From owner-freebsd-current@FreeBSD.ORG Sun Feb 29 21:21:14 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 816CD16A4CE for ; Sun, 29 Feb 2004 21:21:14 -0800 (PST) Received: from omoikane.mb.skyweb.ca (omoikane.mb.skyweb.ca [64.42.246.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FF0043D2D for ; Sun, 29 Feb 2004 21:21:14 -0800 (PST) (envelope-from mark@skyweb.ca) Received: by omoikane.mb.skyweb.ca (Postfix, from userid 1001) id 9CD89627BC; Sun, 29 Feb 2004 23:21:31 -0600 (CST) Date: Sun, 29 Feb 2004 23:21:31 -0600 From: Mark Johnston To: current@freebsd.org Message-ID: <20040301052131.GA696@omoikane.mb.skyweb.ca> Mail-Followup-To: current@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: cvs-src summary for 29/02/04 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 05:21:14 -0000 New this week: Lukasz Dudek is kindly translating these summaries into Polish. Polish versions are available at http://mocart.pinco.pl/FreeBSD/. FreeBSD cvs-src summary for 23/02/04 to 29/02/04 ++++++++++++++++++++++++++++++++++++++++++++++++ This is a regular weekly summary of FreeBSD's cutting-edge development. It is intended to help the FreeBSD community keep up with the fast-paced work going on in FreeBSD-CURRENT by distilling the deluge of data from the CVS mailing list into a (hopefully) easy-to-read newsletter. This newsletter is marked up in reStructuredText_, so any odd punctuation that you see is likely intended for the reST parser. .. _reStructuredText: http://docutils.sourceforge.net/rst.html You can get old summaries, and an HTML version of this one, at http://www.xl0.org/FreeBSD/. Please send any comments to Mark Johnston (mark at xl0.org). For Lukasz Dudek (mocart at pinco.pl)'s Polish translations of these summaries, which lag the English ones by a couple of days, please see http://mocart.pinco.pl/FreeBSD/. .. contents:: ============ New features ============ OpenBSD's PF packet filter imported ----------------------------------- Max Laier (mlaier) imported OpenBSD's PF packet filter, from OpenBSD 3.4. PF, originally written by Daniel Hartmeier, was introduced in OpenBSD 3.0 and has been available in ports since June 2003. Max also applied the FreeBSD-specific patches from the PF port, fixing up API differences as well as introducing locking so that PF can work without using the Giant system lock. The code is now in CVS, but it has not yet been added to the base system. This import kicked off a huge thread; see below_ for a (long) summary. For details about PF and the benefits it offers, please see the `PF User's Guide`_. .. _below: `OpenBSD packet filter import`_ .. _`PF User's Guide`: http://www.openbsd.org/faq/pf/index.html Kernel parts: http://docs.freebsd.org/cgi/mid.cgi?200402260204.i1Q24S8F007564 Userland parts: http://docs.freebsd.org/cgi/mid.cgi?200402281652.i1SGqkWG070550 ALTQ skeleton: http://docs.freebsd.org/cgi/mid.cgi?200402282150.i1SLooYg046952 OpenSSH 3.8p1 imported ---------------------- Dag-Erling Smorgrav (des) imported OpenSSH version 3.8p1 (the portable release of 3.8), replacing 3.7.1p2. Note that this change also disables version 1 of the SSH protocol by default in the server, so if you are using protocol version 1, make sure you adjust /etc/ssh/sshd_config appropriately. http://docs.freebsd.org/cgi/mid.cgi?200402261038.i1QAcsVa037628 DNS resolver made more thread-safe ---------------------------------- Brian Feldman (green) committed changes to the DNS resolver system to make it more re-entrant (thread-safe). Locking has been greatly reduced, and with the changes, programs that do DNS lookups in threads can now perform multiple lookups at a time. This fixes the problem with Mozilla browsers loading multiple tabs one by one, rather than all at once. Multi-threaded applications that use "_res" to set up the resolver will need to be recompiled. Some of these are Mozilla, Evolution, and gnomevfs2. http://docs.freebsd.org/cgi/mid.cgi?200402252103.i1PL3kkh030016 ACPICA upgraded to version 20040220 ----------------------------------- Nate Lawson (njl) imported version 20040220 of ACPI-CA (Advanced Configuration and Power Interface - Component Architecture). This is the code that deals with the ACPI code stored in the BIOS, enabling proper interrupt routing and power management on newer laptops and motherboards. Nate also applied a number of FreeBSD-specific patches. http://docs.freebsd.org/cgi/mid.cgi?200402282023.i1SKNZNi020682 New routed imported ------------------- Bruce M. Simpson (bms) imported rhyolite.com routed 2.27. The previous version was 2.22 with some FreeBSD-specific patches, which have been carried forward. 2.27 changes the way MD5 authentication is handled, making routed compatible with Cisco routers and Sun routed code, but it is not backwards-compatible with routed before 2.26. See the `Rhyolite free source page` for more information. .. _`Rhyolite free source page`: http://www.rhyolite.com/src/ http://docs.freebsd.org/cgi/mid.cgi?200402252320.i1PNKNY2062940 New GNU regex library imported ------------------------------ Andrew A. Chernov imported a new version of the GNU regex regular expression library, which was packaged with GNU grep 2.4.2. http://docs.freebsd.org/cgi/mid.cgi?200402250227.i1P2Rpca040890 Watchdog enhancements --------------------- Poul-Henning Kamp (phk) added a generic watchdog facility, so that all the watchdog implementations can be controlled through a single point. He also adapted the software watchdog to use that interface and renamed the kernel configuration option from WATCHDOG to SW_WATCHDOG - if you use WATCHDOG, be sure to update your kernel configuration file. Later, he committed support for the hardware watchdog in the Geode SC1100 chip, which is found on embedded systems like the Soekris net4801. Main commit: http://docs.freebsd.org/cgi/mid.cgi?200402282056.i1SKuZTe034073 Geode addition: http://docs.freebsd.org/cgi/mid.cgi?200402282233.i1SMXSXI058464 Major USB merge to -STABLE -------------------------- Julian Elischer (julian) committed a major update to the 4.x USB code, making it much more similar to the code in -CURRENT. This update will allow 4.10 to support USB 2 and make debugging easier. http://docs.freebsd.org/cgi/mid.cgi?200403010007.i2107QbD056747 Netgraph improvements merged from -CURRENT ------------------------------------------ Ruslan Ermilov (ru) merged a number of minor improvements to Netgraph, a modular system to hook together networking functions, to -STABLE. The merge introduces new API functions and fixes a memory leak. At the same time, Ruslan also merged code to allow socket buffers to be changed on the fly, via sysctl. Netgraph MFC: http://docs.freebsd.org/cgi/mid.cgi?200402231123.i1NBNCpj040938 Socket buffer sysctls: http://docs.freebsd.org/cgi/mid.cgi?200402231017.i1NAHXMj024334 ================= Discussion topics ================= OpenBSD packet filter import ---------------------------- This was a long and complex thread, and I've tried to summarize each major turn in the discussion. This is an important issue, so I suggest that you read the full thread, starting from the link below. As noted above_, Max Laier imported OpenBSD's PF to the system. Steve Kargl asked where and what discussion had taken place before the import. Bruce M. Simpson (bms) explained that discussions took place between several network developers, with core@ involved. Bruce also mentioned that he has some plans for PF, like IPSEC NAT passthrough, higher-level filtering for Kazaa and the like, and perhaps some improvements to connections with different send and receive paths, like one-way satellite. Further posts clarified that there are no plans for removal of ipfw/ipfw2 or IPFilter. Luigi Rizzo (luigi) chimed in, pointing out that ipfw2's microcode-based approach to rules is simpler to extend, and suggesting that an ideal firewall would have ipfw2's microcode-based rules and PF's in-kernel NAT. Sam Leffler (sam) agreed with this assessment. Some discussion followed about