o Use DCE compliant UUID functions and provide local
implementations if they don't exist,
o Move dumping of the map to show.c and print the
partition type,
o Some cleanups and rearrangements.
The default GPT partition type is UFS. When no starting block
or size are specified, the tool will create a partition in the
first free space it find (or that fits, depending on the size).
code is directly copied from migrate.c. The intend is to express
migrate in terms of create and add. The functionality to add
partitions is not yet there.
Quoting luigi:
In order to make the userland code fully 64-bit clean it may
be necessary to commit other changes that may or may not cause
a minor change in the ABI.
Reviewed by: luigi
regarding 802.1 MAC and Mandatory Access Control (MAC). Some
potential for confusion remains further in other areas of the
system regarding Message Authentication Codes (MAC).
Requested by: wollman
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
interfaces using the 'mac' argument. Without MAC support in the
kernel, this does not change the behavior of ifconfig.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
result of an incomplete migration. An incomplete migration is
one where the MBR is not turned into a PMBR after creating the
GPT. This early in the game it's more convenient to allow the
inconsistency, because that avoids that we have to destroy the
MBR partitioning for now.
arbitrary commands when devices come and go in the device tree (which is
different than the /dev directory).
This is an initial version. Much of the planned power isn't here.
Instead of doing the full matching, we always run /etc/devd-generic.
/etc/devd.generic will go away at some point, I think.
I'm committing it in this early state so I can start getting feedback
from early adapters.
Approved by: re
o Fix some punctuation and wording
o Wording consistency in command-line option documentation
o Make use of mdoc's markup a bit more (quoting and the like)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
command, permitting it to set FS_ACLS and FS_MULTILABEL administrative
flags on UFS file systems.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
when using '-p' with reboot, and the power down action failds, reboot
the system normally. The behaviour of 'halt -p' and of shutdown(8) is
unchanged.
Approved by: roberto
'-p' is used on the reboot(8) command line.
This is intended for use when you want to attempt a power down
action, but you want the system to reboot (not halt) if the
power down action fails.
This is typically useful when the power-off action performed by
the kernel consists in signalling an uninterrupted power supply
that it should shut down its inverter if mains power has not returned.
The behaviour of shutdown(8) and init(8) is not modified;
only the behaviour of invoking 'reboot -p' manually is
modified, and then only in the case when a power-down action
fails.
Sounded reasonable to: phk
Approved by: roberto (mentor)
rules don't apply to tokens that are supposed to represent single args.
This was only fixed in the man page.
Fixed other differences between the man page and the usage message (1
formatting bug and 1 syntax bug).
Peter had repocopied sys/disklabel.h to sys/diskpc98.h and sys/diskmbr.h.
These two new copies are still intact copies of disklabel.h and
therefore protected by #ifndef _SYS_DISKLABEL_H_ so #including them
in programs which already include <sys.disklabel.h> is currently a
no-op.
This commit adds a number of such #includes.
Once I have verified that I have fixed all the places which need fixing,
I will commit the updated versions of the three #include files.
Sponsored by: DARPA & NAI Labs.
Setting this flag on an ethernet interface blocks transmission of packets
and discards incoming packets after BPF processing.
This is useful if you want to monitor network trafic but not interact
with the network in question.
Sponsored by: http://www.babeltech.dk
under way to move the remnants of the a.out toolchain to ports. As the
comment in src/Makefile said, this stuff is deprecated and one should not
expect this to remain beyond 4.0-REL. It has already lasted WAY beyond
that.
Notable exceptions:
gcc - I have not touched the a.out generation stuff there.
ldd/ldconfig - still have some code to interface with a.out rtld.
old as/ld/etc - I have not removed these yet, pending their move to ports.
some includes - necessary for ldd/ldconfig for now.
Tested on: i386 (extensively), alpha
has always done.
Technically, this is the wrong format, but it reduces the diffs in
-stable. Someday, when we get rid of ipfw1, I will put the port number
in the proper format both in kernel and userland.
MFC after: 3 days
(with re@ permission)
in /etc/fstab. This isn't a real fix though and I'm still not sure
why it started failing. mount(8) breaks up the nfs args into seperate
repeated '-o option=value' arguments. But, the altflags variable that
we use to track things is incrementally built up each time we see the
next option and shows us the cumulative set of flags, not just the
flag that we are currently looking at. As a result, the strstr hack
for looking up flags in a giant -o opt=val,opt=val, etc string was failing
and causing a segfault. I do not know what changed recently that caused
this to suddenly break, but the code has been rather bogus for some time.
Also, for all interfaces in this mode pass all ethernet frames to upper layer,
even those not addressed to our own MAC, which allows packets encapsulated
in those frames be processed with packet filters (ipfw(8) et al).
Emphatically requested by: Anton Turygin <pa3op@ukr-link.net>
Valuable suggestions by: fenner
following Julian's good suggestion: since you can specify any match
pattern as an option, rules now have the following format:
[<proto> from <src> to <dst>] [options]
i.e. the first part is now entirely optional (and left there just
for compatibility with ipfw1 rulesets).
Add a "-c" flag to show/list rules in the compact form
(i.e. without the "ip from any to any" part) when possible.
The default is to include it so that scripts processing ipfw's
canonical output will still work.
Note that as part of this cleanup (and to remove ambiguity), MAC
fields now can only be specified in the options part.
Update the manpage to reflect the syntax.
Clarify the behaviour when a match is attempted on fields which
are not present in the packet, e.g. port numbers on non TCP/UDP
packets, and the "not" operator is specified. E.g.
ipfw add allow not src-port 80
will match also ICMP packets because they do not have port numbers, so
"src-port 80" will fail and "not src-port 80" will succeed. For such
cases it is advised to insert further options to prevent undesired results
(e.g. in the case above, "ipfw add allow proto tcp not src-port 80").
We definitely need to rewrite the parser using lex and yacc!
render the syntax less ambiguous.
Now rules can be in one of these two forms
<action> <protocol> from <src> to <dst> [options]
<action> MAC dst-mac src-mac mac-type [options]
however you can now specify MAC and IP header fields as options e.g.
ipfw add allow all from any to any mac-type arp
ipfw add allow all from any to any { dst-ip me or src-ip me }
which makes complex expressions a lot easier to write and parse.
The "all from any to any" part is there just for backward compatibility.
Manpage updated accordingly.
noting that the restrictions do not apply if the user invoking the
program is also the owner of the program.
Also, capitalize a section header properly.
PR: misc/41180
Implement the M_SKIP_FIREWALL bit in m_flags to avoid loops
for firewall-generated packets (the constant has to go in sys/mbuf.h).
Better comments on keepalive generation, and enforce dyn_rst_lifetime
and dyn_fin_lifetime to be less than dyn_keepalive_period.
Enforce limits (up to 64k) on the number of dynamic buckets, and
retry allocation with smaller sizes.
Raise default number of dynamic rules to 4096.
Improved handling of set of rules -- now you can atomically
enable/disable multiple sets, move rules from one set to another,
and swap sets.
sbin/ipfw/ipfw2.c:
userland support for "noerror" pipe attribute.
userland support for sets of rules.
minor improvements on rule parsing and printing.
sbin/ipfw/ipfw.8:
more documentation on ipfw2 extensions, differences from ipfw1
(so we can use the same manpage for both), stateful rules,
and some additional examples.
Feedback and more examples needed here.
- Make getvfsbyname() take a struct xvfsconf *.
- Convert several consumers of getvfsbyname() to use struct xvfsconf.
- Correct the getvfsbyname.3 manpage.
- Create a new vfs.conflist sysctl to dump all the struct xvfsconf in the
kernel, and rewrite getvfsbyname() to use this instead of the weird
existing API.
- Convert some {set,get,end}vfsent() consumers to use the new vfs.conflist
sysctl.
- Convert a vfsload() call in nfsiod.c to kldload() and remove the useless
vfsisloadable() and endvfsent() calls.
- Add a warning printf() in vfs_sysctl() to tell people they are using
an old userland.
After these changes, it's possible to modify struct vfsconf without
breaking the binary compatibility. Please note that these changes don't
break this compatibility either.
When bp will have updated mount_smbfs(8) with the patch I sent him, there
will be no more consumers of the {set,get,end}vfsent(), vfsisloadable()
and vfsload() API, and I will promptly delete it.
with ipfw2 extensions and give examples of use of the new features.
