iip="192.0.2.17"
 
-	setup_loopback
-
 	# Stop spoofing
 	${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
 	${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
@@ -289,8 +288,100 @@
 	# config file.
 	;;
 
+[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn])
+	# Configuration:
+	#  firewall_myservices:		List of TCP ports on which this host
+	#			 	 offers services.
+	#  firewall_allowservices:	List of IPs which has access to
+	#				 $firewall_myservices.
+	#  firewall_trusted:		List of IPs which has full access 
+	#				 to this host. Be very carefull 
+	#				 when setting this. This option can
+	#				 seriously degrade the level of 
+	#				 protection provided by the firewall.
+	#  firewall_logdeny:		Boolean (YES/NO) specifying if the
+	#				 default denied packets should be
+	#				 logged (in /var/log/security).
+	#  firewall_nologports:		List of TCP/UDP ports for which
+	#				 denied incomming packets are not
+	#				 logged.
+	
+	# Allow packets for which a state has been built.
+	${fwcmd} add check-state
+
+	# For services permitted below.
+	${fwcmd} add pass tcp  from me to any established
+
+	# Allow any connection out, adding state for each.
+	${fwcmd} add pass tcp  from me to any setup keep-state
+	${fwcmd} add pass udp  from me to any       keep-state
+	${fwcmd} add pass icmp from me to any       keep-state
+
+	# Allow DHCP.
+	${fwcmd} add pass udp  from 0.0.0.0 68 to 255.255.255.255 67 out
+	${fwcmd} add pass udp  from any 67     to me 68 in
+	${fwcmd} add pass udp  from any 67     to 255.255.255.255 68 in
+	# Some servers will ping the IP while trying to decide if it's 
+	# still in use.
+	${fwcmd} add pass icmp from any to any icmptype 8
+
+	# Allow "mandatory" ICMP in.
+	${fwcmd} add pass icmp from any to any icmptype 3,4,11
+	
+	# Add permits for this workstations published services below
+	# Only IPs and nets in firewall_allowservices is allowed in.
+	# If you really wish to let anyone use services on your 
+	# workstation, then set "firewall_allowservices='any'" in /etc/rc.conf
+	#
+	# Note: We don't use keep-state as that would allow DoS of
+	#       our statetable. 
+	#       You can add 'keep-state' to the lines for slightly
+	#       better performance if you fell that DoS of your
+	#       workstation won't be a problem.
+	#
+	for i in ${firewall_allowservices} ; do
+	  for j in ${firewall_myservices} ; do
+	    ${fwcmd} add pass tcp from $i to me $j
+	  done
+	done
+
+	# Allow all connections from trusted IPs.
+	# Playing with the content of firewall_trusted could seriously
+	# degrade the level of protection provided by the firewall.
+	for i in ${firewall_trusted} ; do
+	  ${fwcmd} add pass ip from $i to me
+	done
+	
+	${fwcmd} add 65000 count ip from any to any
+
+	# Drop packets to ports where we don't want logging
+	for i in ${firewall_nologports} ; do
+	  ${fwcmd} add deny { tcp or udp } from any to any $i in
+	done
+
+	# Broadcasts and muticasts
+	${fwcmd} add deny ip  from any to 255.255.255.255
+	${fwcmd} add deny ip  from any to 224.0.0.0/24 in	# XXX
+
+	# Noise from routers
+	${fwcmd} add deny udp from any to any 520 in
+
+	# Noise from webbrowsing.
+	# The statefull filter is a bit agressive, and will cause some
+	#  connection teardowns to be logged.
+	${fwcmd} add deny tcp from any 80,443 to any 1024-65535 in
+
+	# Deny and (if wanted) log the rest unconditionally.
+	log=""
+	if [ ${firewall_logdeny:-x} = "YES" -o ${firewall_logdeny:-x} = "yes" ] ; then
+	  log="log logamount 500"	# The default of 100 is too low.
+	  sysctl net.inet.ip.fw.verbose=1 >/dev/null
+	fi
+	${fwcmd} add deny $log ip from any to any
+	;;
+
 [Cc][Ll][Oo][Ss][Ee][Dd])
-	setup_loopback
+	${fwcmd} add 65000 deny ip from any to any
 	;;
 [Uu][Nn][Kk][Nn][Oo][Ww][Nn])
 	;;
==== //depot/projects/ia64/games/fortune/datfiles/fortunes#60 (text+ko) ====
@@ -1,5 +1,5 @@
 This fortune brought to you by:
-$FreeBSD: src/games/fortune/datfiles/fortunes,v 1.228 2006/10/20 18:12:25 phk Exp $
+$FreeBSD: src/games/fortune/datfiles/fortunes,v 1.229 2006/10/23 13:25:17 phk Exp $
 