converting ipfw2 to use the new PFIL_HOOKS packet filtering API, and Luigi said he would look and see what he could do. Dag-Erling Smorgrav (des) suggested that converting the entire stack to netgraph would be ideal, so filtering could be inserted at any point. Several people argued against this, for performance and difficulty of implementation reasons. Andre Oppermann (andre) suggested that if any firewall should be removed, it should be IPFilter, as PF replaces it. Jacques Vidrine (nectar) pointed out that IPFilter is the only system firewall that's also available on commercial UNIXes like Solaris and IRIX. Tim Kientzle (kientzle) posted a wish for a feature where address sets could be created, then addresses added and removed on the fly, without changing the rules. Several replies noted that this is possible with PF out of the box. .. _above: `OpenBSD's PF packet filter imported`_ http://docs.freebsd.org/cgi/mid.cgi?200402260234.i1Q2YDx1014240 How wide is the effect of libkvm changes? ----------------------------------------- Andre Opperman (andre) committed code to convert the TCP reassembly queue to UMA, which changed libkvm, requiring all programs that use it to be recompiled. Kris Kennaway (kris) pointed out that libkvm is used by ports, not just the base system. Andre asked for more detail, and Kris provided a rough list of 80 ports that use the library. Andre clarified that only ports that access the TCP structures will need to be recompiled. Andre's commit: http://docs.freebsd.org/cgi/mid.cgi?200402241527.i1OFRgdm072232 Kris's port list: http://docs.freebsd.org/cgi/mid.cgi?20040224223404.GA55257 They don't make 'em like they used to ------------------------------------- Poul-Henning Kamp (phk) committed an update to the manual page for fdcontrol, the floppy drive control program, adding an example for 8" floppies. Wilko Bulte (wilko) offered an appropriate disk, starting a thread about old storage media and devices. Wilko told a story about an old AC-powered drive running fill of sand and cement, and Kevin Oberman compared 8" floppies with the old, indestructible DECtape system. The commit was brought on by Poul-Henning's work for a new computer museum in Denmark. Poul-Henning is looking for a scan or copy of a manual for the Y-E Data YD174 8" drive, so please let him know if you have a copy. Start of thread: http://docs.freebsd.org/cgi/mid.cgi?200402251355.i1PDtu6Y018589 More information about the museum: http://docs.freebsd.org/cgi/mid.cgi?27174.1077734003 =================== Important bug fixes =================== FreeBSD-SA-04:03 - Jailed processes moving around ------------------------------------------------- Last week, there was `a commit by Jacques Vidrine (nectar)`_ that dealt with processes moving around from jail to jail. `FreeBSD-SA-04:03`_ has since been issued for this problem, so I wanted to give it a second mention. .. _`a commit by Jacques Vidrine (nectar)`: http://excel.xl0.org/FreeBSD/22-02-04.html#jailed-processes-moving-around-corrected .. _`FreeBSD-SA-04:03`: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.mail.asc SMB directory/file creation bug fix merged from -CURRENT -------------------------------------------------------- Tim J. Robbins (tjr) merged the SMB bug fix `mentioned two weeks ago`_ to -STABLE. The bug would cause problems when a file was replaced with a directory of the same name, or vice versa. .. _`mentioned two weeks ago`: http://excel.xl0.org/FreeBSD/15-02-04.html#problem-with-creating-directories-under-smbfs-corrected http://docs.freebsd.org/cgi/mid.cgi?200402261112.i1QBChxE047414 =============== Other bug fixes =============== Kirk McKusick (mckusick) fixed a bug in UFS that was causing deadlocks and machine lockups. http://docs.freebsd.org/cgi/mid.cgi?200402230640.i1N6eHcs064986 Jeffrey Hsu (hsu) fixed a condition in the TCP code that could cause a panic under certain conditions when a connection was closed. http://docs.freebsd.org/cgi/mid.cgi?200402250853.i1P8rIK5041945