This is just a preliminary commit, where i simply added the basic
syntax for the extensions, and clean up the page (e.g. by listing
things in alphabetical rather than random order).
I would appreciate feedback and possible corrections/extensions
by interested parties.
Still missing are a more detailed description of stateful rules
(with keepalives), interaction with of stateful rules and natd (don't do
that!), examples of use with the recently introduced rule sets.
There is an issue related to the MFC: RELENG_4 still has ipfw as a
default, and ipfw2 is optional. We have two options here: MFC this
page as ipfw(8) adding a large number of "SORRY NOT IN IPFW" notes,
or create a new ipfw2(8) manpage just for -stable users. I am all
for the first approach, but of course am listening to your comments.
The bugfix (ipfw2.c) makes the handling of port numbers with
a dash in the name, e.g. ftp-data, consistent with old ipfw:
use \\ before the - to consider it as part of the name and not
a range separator.
The new feature (all this description will go in the manpage):
each rule now belongs to one of 32 different sets, which can
be optionally specified in the following form:
ipfw add 100 set 23 allow ip from any to any
If "set N" is not specified, the rule belongs to set 0.
Individual sets can be disabled, enabled, and deleted with the commands:
ipfw disable set N
ipfw enable set N
ipfw delete set N
Enabling/disabling of a set is atomic. Rules belonging to a disabled
set are skipped during packet matching, and they are not listed
unless you use the '-S' flag in the show/list commands.
Note that dynamic rules, once created, are always active until
they expire or their parent rule is deleted.
Set 31 is reserved for the default rule and cannot be disabled.
All sets are enabled by default. The enable/disable status of the sets
can be shown with the command
ipfw show sets
Hopefully, this feature will make life easier to those who want to
have atomic ruleset addition/deletion/tests. Examples:
To add a set of rules atomically:
ipfw disable set 18
ipfw add ... set 18 ... # repeat as needed
ipfw enable set 18
To delete a set of rules atomically
ipfw disable set 18
ipfw delete set 18
ipfw enable set 18
To test a ruleset and disable it and regain control if something
goes wrong:
ipfw disable set 18
ipfw add ... set 18 ... # repeat as needed
ipfw enable set 18 ; echo "done "; sleep 30 && ipfw disable set 18
here if everything goes well, you press control-C before
the "sleep" terminates, and your ruleset will be left
active. Otherwise, e.g. if you cannot access your box,
the ruleset will be disabled after the sleep terminates.
I think there is only one more thing that one might want, namely
a command to assign all rules in set X to set Y, so one can
test a ruleset using the above mechanisms, and once it is
considered acceptable, make it part of an existing ruleset.
gcc memcpy "knows" about types that are supposed to be actually already
aligned and triggers alignment errors doing the memcpy itself.
"Fix" this by changing it to a bcopy(). In this case, we had:
struct timeval *tp;
struct timeval tv1;
memcpy(&tv1,tp,sizeof(tv1));
.. and since gcc *knows* that a pointer to a timeval is longword aligned
and that tv1 is longword aligned, then it can use an inline that assumes
alignment. The following works too:
cp = (char *)tp;
memcpy(&tv1,cp,sizeof(tv1));
Simply casting (char *)tp for the memcpy doesn't work. :-(
This affected different 64 bit platforms in different ways and depends
a lot on gcc as well. I've seen this on alpha and ia64 at least, although
alpha isn't doing it right now.
fsck_ffs did not need it, but quotacheck did include it from fsck_ffs.
A repocopy has now moved the fsck_ffs/preen.c file to quotacheck/preen.c
quotacheck and fsck should probably use the same checkfstab() function
and it should possibly live in libufs.
Trouble is: they have diverged in the meantime.
At least now fsck_ffs is not in the equation anymore.
Sponsored by: DARPA & NAI Labs.
Convert init(8) to use nmount() instead of mount() when
it has to mount devfs. This doesn't happen normally,
since the kernel is supposed to mount devfs itself.
remove all the code which was trying to do so.
This code was nasty in several ways, it was hiding
the kernel bug where the kernel was unable to properly
load a module, and it was quitting if it wasn't able
to load the module. The consequence is that an ABI
breakage of the vfsconf API would have broken *every*
mount utility.
kernel access control.
Teach mount(8) to understand the MNT_MULTILABEL flag, which is used
to determine whether a file system operates with individual per-vnode
labels, or treats the entire file system as a single object with a
single (mount) label. The behavior here will probably evolve some
now that nmount(2) is available and can more flexibly support mount
options.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
+ the header file contains two different opcodes (O_IPOPTS and O_IPOPT)
for what is the same thing, and sure enough i used one in the kernel
and the other one in userland. Be consistent!
+ "keep-state" and "limit" must be the last match pattern in a rule,
so no matter how you enter them move them to the end of the rule.
UFS2 commit.
These bits in essence made any instance of "softupdates expected
corrution", (ie blocks marked allocated but not referenced by an
inode etc) result in a exit value for fsck_ffs of 2.
2 is part of the magic and appearantly undocumented protocol between
fsck_FOO and fsck and means "dump into single user mode ASAP.
Sponsored by: DARPA & NAI Labs.
(and make it easier to find stuff for the old ones). I originally put
everything under one "RULE SUBSYSTEM" so it didn't look like devfs(8)
is dedicated to the rule subsystem, but since nobody has any idea what
else might go here, it's not worth confusing people just to save a
little time for someone that might add something rule-unrelated to
devfs(8) in a few years.
Suggested by: sheldonh, phk
but is useful to have handy. EFI GPT partitions are used instead of the
fdisk+disklabel combination. They are pure 64 bit LBA, are fully
extensible, support up to 16383 partitons per disk, etc.
support creation times such as UFS2) to the value of the
modification time if the value of the modification time is older
than the current creation time. See utimes(2) for further details.
Sponsored by: DARPA & NAI Labs.
administrator to define certain properties of new devfs nodes before
they become visible to the userland. Both static (e.g., /dev/speaker)
and dynamic (e.g., /dev/bpf*, some removable devices) nodes are
supported. Each DEVFS mount may have a different ruleset assigned to
it, permitting different policies to be implemented for things like
jails.
Approved by: phk
* accept "icmptype" as an alias for "icmptypes";
* remove an extra whitespace after "log" rules;
* print correctly the "limit" masks;
* correct a typo in parsing dummynet arguments (this caused a coredump);
* do not allow specifying both "check-state" and "limit", they are
(and have always been) mutually exclusive;
* remove an extra print of the rule before installing it;
* make stdout buffered -- otherwise, if you log its output with syslog,
you will see one entry for each printf(). Rather unpleasant.
fatal on alphas.
Fixed setting of WARNS. WARNS should never be set unconditionally, since
this breaks testing of different WARNS values by setting it at a higher
level (e.g., on the command line).
issue, since the MAXBSIZE-sized buffers are accessed as arrays of
block pointers, but were declared as char[] arrays. Use a union to
avoid this, which also makes a number of casts unnecessary.
Pointed out by: bde
Reviewed by: bde
to a malloc'd buffer in dmpindir() and dirindir(). These functions
recursively call themselves to handle deeper levels of indirect
blocks, so a single static buffer was not suitable.
Bug tracked down by: Don Lewis <dl-freebsd@catspoiler.org>
Approach suggested by: bde
and -Wformat warnings:
o Include timeconv.h for the time conversion functions.
o Remove unused variables.
o Correct a few cases where %d was used when printing longs.
now it should support all the instructions of the old ipfw.
Fix some bugs in the user interface, /sbin/ipfw.
Please check this code against your rulesets, so i can fix the
remaining bugs (if any, i think they will be mostly in /sbin/ipfw).
Once we have done a bit of testing, this code is ready to be MFC'ed,
together with a bunch of other changes (glue to ipfw, and also the
removal of some global variables) which have been in -current for
a couple of weeks now.
MFC after: 7 days
o Fix zero payloading, unbreak ping -s 0.
o Increase socket recieve buffer, ping -s 65467 is working now.
Submitted by: anti-magic sweep based on kris's patch
Reviewed by: bde, silence on -audit
MFC after: 2 months
This code makes use of variable-size kernel representation of rules
(exactly the same concept of BPF instructions, as used in the BSDI's
firewall), which makes firewall operation a lot faster, and the
code more readable and easier to extend and debug.
The interface with the rest of the system is unchanged, as witnessed
by this commit. The only extra kernel files that I am touching
are if_fw.h and ip_dummynet.c, which is quite tied to ipfw. In
userland I only had to touch those programs which manipulate the
internal representation of firewall rules).
The code is almost entirely new (and I believe I have written the
vast majority of those sections which were taken from the former
ip_fw.c), so rather than modifying the old ip_fw.c I decided to
create a new file, sys/netinet/ip_fw2.c . Same for the user
interface, which is in sbin/ipfw/ipfw2.c (it still compiles to
/sbin/ipfw). The old files are still there, and will be removed
in due time.
I have not renamed the header file because it would have required
touching a one-line change to a number of kernel files.
In terms of user interface, the new "ipfw" is supposed to accepts
the old syntax for ipfw rules (and produce the same output with
"ipfw show". Only a couple of the old options (out of some 30 of
them) has not been implemented, but they will be soon.
On the other hand, the new code has some very powerful extensions.
First, you can put "or" connectives between match fields (and soon
also between options), and write things like
ipfw add allow ip from { 1.2.3.4/27 or 5.6.7.8/30 } 10-23,25,1024-3000 to any
This should make rulesets slightly more compact (and lines longer!),
by condensing 2 or more of the old rules into single ones.
Also, as an example of how easy the rules can be extended, I have
implemented an 'address set' match pattern, where you can specify
an IP address in a format like this:
10.20.30.0/26{18,44,33,22,9}
which will match the set of hosts listed in braces belonging to the
subnet 10.20.30.0/26 . The match is done using a bitmap, so it is
essentially a constant time operation requiring a handful of CPU
instructions (and a very small amount of memmory -- for a full /24
subnet, the instruction only consumes 40 bytes).
Again, in this commit I have focused on functionality and tried
to minimize changes to the other parts of the system. Some performance
improvement can be achieved with minor changes to the interface of
ip_fw_chk_t. This will be done later when this code is settled.
The code is meant to compile unmodified on RELENG_4 (once the
PACKET_TAG_* changes have been merged), for this reason
you will see #ifdef __FreeBSD_version in a couple of places.
This should minimize errors when (hopefully soon) it will be time
to do the MFC.
imposed by the filesystem structure itself remains. With 16k blocks,
the maximum file size is now just over 128TB.
For now, the UFS1 file size limit is left unchanged so as to remain
consistent with RELENG_4, but it too could be removed in the future.
Reviewed by: mckusick
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.
Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.
Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).
Sponsored by: DARPA & NAI Labs.
Reviewed by: Poul-Henning Kamp <phk@freebsd.org>
that are used if none at all are specified for a partition. Don't
keep replaying the last field if we run out of fields when processing
a line. Use a 8:1 frag:block ratio for both defaults.
More work here is required. I think disklabel should not attempt
to choose default filesystem parameters, and instead let newfs pick
any defaults if required.
PR: i386/38703
Reported by: Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>
- /0 if matches ::/128
- /64 if matches 2000::/3 and lowermost 64 bit is all 0
- /128 if matches 2000::/3 and lowermost 64 bit is non-zero 0
Obtained from: KAME/NetBSD
IFS had its fingers deep in the belly of the UFS/FFS split. IFS
will be reimplemented by the maintainer at a later date once the UFS
implementation is in place.
Requested by: adrian (maintainer)
am fairly certain that this should do it and that I may now remove the
UM_ macros from port.h. I will, however, wait a few days to ensure
that these can be safely removed.
/etc/exports. Oversized lines were unlikely due to the large 10k
limit, but any found would cause mountd to exit with an error. Also
fix one or two compiler warnings.
fields as discussed in the commit to ip_fw.c:1.186
On top of this, a ton of non functional changes to clean up the code,
write functions to replace sections of code that were replicated
multiple times (e.g. the printing or matching of flags and options),
splitting long sections of inlined code into separate functions,
and the like.
I have tested the code quite a bit, but some typos (using one variable
in place of another) might have escaped.
The "embedded manpage" is a bit inconsistent, but i am leaving fixing
it for later. The current format makes no sense, it is over 40 lines
long and practically unreadable. We can either split it into sections
( ipfw -h options , ipfw -h pipe , ipfw -h queue ...)
or remove it altogether and refer to the manpage.
+ setting a bandwidth too large for a pipe (above 2Gbit/s) could
cause the internal representation (which is int) to wrap to a
negative number, causing an infinite loop in the kernel;
+ (see PR bin/35628): when configuring RED parameters for a queue,
the values are not passed to the kernel resulting in panics at
runtime (part of the problem here is also that the kernel does
not check for valid parameters being passed, but this will be
fixed in a separate commit).
These are both critical fixes which need to be merged into 4.6-RELEASE.
MFC after: 1 day
- reimplement -z
- use syslog()
- improve consistancy of messages
- allow -f to recover cleared dumps
- return bufsize to 1024 * 1024
- return the ability to write sparse files
- update man page
- fix minfree to require 2k for info file instead of the kernel size
- include Berkeley copyright too due to amount of old code copied
Submitted by: Chad David <davidc@acns.ab.ca>
restores the check_space() function with small modifications
to make it work with the current code. The patch was slightly
modified by Bill Fenner to handle error messages better.
Reviewed by: fenner
fatal if the declaration of strdup() isn't in scope. The upper 32 bits
of the pointer are lost since it defaults to returning "int". Fix some
warnings while here, including trying to make gcc-3.1 happy.
more on how ipfw(8) deals with tiny fragments. While we're at it, add
a quick log message to even let people know we dropped a packet. (Note
that the second FINE POINT is somewhat redundant given the first, but
since the code is there, leave the docs for it.)
MFC after: 1 day
around. If the kernel boots successfully, the record of this kernel
is erased, it is intended to be a one-shot option for testing
kernels.
This could be improved by having the loader remove the record of
the next kernel to boot, it is currently removed in /etc/rc immediately
after disks are mounted r/w.
I'd like to MFC this before the 4.6 freeze unless there is violent
objection.
Reviewed by: Several on IRC
MFC after: 4 days
Use only one filedescriptor. Open in R/O or R/W based in the '-N' option.
Make the filedescriptor a global variable instead of passing it around
as semi-global variable(s).
Remove the undocumented ability to specify type without '-T' option.
Replace fatal() with straight err(3)/errx(3). Save calls to strerror()
where applicable. Loose the progname variable.
Get the sense of the cpgflag test correct so we only issue warnings if
people specify cpg and can't get that. It can be argued that this
should be an error.
Remove the check to see if the disk is mounted: Open for writing
would fail if it were mounted.
Attempt to get the sectorsize and mediasize with the generic disk
ioctls, fall back to disklabel and /etc/disktab as we can.
Notice that on-disk labels still take precedence over /etc/disktab,
this is probably wrong, but not as wrong as the entire concept of
/etc/disktab is.
Sponsored by: DARPA & NAI Labs.
the filesystem type isn't given in the command line. In the case of
an IPv6 address containing ':', one must use the '@' separator for it
to be properly parsed (mount_nfs(8) still needs fixing at the moment
though).
PR: bin/37230
Reviewed by: obrien
MFC after: 1 week
blocksizes, etc
does not give the default of -b
only mentiones rdump in the NAME section
uses both filesystem and file system in similar contexts
PR: 34248
Submitted by: Gary W. Swearingen <swear@blarg.net>
MFC after: 3 days
--change "-s newboot" to "-s newboot2" in an example
--Fixed spelling
--Fixed some confusion between slice/parition/primary partition and other
things.
PR: 35947 and 35951
Noticed by: Gary W. Swearingen <swear@blarg.net>
Reviewed by: keramida
Thanks to: grog
MFC after: 2 days
o Implement -c (clear) to clear previously kept headers (note that
dumps not cleared will remain until -c is used),
o Implement -f (force) to allow re-saving a previously saved dump,
o Implement -k (keep) and make clearing the dump header the default,
o Implement -v (verbose) and make most output conditional upon it,
o Emit minimal output for the non-verbose case with the assumption
that savecore is run mostly from within /etc/rc,
o Update usage message to reflect what is and what's not,
o mark -d as obsolete.
Low-level changes:
o Rename devname to device, for devname mirrors a global declaration
and GCC 3.x warns about it,
o Open the dump device R/W for clear and !keep to work,
o Reorder the locals of DoFile according to style(9),
o Remove newlines from strings passed to warn* and err*,
o Use stat(2) to check if a dump has been saved before,
o Truncate existing core and info files to support force,
o First check for the magic and the version before we complain about
parity errors. This prevents emitting parity error messages when
there's no dump,
o Keep track of the number of headers found and the number of headers
saved to support the minimal output,
o Close files we opened in DoFile. Not critical, but cleaner.
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.
I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
particular as there may not be one. Remove #if 0'ed code which might
mislead people to think otherwise.
unifdef -ULOSTDIR, fsck can make lost+found on the fly.
Sponsored by: DARPA & NAI Labs
Pick up the c-partitions magicness from sys/disklabel.h instead
of defining our own magicness for it, remove trivial comment.
Sponsored by: DARPA and NAI Labs.
that might have changed, then did a byte-by-byte comparison with
the alternate. If any unused fields got used, they had to be added
to the exception list. Such changes caused too many false alarms.
So, I have changed the comparison algorithm to compare a selected
set of fields that are not expected to change. This new algorithm
causes far fewer false hits and still does a good job of detecting
problems when they have really occurred. In particular, this change
should ease the transition to kernels supporting UFS2 which make
some significant changes to the superblock.
Sponsored by: DARPA, NAI Labs
in dump byte order (=network byte order). Swap blocksize and dumptime
to avoid extraneous padding on 64-bit architectures. Use CTASSERT
instead of runtime checks to make sure the header is 512 bytes large.
Various style(9) fixes.
Reviewed by: phk, bde, mike
Commandline compatible with the previous savecore unless you specify
any options, none of them are implemented (yet).
Scans all devices marked "dump" or "swap" for dump header signatures
and saves dumps off under a name which is a MD5 hash of the header
information. This should give unique filenames. A *.info file contains
ascii version of the header information.
Caveats:
The new savecore program is not complete in the sense that it emulates
enough of the old savecores features to do the job, but implements none
of the options yet.
I would appreciate if a userland hacker could help me out getting savecore
to do what we want it to do from a users point of view, compression,
email-notification, space reservation etc etc. (send me email if
you are interested).
Currently, savecore will scan all devices marked as "swap" or "dump" in
/etc/fstab _or_ any devices specified on the command-line.
All architectures but i386 lack an implementation of dumpsys(), but
looking at the i386 version it should be trivial for anybody familiar
with the platform(s) to provide this function.
Documentation is quite sparse at this time, more to come.
Sponsored by: DARPA, NAI Labs
Details:
Dumpon now opens the device and uses ioctl(DIOCGKERNELDUMP) to set it
to be the dumpdevice. When "off" is set, /dev/null is used.
that could be used to set/get arbitrary length link level
addresses. Alias "lladdr" parameter and "ether" family
to the new "link" family for backward compatibility.
PR: bin/31476
MFC after: 1 week
It does not help modern compilers, and some may take some hit from it.
(I also found several functions that listed *every* of its 10 local vars with
"register" -- just how many free registers do people think machines have?)
diskdrives do neither need nor want:
-O create a 4.3BSD format filesystem
-d rotational delay between contiguous blocks
-k sector 0 skew, per track
-l hardware sector interleave
-n number of distinguished rotational positions
-p spare sectors per track
-r revolutions/minute
-t tracks/cylinder
-x spare sectors per cylinder
No change in the produced filesystem image unless one or more of
these options were used.
Approved by: mckusick
open "/dev/stdout". This doesn't actually affect growfs, but does affect
ffsinfo, permitting ffsinfo to output to the shell's stdout rather than
requiring it be dumped to a file or explicitly pointed at a special
device.
Reviewed by: peter
Add a couple of simple regression tests accessible with "make test", they
depend on the md(4) driver.
FYI I have also tried running the test against a week old newfs and it
passed.
anyone needs a newfs without it. Remove the #ifdef's from around
the code and the -DFSIRAND from the Makefile. Also remove redundant
declarations of random() and srandomdev().
for i386 and alpha. Although it builds on sparc64, it does not yet work.
A similar hack as what is used on the sparc64 MD macros can be used to
make ia64 build too, but there doesn't seem to be much point.
Old code obfuscates long (but single-line) messages by printing them in
pieces using %s. Rev.1.41 obfuscated some new long messages using ISO
string concatenation. This commit only fixes the new obfuscations.
by Sheldon.
For a detailed description look at the commit log for sysctl.c
rev.1.42 -- i do not think it is appropriate to put the full
description in this manpage, and the "boot" and "loader" manpages
where this description might go are also missing a description of
a number of similar variables, so i think this it is ok to limit
documentation to this now, and update it later when I (or someone
else) have a chance to revise "boot" and "loader".
machdep.guessed_bootdev, and add code to sysctl to parse its value
and give a (not necessarily correct) name to the device we booted
from (the main motivation for this code is to use the info in the
PicoBSD boot scripts, and the impact on the kernel is minimal).
NOTE: the information available in bootdev is not always reliable,
so you should not trust it too much. The parsing code is the same
as in boot2.c, and cannot cover all cases -- as it is, it seems to
work fine with floppies and IDE disks recognised by the BIOS. It
_should_ work as well with SCSI disks recognised by the BIOS.
Booting from a CDROM in floppy emulation will return /dev/fd0 (because
this is what the BIOS tells us).
Booting off the network (e.g. with etherboot) leaves bootdev unset so
the value will be printed as "invalid (0xffffffff)".
Finally, this feature might go away at some point, hopefully when we
have a more reliable way to get the same information.
MFC-after: 5 days
src/contrib/isc-dhcp/includes/minires/resolv.h has a 'extern' definition
but it makes an error when linking crunched binary just like this:
dhclient.lo: In function `MRres_nquery':
dhclient.lo(.text+0x2dcce): undefined reference to `__h_errno_set'
dhclient.lo(.text+0x2dd5b): undefined reference to `__h_errno_set'
dhclient.lo: In function `MRres_nquerydomain':
dhclient.lo(.text+0x2de53): undefined reference to `__h_errno_set'
The author understands this will be a problem (see comments in resolv.h).
Murray said that the author will fix this, but as a temporary solution,
modifying the source code and not to use __h_errno_set.
BTW, I'm sorry that previous commitlog in src/sbin/dhclient/Makefile should
read "Found by:" instead of "Confirmed by"; I just found that rev 1.15
has a typo so fixed.
Tested on: ushi.jp.FreeBSD.org with today's 5-current source code.
(belive me, "make release.4" works fine now)
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being). Accordingly, change users of
xucred to set and check this field as appropriate. In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former. This also has the pleasant sideaffect of removing some
duplicate code.
Reviewed by: rwatson
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386
Reviewed by: bde, jake, tmm
after an EOT-terminated volume. We keep track of the current record
number, and synchronise it with the c_tapea field each time we read
a header. Avoid the use of c_firstrec because some bugs in dump can
cause it to be set incorrectly.
Move the initialisation of some variables to avoid compiler warnings.
volume if we missed some earlier tapes (the user can still enter
'none' later if the tapes are unavailable). Previously with 'x'
restores, we might not ask for all tapes if the tapes are supplied
in reverse order.
Clarify the message that describes what volume should be mounted
first; reverse order is only efficient when extracting a few files.
for monitoring automated backups. This is based on a patch by Mikhail
Teterin, with some changes to make its operation clearer and to
update the proctitle more frequently.
PR: bin/32138
volumes are available, instead of getting stuck in a loop calling
getvol(). Normally restore in 'x' or 'i' modes will ask for a new
(earlier) volume when the current inode number on the tape is greater
than the last inode to be restored, since there can be no further
inodes of interest on that volume. However we don't want to change
volumes in this case either if the user explicitly said that there
are no more tapes, or if we are looking at the first volume.
When no more volumes are available but there are still inodes that
we have not found, we now just fall through to the code that prints
out a list of any missing files, so the restore completes normally.
Also simplify the logic a bit by always returning to the start of
the main for(;;) loop whenever the volume has changed.
This should completely fix the "Changing volumes on pipe input" bug
that is often observed when restoring dumps of active filesystems.
PR: bin/4176, bin/34604, misc/34675
to multi-volume restores:
- In findinode(), keep a copy of header->c_type so that we don't
exit the do-while loop until we have processed the current header.
Exiting too early leaves curfile.ino set to 0, which confuses
the logic in createfiles(), so multi-volume restores with the
'x' command don't work if you follow the instructions and supply
the tapes in reverse order. This appears to have been broken
by CSRG revision 5.33 tape.c (Oct 1992).
- The logic in getvol() for deciding how many records to skip after
the volume header was confused; sometimes it would skip too few
records and sometimes too many, leading to "resync restore"
warnings and missing files. Skip to the next header only when
the current action is not `USING'. Work around a dump bug that
sets c_count incorrectly in the volume header of the first tape.
Some of the problems here date back to at least 1991.
- Back out revision 1.23. This appeared to avoid warnings about
missing files in the 'rN' verification case, but it made the
problems with the 'x' command worse by stopping getvol() from
even attempting to find the first inode number on the newly
inserted tape. The bug it addressed is fixed by correcting the
skipping logic as described above.
- Save the value of `tpblksread' in case the wrong volume is
supplied, because it is incremented each time we read a volume
header. We already saved `blksread' for the same reson.
Normally trewind() performs a close-open-close cycle to rewind the
tape when closing the device, but this is not ideal for fifos. We
now skip the final open-close if the output descriptor is a fifo.
PR: bin/25474
Submitted by: Alex Bakhtin <bakhtin@amt.ru>
MFC after: 1 week
blocks allocated by some inode. Indirect blocks are printed
recursively, so beware :), the list could become lengthy...
(We should probably add some output pager to fsdb.)
MFC after: 1 month
bloats the resulting binary file by forcing them out of .bss into
.data, while the C standard already guarantees them to become
initialized to 0 at program startup.
MFC after: 1 week
Cure the "lets put everything in registers" ailment.
Set WARNS=2
Fix two problems where casting messed up large quotafiles.
PR: 34108
Submitted by: Maxim Katargin <kmv@asplinux.ru>
MFC after: 3 weeks
This works by retokenizing a line with a split limit so that if the
argument count for a command is greater than the number of arguments
formed by splitting apart the line of user input, the last argument
is instead all of the remainder of the input line.
Yes, I needed this capability at one point to fix a filesystem manually,
which happened to break with a problematic space-containing directory
entry.
This allows obtaining crash dumps from the panics occured during late stages
of kernel initialisation before system enters into single-user mode.
MFC after: 2 weeks
Any of readfds, writefds, and exceptfds may be given as nil
pointers if no descriptors are of interest.
neither wfds nor efds were of interest so now they are nil.
also, do a little better then making an educated guess for nfds.
time_to_xxx() and xxx_to_time() functions. e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard. They will eventually be replaced when a real standard
comes out of committee.
camcontrol.
This enables rescanning all busses or resetting all busses in a system.
The current implementation is not the ideal way to do it -- the ideal way
to do it would be for the transport layer to handle wildcarded busses on
bus rescan and reset operations. The current implementation enumerates all
the busses and sends a rescan or reset CCB individually. Handling this
behavior in the transport layer will happen later.
Reviewed by: imp
Tested by: joerg
MFC after: 1 week
socket so that routing daemons and other interested parties
know when an interface is attached/detached.
PR: kern/33747
Obtained from: NetBSD
MFC after: 2 weeks
variable RELEASE_BUILD_FIXIT is defined, a camcontrol binary will be
built that only knows the "rescan" and "reset" subcommands. The
resulting code is small enough to still fit onto the boot floppy.
Reviewed by: ken
MFC after: 1 week
not return ENOBUFS for unreliable protocols like divert.
This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.
Spotted by: chkno@dork.com
Explained by: luigi
Reviewed by: Ari Suutari <ari.suutari@syncrontech.com>
MFC after: 2 weeks
The first "synopsis" example has a "[/prefixlength]" which shouldn't
be there, since that stuff is part of the preceeding "address" as is
explained in the description of "address".
(The way it is now, 192.168.0.1/16/prefixlength would be a proper
operand. Note that "prefixlength" is not mentioned by name anywhere.)
PR: 32462
Submitted by: Gary W. Swearingen <swear@blarg.net>
disklabel(8)'s "Reading the disk label" section starts out "To examine
or save the label on a disk drive,...". This is confusing. The given
command (disklabel [-r] disk) doesn't save anything (except to standard
out, but that should go without saying). It reads as if the command
might save something on the disk drive.
PR: 32452
Submitted by: Gary W. Swearingen <swear@blarg.net>
reinserted by a userland process, will lose a number of packet
attributes, including their source interface. This may affect
the behavior of later rules, and while not strictly a BUG, may
cause unexpected behavior if not clearly documented. A similar
note for natd(8) might be desirable.
ipfirewall(4) to the IMPLEMENTATION NOTES section because it
considers kernel internals and may confuse newbies if placed
at the very beginning of the manpage (where it used to be previously.)
Not objected by: luigi
a packed array so sizeof work. This broke RFMON mode and passing
up 802.11 packets.
The Linux emulation code was derived from the open source Linux driver to
maintain compatibility.
LEAP support is added, hints from Richard Johnson. I've verified this
locally with PC350v42510.img firmware. More bug fixing from Marco to
fix long passwords.
Change DELAYs in flash part of driver to FLASH_DELAY which uses tsleep
so it doesn't look like your system died during a flash update.
Install header files in /usr/include/dev/an
Cleanup some ifmedia bugs add "Home" key mode to ifmedia and ancontrol.
This way you can manage 2 keys a little easier. Map the home mode into
key 5. Enhance ifconfig to dump the various configured SSIDs. I use
a bunch of different ones and roam between them. Use the syntax similar
to the WEP keys to deal with setting difference SSIDs.
Bump up up the Card capabilities RID since they added 2 bytes to it
in the latest firmware. Thankfully we changed it from a terminal
failure so the card still worked but the driver whined.
Some cleanup patches from Marco Molteni.
Submitted by: Richard Johnson <raj@cisco.com>
Marco Molteni <molter@tin.it>
and myself
Various checks: David Wolfskill <david@catwhisker.org>
Reviewed by: Brooks Davis <brooks@freebsd.org>
Warner Losh <imp@freebsd.org>
Approved by: Brooks Davis <brooks@freebsd.org>
Warner Losh <imp@freebsd.org>
Obtained from: Linux emulation API's from Aironet driver.
of unused partition entries and later detection of unused entries.
Use memcpy to be consistent with the rest of the code, and fix a
minor style nit.
Submitted by: bde
a special file on the command line, eg:
sysctl kern.dumpdev=/dev/ad1s1b
In parse(), when a value is given for a CTLTYPE_QUAD variable,
newval and newsize erroneously fail to be set because of an early
"break".
show_var() contains code that duplicates the functionality of the
oidfmt() function.
PR: 33151, 33150
Submitted by: Thomas Quinot <thomas@cuivre.fr.eu.org>
variables. Use the -d flag in sysctl(8) to see this information.
Possible extensions to sysctl:
+ report variables that do not have a description
+ given a name, report the oid it maps to.
Note to developers: have a look at your code, there are a number of
variables which do not have a description.
Note to developers: do we want this in 4.5 ? It is a very small change
and very useful for documentation purposes.
Suggested by: Orion Hodson
Fair Queueing) and RED (Random Early Detection) to both give the reader
a hint what they are and to make it easier to find out more information
about them.
16384/2048.
Following recent discussions on the -arch mailing list, involving dillon
and mckusick, this change parallels the one made over a decade ago when
the default was bumped up from 4096/512.
This should provide significant performance improvements for most
folks, less significant performance losses for a few folks and
wasted space lost to large fragments for many folks.
For discussion, please see the following thread in the -arch archive:
Subject: Using a larger block size on large filesystems
The discussion ceases to be relevant when the issue of partitioning
schemes is raised.
This flag adds a pausing utility. When ran with -p, during the kernel
probing phase, the kernel will pause after each line of output.
This pausing can be ended with the '.' key, and is automatically
suspended when entering ddb.
This flag comes in handy at systems without a serial port that either hang
during booting or reser.
Reviewed by: (partly by jlemon)
MFC after: 1 week
are sometimes incorrectly being dumped.
The problem arises because the subdirectory only gets its entry
cleared from usedinomap if it is also present in dumpinomap, and it is
the absence of a directory in usedinomap that internally indicates
that the directory is under the effects of UF_NODUMP (either directly
or inherited).
PR: 32414
Submitted by: David C Lawrence <tale@dd.org>
recovery code) back in March, 2001.
In effect, this brain-o would cause 'camcontrol defects' to always return
an error.
Pointed out by: joerg
Tested by: mdodd
were only of benefit to large filesystems, which recent research
suggests is not the case, and which the original author of the text
no longer endorses.
size ratio other than 8:1. Currently, we only recommend an 8:1
ratio, because the impact of others ratios has not been adequately
investigated.
Also, do not recommend the use of the -c option in the example, since
newfs now automatically calculates the best cyl:cylgrp ratio.
This change was discussed with the author of rev 1.29.
These were mainly missing casts or wrong format strings in printf
statements, but there were also missing includes, unused variables,
functions and arguments.
The choice of `long' vs `int' still seems almost random in a lot
of places though.
directory is encountered. This includes the full path of the
directory that will be removed if the user answers "y" to the
"REMOVE?" question.
PR: bin/226851
Submitted by: KOIE Hide <hide@koie.org>
MFC after: 1 week
not listed in /etc/fstab. Previously, the user would be greeted
with "DUMP: bad sblock magic number" when dump tried to parse
the directory contents as an FFS filesystem.
PR: bin/12789
Submitted by: Bob Willcox <bob@pmr.com>
This works for wi(4), but apparantly other wireless drivers seem to do
the right thing.
Submitter and yours truly both got Mislead(tm).
Submitted by: udp <udp@sneakerz.org>
to avoid the need for rpc.lockd to perform client locks. Using
this option a user can revert back to using local locks for NFS mounts
like we did before we had rpc.lockd.
inode type bits set. Previously it would let you set IFMT bits (but
not clear them). The `chtype' command should be be used instead
for changing the inode type; having chmod half-work only causes
confusion.
MAKEDEV and sys/conf/majors, not sys/conf/device.<arch>, which has
never existed in the history of FreeBSD (well, at least it isn't in
the repository).
PR: 31558
Set 'log_ipfw_denied' option if you want the old behaviour.
PR: 30255
Submitted by: Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by: phk
MFC after: 4 weeks
such a way that the name and the value of the variable(s) are separated
with `=' instead of the usual `: '. This is useful for producing output
that can be fed back to the sysctl utility (pasted to sysctl.conf, for
example).
Reviewed by: rwatson
Approved by: markm
MFC after: 2 weeks
header for the case where sizeof(time_t) != sizeof(int). dumprestore.h
was embedding time_t when it should have been embedding int32_t.
Use time_to_time32() and time32_to_time() to convert between the
protocoll/file-format time and time_t.
index, then retrieve statistics for that index, rather than retrieving
all interfaces and then looking for a matching name. This allows the
user to refer to an interface via an alias name.
While I'm here, also perform a few assorted cleanups.
spin in a loop eating CPU time. This bug has existed since the
TI-RPC import. The problem is that we should only enter the select
loop if at least one TCP server was started. Fix this by having
the master nfsd become a UDP server itself if there are no TCP
servers.
Also improve/correct the code for cleaning up slave nfsd processes
and unregistering with rpcbind when the master nfsd exits.
One issue that remains open is that if a slave nfsd dies, then all
nfsds will shut down. This is because nfssvc() in the master nfsd
returns 0 when the master nfsd receives a SIGCHLD.
Submitted by: tmm
1) Allow the sending of more than one control message at a time
over a unix domain socket. This should cover the PR 29499.
2) This requires that unp_{ex,in}ternalize and unp_scan understand
mbufs with more than one control message at a time.
3) Internalize and externalize used to work on the mbuf in-place.
This made life quite complicated and the code for sizeof(int) <
sizeof(file *) could end up doing the wrong thing. The patch always
create a new mbuf/cluster now. This resulted in the change of the
prototype for the domain externalise function.
4) You can now send SCM_TIMESTAMP messages.
5) Always use CMSG_DATA(cm) to determine the start where the data
in unp_{ex,in}ternalize. It was using ((struct cmsghdr *)cm + 1)
in some places, which gives the wrong alignment on the alpha.
(NetBSD made this fix some time ago).
This results in an ABI change for discriptor passing and creds
passing on the alpha. (Probably on the IA64 and Spare ports too).
6) Fix userland programs to use CMSG_* macros too.
7) Be more careful about freeing mbufs containing (file *)s.
This is made possible by the prototype change of externalise.
PR: 29499
MFC after: 6 weeks
name is "mount_mfs" or "mfs". Previously, the condition was that
the program name must start with "mount_", but this both missed
the case where mount(8) invokes mdmfs with argv[0] = "mfs", and it
included cases such as "mount_md" where compatibility is not
required.
Reviewed by: dd
a block or character device; the rest of tunefs works just fine on
filesystem images in regular files. Instead, if getfsfile() failed
and if the specified filesystem is a directory then print a more
useful "unknown file system" error.
Also, _PATH_DEV already contains a trailing slash, so don't add
another one when constructing a device path, and use errx() instead
of err() in a case where errno is meangingless.
addresses (and the macros that ipfw(4) use to lookup data for the 'me'
keyword have been converted) remove a comment about using 'me' being a
"computationally expensive" operation.
while I'm here, change two instances of "IP number" to "IP address"
+ implement "limit" rules, which permit to limit the number of sessions
between certain host pairs (according to masks). These are a special
type of stateful rules, which might be of interest in some cases.
See the ipfw manpage for details.
+ merge the list pointers and ipfw rule descriptors in the kernel, so
the code is smaller, faster and more readable. This patch basically
consists in replacing "foo->rule->bar" with "rule->bar" all over
the place.
I have been willing to do this for ages!
MFC after: 1 week
right; after a single packet was dropped it beeped after every
transmission.
Change its implementation to only output a bell when there is an
increase in the maximum value of the number of packets that were
sent but not yet received. This has the benefit that even for very
long round-trip times, ping -A will do roughly the right thing
after a few inital false-positives.
Reviewed by: ru
and speed. No new functionality added (yet) apart from a bugfix.
MFC will occur in due time and probably in stages.
BUGFIX: fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (there is a PR on this).
OTHER CHANGES: minor changes to the internal struct for static and dynamic rules.
Requires rebuild of ipfw binary.
Add comments to show how data structures are linked together.
(It probably makes no sense to keep the chain pointers separate
from actual rule descriptors. They will be hopefully merged soon.
keep a (sysctl-readable) counter for the number of static rules,
to speed up IP_FW_GET operations
initial support for a "grace time" for expired connections, so we
can set timeouts for closing connections to much shorter times.
merge zero_entry() and resetlog_entry(), they use basically the
same code.
clean up and reduce replication of code for removing rules,
both for readability and code size.
introduce a separate lifetime for dynamic UDP rules.
fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (PR ...)
restructure dynamic rule descriptors
introduce some local variables to avoid multiple dereferencing of
pointer chains (reduces code size and hopefully increases speed).
of dumpmag from an int to a u_long in rev 1.41 -- without this
change, savecore will always fail like this:
#savecore -v /var/crash
dumplo = 874356736 (1707728 * 512)
savecore: magic number mismatch (8fca0101 != 8fca0101)
savecore: no core dump
gzip(1). gdb doesn't understand these, but then again it didn't
understand compressed crashdumps either.
* Change a stray lseek() into a Lseek()
* Remove the extraneous prototype for log() which has apparently never
existed in FreeBSD's sources
Obtained from: NetBSD (partially)
MFC after: 2 weeks
COPTS towards the end of final CFLAGS so that it can be used to
override Makefile and other defaults. Using it in Makefiles risks
having options set using it clobbered when somebody uses it on the
command line.
Approved by: bde
where the headers should live, as the code references both "ip_fil.h" and
"netinet/ip_fil.h" (among others). As a consequence, put both
sys/contrib/ipfilter and sys/contrib/ipfilter/netinet to the include path
so either variant works.
PR: 29384
Pointed out by: Thomas.Quinot@Cuivre.FR.EU.ORG
Allow non-superuser to open, listen to, and send safe commands on the
routing socket. Superuser priviledge is required for all commands
but RTM_GET.
Lose `setuid root' bit of route(8).
Reviewed by: wollman, dd
At the times, restore(8) and rrestore(8) were the different
utilities. rrestore(8) was installed setuid `root', while
restore(8) with usual ownership and privileges. Later on,
on August 28, 1991 (what a coincidence!), rrestore(8) code
was merged with restore(8). The setgid `tty' bit then was
accidentally put.
default if the executable is named (called as) "mount_*", or can be
enabled with the -C option. This allows users to leave their old
fstab entires unchanged (modulo symlink'ing mdmfs to mount(md|mfs))
and have things behave the way they should (by emulating mount_mfs
silliness), while still allowing mdmfs to be used as a generic
make-an-md-and-mount-it type thing.
Right now, the only effects of this option is to set the mount-point
mode to 01777 as if "-p 1777" was given, and to complain about getting
command-line options that mount_mfs didn't take (e.g., -X, -L, et al).
The latter is mostly to try to catch operator errors.
Also implement -U, which turns on soft-updates. It's redundant (since
softdep is the default), but implement it anyway for compatibility.
bypass some extra anti-foot-shooting measures. Currently, its only
effect is to allow detaching a device while it's still open (e.g.,
mounted). This is useful for testing how the system reacts to a disk
suddenly going away, which can happen with some removeable media.
At this point, the force option is only checked on detach, so it
would've been possible to allow the option to be passed with the
MDIOCDETACH operation. This was not done to allow the possibility of
having the force flag influence other tests in the future, which may
not necessarily deal with detaching the device.
Reviewed by: sobomax
Approved by: phk
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure. Also the output of setkey is changed. sequence number
of the sadb is replaced to the end of the output.
Obtained from: KAME
pointed out by bde:
- Ask for user confirmation before adjusting to a head/cylinder
boundary (only when running interactively), and separate this
adjustment from the automatic calculation of c/h/s parameters.
- In sanitize_partition, don't change any values in the slice until
we know that the automatic adjustment will succeed.
- When auto-adjusting, ignore unused slices and give an appropriate
error for other zero-size slices depending on the cause.
- Change dos() to do all of the c/h/s calculations for a whole slice;
this fixes a bug where the ending c/h/s of an unused slice was set
incorrectly.
- When changing the active slice, detect the currently active slice
number instead of always defaulting to slice 4.
- Call fflush(stdout) before calling fgets().
- Test for fgets() returning NULL so we don't loop on EOF.
Reviewed by: bde
1.) prefix all functions in the library with devstat_ (compatability
functions are available for all functions that were chaned in an
incompatible way, but are deprecated).
2.) Add a pointer to a kvm_t as the first argument to functions that
used to get their information via sysctl; they behave the same
as before when NULL is passed as this argument, otherwise, the
information is obtained via libkvm using the supplied handle.
3.) Add a new function, devstat_compute_statistics(), that is intended
to replace the old compute_stats() function. It offers more
statistics data, and has a more flexible interface.
libdevstat does now require libkvm; a library depedency is added, so
that libkvm only needs to be explicitely specified for statically linked
programs.
The library major version number is bumped.
Submitted by: Sergey A. Osokin <osa@freebsd.org.ru>, ken (3)
Reviewed by: ken
- Declare mtabhead as an extern in mounttab.h and define it only in
mounttab.c.
- Remove shared global `verbose' and instead pass it as a parameter.
- Remove the `mtabp' argument to read_mtab(). It served no purpose
whatsoever, although read_mtab() did use it as a temporary local
variable.
- Don't check for impossible conditions when parsing mounttab, and
do detect zero-length fields.
- Correctly test for strtoul() failures - just testing ERANGE is wrong.
- Include a field name in syslog errors, and avoid passing NULL to
a syslog %s field.
- Don't test if arrays are NULL.
- If there are duplicates when writing out mounttab, keep the last
entry instead of the first, as it will have a later timestamp.
- Fix a few formatting issues.
Update rpc.umntall and umount to match the mounttab interface changes.
information for any command line error, the actual error message
almost always (and sometimes irretrievably) lost scrolling off the top
of the screen. Now just print the error. Give ipfw(8) no arguments for
the old usage summary.
Thanks to Lyndon Nerenberg <lyndon@orthanc.ab.ca> for the patch and
PR, but I had already done this when ru pointed out the PR.
PR: bin/28729
Approved by: ru
MFC after: 1 week
immediately if a host specified by the -h flag cannot be parsed
instead of attempting to unmount all NFS filesystems, which was
bad.
Add a missing return statement at the end of checkname(); this
could result in a non-zero exit status in some cases even if the
unmount succeeded.
Group two separate NFS-related operations into one block to make
it more obvious that a variable (hostp) is not dereferenced when
uninitialised. Initialise it to NULL anyway to avoid a warning.
Pass in the read_mtab()'s bogus argument as NULL instead of messing
with a local variable to achieve the same effect. A later commit
will clean up this mounttab interface.
forever by default. This matches what mount_nfs did before revision
1.40, and it is the generally expected behaviour for NFS mounts.
Document the current defaults near the start of the man page and
mention the options that can be used to change them.
Discussed on: -hackers
to give up after one attempt unless a background mount is requested.
Background mounts would retry 10000 times (at least 7 days) before
giving up.
For some situations such as diskless terminals, an NFS filesystem
may be critical to the boot process, so neither the "try once" nor
background mounts are appropiate. To cater for this situation,
unbreak the -R (retry count) parameter so that it also works in
the non-background case. Interpret a zero retry count as "retry
forever".
The defaults are now "try once" for non-background mounts and "retry
forever" for background mounts; both can be overridden via -R.
Add a description of this behaviour to the manpage.
device search code i introduce nearly six years ago in rev 1.8. Bruce
suggested to rather use the device name of the root filesystem instead
which is certainly the most sensible default. Since there are many
possible cases for a root filesystem name (device with and without
slices, consider /dev/vinum/root even though it currently could not
work as such), there's some heuristic using a RE in order to find out
the canonical device name from the mounted name. This probably won't
quite fit for a NFS root (can't test that right now), but then,
there's hard to find a good default for those machines anyway. ;-)
This unbreaks the functionality of rev 1.2 i once broke in 1.8. :)
to use 0xffffffff (INADDR_NONE) as a netmask value. The fix
is to use inet_addr(3) which doesn't suffer from this problem.
PR: bin/28873
Also, while here, fixed the bug when netmask value was ignored
(RTF_HOST flag was set) if the "destination gateway netmask"
syntax is used, e.g. ``route add 1.2.3.4 127.1 255.255.255.255''.
The original code was certainly broken; it knows that whereto is
to be used for a sockaddr_in, so it should be declared as such.
To support multiple protocols, there is also a sockaddr_storage
struct that can be used; I don't think struct sockaddr is supposed
to be used anywhere other than for casts and pointers.
Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
MFC after: 3 weeks
This one is strange and goes against my rusty compiler knowledge.
The global declaration
struct sockaddr whereto;
produces for both i386 && alpha:
.comm whereto,16,1
which means common storage, byte aligned. Ahem. I though structs
were supposed to be ALDOUBLE always? I mean, w/o pragma packed?
Later on, this address is coerced to:
to = (struct sockaddr_in *)&whereto;
Up until now, we've been fine on alpha because the address
just ended up aligned to a 4 byte boundary. Lately, though,
it end up as:
0000000120027b0f B whereto
And, tra la, you get unaligned access faults. The solution I picked, in
lieu of understanding what the compiler was doing, is to put whereto
as a union of a sockaddr and sockaddr_in. That's more formally correct
if somewhat awkward looking.
prematurely terminate the search for a usable disk. ENOENT is quite
normal in particulare now with the advent of devfs.
While being here, also remove /dev/wd0 and /dev/od0 from the list of
disks to search since we don't have them anymore.
MFC after: 1 week
backslash as nothing, treat it like a space so that adjacent lines
aren't glued together.
PR: 8479
Submitted by: Adrian Filipi-Martin <adrian@ubergeeks.com>
user runs with privilege, allowing the sending of icmp packets with
larger size (up to 48k, the default receive buffer size in ping),
which is useful for network driver development testing, as well
as experimentation with fragmentation.
Reviewed by: wpaul
ensure that we never proceed with the mount() syscall if the server
is replying from the wrong source address. Previously the userland
RPC call to the remote nfsd would succeed, but the kernel uses
connect() so it would not see the replies, resulting in a hung
mount.
NQNFS code is ancient, bug-ridden, and should probably be removed).
The wording here was very confusing; it was easy to get the impression
that NQNFS is an extension to NFSv3 when in fact it just uses some
NFSv3-like extensions on top of NFSv2. As witnessed by the mailing
lists and PRs, some people were reading the description and deciding
that NQNFS was what they wanted to use.
MFC after: 1 week
driver itself obviously won't configure such a disk, but the error
returned (EDOM) is more cryptic to the average user than it should be.
Also assert that the argument to -u is in fact a valid unit; don't
just accept any string to mean 0.
Approved by: phk
in revision 1.48. It is pretty valid and often feasible to use
a non-point-to-point interface as the gateway. One might, for
example, use this to route some hosts through an ARP on a local
interface, without having to assign an additional IP address:
Script started on Tue Jun 12 16:16:09 2001
# ifconfig rl0 inet
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.4.115 netmask 0xffffff00 broadcast 192.168.4.255
# netstat -arn -finet | grep -w rl0
192.168.4 link#1 UC 3 0 rl0 =>
192.168.4.65 0:d0:b7:16:9c:c6 UHLW 1 0 rl0 1197
# route add -net 192.168.100 -iface rl0
add net 192.168.100: gateway rl0
# ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1): 56 data bytes
64 bytes from 192.168.100.1: icmp_seq=0 ttl=255 time=0.551 ms
64 bytes from 192.168.100.1: icmp_seq=1 ttl=255 time=0.268 ms
^C
--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.268/0.410/0.551/0.142 ms
# netstat -arn -finet | grep -w rl0
192.168.4 link#1 UC 3 0 rl0 =>
192.168.4.65 0:d0:b7:16:9c:c6 UHLW 1 0 rl0 1165
192.168.100 link#1 UCSc 1 0 rl0 =>
192.168.100.1 0:d0:b7:16:9c:c6 UHLW 1 4 rl0 1192
Script done on Tue Jun 12 16:17:12 2001
This is needed to pick up the right headers. Wrong headers from
src/contrib/ipfilter are used otherwise.
The right fix would be to fix contrib/ipfilter C sources to pick up
headers from <sys/netinet>.
Noticed by: peter
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
the individual options to increment argv and decrement argc. This
caused the -T option to swallow an extra argument.
PR: 27982
Submitted by: Samuel Greear <sgreear@vsni.com>
a route to the gateway and caches it in the route structure.
It may happen (if the routing table is screwed) that the gateway
route is the same route as the one being modified, in which case
a kernel reports EDQUOT. Be more verbose about this:
# route add -net 10 192.168.4.65
add net 10: gateway 192.168.4.65
# netstat -rn -finet
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.4.65 UGSc 1 7 rl0
10 192.168.4.65 UGSc 0 0 rl0
127.0.0.1 127.0.0.1 UH 0 178 lo0
192.168.4 link#1 UC 2 0 rl0 =>
192.168.4.65 0:d0:b7:16:9c:c6 UHLW 2 0 rl0 1123
Before:
# route change -net 10 10.0.0.1
route: writing to routing socket: Disc quota exceeded
change net 10: gateway 10.0.0.1: Disc quota exceeded
After:
# ./route change -net 10 10.0.0.1
route: writing to routing socket: Disc quota exceeded
change net 10: gateway 10.0.0.1: gateway uses the same route
PR: bin/1093, misc/26833
blackhole(4), except that blackhole(4) uses sysctl's. This xref
obviously isn't appropriate unless we want to xref all the other man
pages which mention sysctls, which we obviously don't (we may want to
list those sysctls, but that's another story).
PR: 27937
Submitted by: yar
PR: bin/12489
- Use inet_ntoa(3) where it should have been used. This
part of code simply wasn't converted to the "new" style
after the routename() function was converted from the
protocol-generic version to protocol-specific version
in CSRG revision 5.6.
MFC after: 1 week
but list them if -d was specified).
Avoid listing expired dynamic rules unless the (new) -e option was specified.
If specific rule numbers were listed on the command line, and the -d flag was
specified, only list dynamic rules that match the specified rule numbers.
Try to partly clean up the bleeding mess this file has become. If there is
any justice in this world, the responsible parties (you know who you are!)
should expect to wake up one morning with a horse's head in their bed. The
code still looks like spaghetti, but at least now it's *properly intented*
spaghetti (hmm? did somebody say "tagliatelle"?).
when comparing with the alternate superblock. These fields are used
for temporary in-core information only. This should fix the "VALUES
IN SUPER BLOCK DISAGREE WITH THOSE IN FIRST ALTERNATE" error from
fsck_ffs that has been seen a lot recently.
attempting to remove nonexistant exports with MNT_DELEXPORT returns
an error; before this change it always succeeded. This caused
mountd(8) to log "can't delete exports for /whatever" warnings.
Change the error code from EINVAL to a more specific ENOENT, and
make mountd ignore this error when deleting the export list. I
could have just restored the previous behaviour of returning success,
but I think an error return is a useful diagnostic.
Reviewed by: phk
printed on a single, very long, and generally unreadable line. This
isn't very useful. It's also really ugly and most of the time you don't
care what media is supported anyway.
PR: 27701
Submitted by: Brooks Davis <brooks@one-eyed-alien.net>
- introduce a -o option that displays opaque variables.
- introduce a -x option that displays opaque variables in full.
- deprecate -A in favor of -ao and -X in favor of -ax.
- remove -A and -X from usage() and SYNOPSIS (but not from DESCRIPTION).
- ignore -a if one or more variables were listed on the command line.
- deprecate -w, it is not needed to determine the user's intentions.
- some language and style cleanup in the man page.
This commit should not break any existing scripts.
MFC after: 4 weeks
despite the fact that most people want to set exactly the same settings
regardless of which card they have. It has been repeatidly suggested
that this configuration should be done via ifconfig. This patch
implements the required functionality in ifconfig and add support to the
wi and an drivers. It also provides partial, untested support for the
awi driver.
PR: 25577
Submitted by: Brooks Davis <brooks@one-eyed-alien.net>
systems were repo-copied from sys/miscfs to sys/fs.
- Renamed the following file systems and their modules:
fdesc -> fdescfs, portal -> portalfs, union -> unionfs.
- Renamed corresponding kernel options:
FDESC -> FDESCFS, PORTAL -> PORTALFS, UNION -> UNIONFS.
- Install header files for the above file systems.
- Removed bogus -I${.CURDIR}/../../sys CFLAGS from userland
Makefiles.
if the kernel module is built that way.
Remove the gross debug device/non-debug device hack used to recognize
whether the kernel module was in sync with the userland module.
vinum_mirror, vinum_raid4, vinum_raid5.
Correct typos.
Show new output of the 'list' and 'ls' commands.
Update examples to use 279 kB stripe sizes instead of 256 kB.
Clarify some text.
Remove the description of the 'invalid ioctl' messages which now no
longer occur.
Add a description of the 'retryerrors' keyword.
to avoid including the kernel headers.
Move a number of definitions of userland functions from
dev/vinum/vinumext.h.
Desired by: bde
This commit is the first of a general cleanup of the header files..
It won't be enough to make bde happy.
Remove vinum_perror and associated DEVBUG definition.
Use userland expurgated versions of kernel structures, since that's
what the ioctls return now.
Remove vinum_perror.
main: Check kernel version with userland version in _vinum_conf. This
field is a constant which gets incremented every time the
kernel-userland interface changes. This enables vinum(8) to
check for the correct kernel version and to produce a useful
message if it doesn't match. For previous versions, which don't
have a version number, the length of the structure is different,
so we can recognize it via the EINVAL return from ioctl.
Supply count parameter to tokenize().
Change method of recognizing active devfs: replace devfs_is_active
with (complemented) no_devfs.
make_devices: remove references to devfs. If we're running devfs, we
don't need to call make_devices at all.
vinum_makedev (user command 'makedev'): Print a warning message if
devfs is running and don't do anything else.
Remove vinum_perror.
Modify 'list' brief printout to fit in 80 columns.
Modify 'ls' brief printout to show the drive to which the subdisk
before instead of the plex offset, which is usually less interesting.
The verbose printout remains unchanged.
Use userland expurgated versions of kernel structures, since that's
what the ioctls return now.
Move checkupdates here to simplify header file mess.