 %
 =======================================================================
@@ -30223,6 +30223,9 @@
 municipality.
 		-- Local ordinance, Euclid Ohio
 %
+It so happens that everything that is stupid is not unconstitutional.
+		-- Supreme Court Justice Antonio Scalia
+%
 It takes a smart husband to have the last word and not use it.
 %
 It takes a special kind of courage to face what we all have to face.
==== //depot/projects/ia64/lib/libc/gmon/Makefile.inc#5 (text+ko) ====
@@ -1,5 +1,5 @@
 #	from @(#)Makefile.inc	8.1 (Berkeley) 6/4/93
-# $FreeBSD: src/lib/libc/gmon/Makefile.inc,v 1.11 2006/03/13 01:14:56 deischen Exp $
+# $FreeBSD: src/lib/libc/gmon/Makefile.inc,v 1.12 2006/10/28 13:34:35 bde Exp $
 
 # gmon sources
 .PATH: ${.CURDIR}/gmon
@@ -12,12 +12,6 @@
 
 MLINKS+=moncontrol.3 monstartup.3
 
-.if ${MACHINE_ARCH} == amd64
-# mcount needs to be compiled with frame pointers and without profiling
-mcount.po: mcount.c
-	${CC} ${CFLAGS} -fno-omit-frame-pointer -c ${.IMPSRC} -o ${.TARGET}
-.else
 # mcount cannot be compiled with profiling
 mcount.po: mcount.o
 	cp mcount.o mcount.po
-.endif
==== //depot/projects/ia64/lib/libc/net/inet.3#8 (text+ko) ====
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     From: @(#)inet.3	8.1 (Berkeley) 6/4/93
-.\" $FreeBSD: src/lib/libc/net/inet.3,v 1.30 2005/02/13 22:25:12 ru Exp $
+.\" $FreeBSD: src/lib/libc/net/inet.3,v 1.31 2006/10/28 13:05:10 ru Exp $
 .\"
 .Dd June 14, 2004
 .Dt INET 3
@@ -299,5 +299,7 @@
 .Fn inet_ntoa
 resides in a static memory area.
 .Pp
-Inet_addr should return a
+The
+.Fn inet_addr
+function should return a
 .Fa struct in_addr .
==== //depot/projects/ia64/lib/libc/resolv/res_send.c#3 (text) ====
@@ -70,10 +70,10 @@
 
 #if defined(LIBC_SCCS) && !defined(lint)
 static const char sccsid[] = "@(#)res_send.c	8.1 (Berkeley) 6/4/93";
-static const char rcsid[] = "$Id: res_send.c,v 1.5.2.2.4.7 2005/08/15 02:04:41 marka Exp $";
+static const char rcsid[] = "$Id: res_send.c,v 1.5.2.2.4.8 2006/03/08 04:13:31 marka Exp $";
 #endif /* LIBC_SCCS and not lint */
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/lib/libc/resolv/res_send.c,v 1.3 2006/08/04 12:26:07 ume Exp $");
+__FBSDID("$FreeBSD: src/lib/libc/resolv/res_send.c,v 1.4 2006/10/24 14:41:43 ume Exp $");
 
 /*
  * Send query to name server and wait for reply.
@@ -145,7 +145,7 @@
 				int kq,
 #endif
 				const u_char *, int,
-				u_char *, int, int *, int,
+				u_char *, int, int *, int, int,
 				int *, int *);
 static void		Aerror(const res_state, FILE *, const char *, int,
 			       const struct sockaddr *, int);
@@ -490,7 +490,7 @@
 				    kq,
 #endif
 				    buf, buflen, ans, anssiz, &terrno,
-				    ns, &v_circuit, &gotsomewhere);
+				    ns, try, &v_circuit, &gotsomewhere);
 			if (n < 0)
 				goto fail;
 			if (n == 0)
@@ -812,8 +812,9 @@
 #ifdef USE_KQUEUE
 	int kq,
 #endif
-	const u_char *buf, int buflen, u_char *ans, int anssiz,
-	int *terrno, int ns, int *v_circuit, int *gotsomewhere)
+	const u_char *buf, int buflen, u_char *ans,
+	int anssiz, int *terrno, int ns, int try, int *v_circuit,
+	int *gotsomewhere)
 {
 	const HEADER *hp = (const HEADER *) buf;
 	HEADER *anhp = (HEADER *) ans;
@@ -914,7 +915,7 @@
 	/*
 	 * Wait for reply.
 	 */
-	seconds = (statp->retrans << ns);
+	seconds = (statp->retrans << try);
 	if (ns > 0)
 		seconds /= statp->nscount;
 	if (seconds <= 0)
==== //depot/projects/ia64/lib/libc/stdio/xprintf.c#4 (text+ko) ====
>>> TRUNCATED FOR MAIL (1000 lines) <<<
    
    
More information about the p4-projects
mailing list