similar to: Followup to Luoqi Chen's 4.x PAE post; if_xl driver

As promised, the updated if_xl with full busdma support / other improvements has been MFC'd to 4.8-stable. While I have put this driver through extensive testing, it is possible that there may be bugs which are either present in the -current version or that I added in the MFC process. So, if you cvsup to -stable anytime in the future and notice problems with if_xl, please tell me ASAP!

Mike Silbersack wrote: > On Tue, 16 Sep 2003, Scott Long wrote: > > >>Patches have been floated on the mailing list that revert PAE in its >>various stages. Maybe those need to be brought back up. Silby? Tor? >> >>Scott > > > I believe that Tor's commit on August 30th resolved the PAE-related > problems, so there is no need for a reversion.

If anyone was using a bfe card and seeing interrupt storms when you attempted to bring the card up, this is the fix for you. The driver wasn't previously taking into account the fact that the chipset doesn't like addresses over the 1GB mark. If you'd like an even quicker fix, just add hw.mem = "1000M" to your loader.conf and reboot. :) Mike "Silby" Silbersack

Here's my proposed patch to change RST handling so that ESTABLISHED connections are subject to strict RST checking, but connections in other states are only subject to the "within the window" check. Part 2 of the patch is simply a patch to netstat so that it displays the statistic. As expected, it's very straightforward, the only real question is what to call the statistic...

Hi, everyone, I've ported Jake Burkholder's PAE support from -current to the 4.x branch. This has been scheduled to go into the coming 4.9 release. You can get the most recent set of patch files from http://people.freebsd.org/~luoqi/pae-4. If you are interested and have a machine with over 4GB memory, please give it a try. You may also try it just for fun, even if you don't have 4GB

Thanks to Tor Egge, the VM problems introduced during the PAE import have now been fixed. The problem occured because of changes in locking between 4.x and 5.x which were not obvious. Of course, there still could be other bugs hanging around the 4.x tree, and we'd like to hear about them. (Crashdumps provided by Mike Tancsa and others helped greatly in tracking down this problem.) If

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:26.accept Security Advisory The FreeBSD Project Topic: Remote denial-of-service when using accept filters Category: core Module: kernel Announced:

As others have noted, Tor's patch appears to be a total solution to the recent instability the PAE patch introduced. So, if you're experiencing panics with a recent kernel, or are in a position to stress a machine, please cvsup and give it a test! Thanks, Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Sat, 30 Aug 2003 08:39:08 -0700 (PDT) From: Tor Egge

As decided by the RE team, I'm going to commit the PAE backport to 4-stable this Friday. This includes the VM infrastruture related portion of the patch set I posted earlier (http://people.freebsd.org/~luoqi/pae-4/diff.pae). Some device drivers will also be updated in the coming weeks to allow them to work with the PAE enabled. -lq

Some more crashes of 4.8-RELEASE. Lets see what do I have today: # ls -l /var/crash total 1576676 -rw-r--r-- 1 root wheel 2 Jul 30 13:31 bounds -rw-r--r-- 1 root wheel 2193252 Jun 25 17:30 kernel.0 -rw-r--r-- 1 root wheel 2193252 Jul 4 00:08 kernel.1 -rw-r--r-- 1 root wheel 2193252 Jul 15 19:28 kernel.2 -rw-r--r-- 1 root wheel 2193252 Jul 16 17:50 kernel.3

If you're one of the people who has cvsup'd to 4.8-stable since August 8th and you've since begun to experience panics on a previously stable system, please apply the attached patch and see if your previous stability has been restored. Please tell me your results. Thanks, Mike "Silby" Silbersack -------------- next part -------------- diff -u -r

In http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 it seems RELENG_4 is vulnerable. Is there any work around to a system that has to have ports open ? Version: 1 2/18/2004@03:47:29 GMT >Initial report > <<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650; >ID#207650: >FreeBSD Memory Buffer

Dear list, A few days ago one of my machines were attacked by a DDoS-attack using UDP on random ports.. When I later on analyzed the logs, I found this in my dmesg: xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) I tried to find out on google what it ment, but without any luck. What does that mean and

Forwarded message: > From full-disclosure-admin@lists.netsys.com Wed Apr 21 11:49:12 2004 > To: full-disclosure@lists.netsys.com > From: Darren Bounds <dbounds@intrusense.com> > Subject: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability > Date: Tue, 20 Apr 2004 18:19:58 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >

hi is there any way to build 4.8 release with this fstack protection? or atleast some ports is there any good info on this? the only page i found was that ibm page but it seemed outdated. //martin

Hi, folks @ freebsd-security. First, I am not sure if this is apropriate topic for that list, so sorry, if it is not. Some time ago I have read rfc1948 (protection from blind TCP spoofing) and became interested in the way how it is implemented in FreeBSD. After some googling (BTW if you like Google you might be interested in this: http://register.spectator.ru/img/bart.gif ), I found this:

Hello, all! In the beginning I want to say, that this question seems to be a security one, isn't it so?.. Recently I was googling for the subject and coulnd't find anything... Even in the opennet.ru forum nobody answered me about this. So, as far as I got to know, randomizing source ports in FreeBSD is impossible now? (to be exact - is not implemented?) It's very interesting to me

Hi there, I'm still running 6.2 on various servers without any tweaks (GENERIC kernel, binary updates via freebsd-update etc.) but lots of ports (apache, postgresql, diablo-jdk etc.) and would like to use stack smashing protection in order to harden my boxes and avoid many potential exploits. I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that

Has anyone seen the recently published IETF draft regarding ICMP attacks against TCP? [http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-00.txt] I'm interested in any comments as to the vulnerability of FreeBSD's TCP to such attacks and the need for or usefulness of the various solutions proposed in the paper. Thanks, all - Steve -- Steve Zweep Senior Software

Attached is a security alert from Gentoo pertaining to clam antivirus. It seems that as of this morning, FreeBSD's ports still contain the affected version. Thank in advance, Tom Veldhouse -------------- next part -------------- An embedded message was scrubbed... From: Tim Yamin <plasmaroo@gentoo.org> Subject: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability Date: