This code makes use of variable-size kernel representation of rules
(exactly the same concept of BPF instructions, as used in the BSDI's
firewall), which makes firewall operation a lot faster, and the
code more readable and easier to extend and debug.
The interface with the rest of the system is unchanged, as witnessed
by this commit. The only extra kernel files that I am touching
are if_fw.h and ip_dummynet.c, which is quite tied to ipfw. In
userland I only had to touch those programs which manipulate the
internal representation of firewall rules).
The code is almost entirely new (and I believe I have written the
vast majority of those sections which were taken from the former
ip_fw.c), so rather than modifying the old ip_fw.c I decided to
create a new file, sys/netinet/ip_fw2.c . Same for the user
interface, which is in sbin/ipfw/ipfw2.c (it still compiles to
/sbin/ipfw). The old files are still there, and will be removed
in due time.
I have not renamed the header file because it would have required
touching a one-line change to a number of kernel files.
In terms of user interface, the new "ipfw" is supposed to accepts
the old syntax for ipfw rules (and produce the same output with
"ipfw show". Only a couple of the old options (out of some 30 of
them) has not been implemented, but they will be soon.
On the other hand, the new code has some very powerful extensions.
First, you can put "or" connectives between match fields (and soon
also between options), and write things like
ipfw add allow ip from { 1.2.3.4/27 or 5.6.7.8/30 } 10-23,25,1024-3000 to any
This should make rulesets slightly more compact (and lines longer!),
by condensing 2 or more of the old rules into single ones.
Also, as an example of how easy the rules can be extended, I have
implemented an 'address set' match pattern, where you can specify
an IP address in a format like this:
10.20.30.0/26{18,44,33,22,9}
which will match the set of hosts listed in braces belonging to the
subnet 10.20.30.0/26 . The match is done using a bitmap, so it is
essentially a constant time operation requiring a handful of CPU
instructions (and a very small amount of memmory -- for a full /24
subnet, the instruction only consumes 40 bytes).
Again, in this commit I have focused on functionality and tried
to minimize changes to the other parts of the system. Some performance
improvement can be achieved with minor changes to the interface of
ip_fw_chk_t. This will be done later when this code is settled.
The code is meant to compile unmodified on RELENG_4 (once the
PACKET_TAG_* changes have been merged), for this reason
you will see #ifdef __FreeBSD_version in a couple of places.
This should minimize errors when (hopefully soon) it will be time
to do the MFC.
imposed by the filesystem structure itself remains. With 16k blocks,
the maximum file size is now just over 128TB.
For now, the UFS1 file size limit is left unchanged so as to remain
consistent with RELENG_4, but it too could be removed in the future.
Reviewed by: mckusick
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.
Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.
Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).
Sponsored by: DARPA & NAI Labs.
Reviewed by: Poul-Henning Kamp <phk@freebsd.org>
that are used if none at all are specified for a partition. Don't
keep replaying the last field if we run out of fields when processing
a line. Use a 8:1 frag:block ratio for both defaults.
More work here is required. I think disklabel should not attempt
to choose default filesystem parameters, and instead let newfs pick
any defaults if required.
PR: i386/38703
Reported by: Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>
- /0 if matches ::/128
- /64 if matches 2000::/3 and lowermost 64 bit is all 0
- /128 if matches 2000::/3 and lowermost 64 bit is non-zero 0
Obtained from: KAME/NetBSD
IFS had its fingers deep in the belly of the UFS/FFS split. IFS
will be reimplemented by the maintainer at a later date once the UFS
implementation is in place.
Requested by: adrian (maintainer)
am fairly certain that this should do it and that I may now remove the
UM_ macros from port.h. I will, however, wait a few days to ensure
that these can be safely removed.
/etc/exports. Oversized lines were unlikely due to the large 10k
limit, but any found would cause mountd to exit with an error. Also
fix one or two compiler warnings.
fields as discussed in the commit to ip_fw.c:1.186
On top of this, a ton of non functional changes to clean up the code,
write functions to replace sections of code that were replicated
multiple times (e.g. the printing or matching of flags and options),
splitting long sections of inlined code into separate functions,
and the like.
I have tested the code quite a bit, but some typos (using one variable
in place of another) might have escaped.
The "embedded manpage" is a bit inconsistent, but i am leaving fixing
it for later. The current format makes no sense, it is over 40 lines
long and practically unreadable. We can either split it into sections
( ipfw -h options , ipfw -h pipe , ipfw -h queue ...)
or remove it altogether and refer to the manpage.
+ setting a bandwidth too large for a pipe (above 2Gbit/s) could
cause the internal representation (which is int) to wrap to a
negative number, causing an infinite loop in the kernel;
+ (see PR bin/35628): when configuring RED parameters for a queue,
the values are not passed to the kernel resulting in panics at
runtime (part of the problem here is also that the kernel does
not check for valid parameters being passed, but this will be
fixed in a separate commit).
These are both critical fixes which need to be merged into 4.6-RELEASE.
MFC after: 1 day
- reimplement -z
- use syslog()
- improve consistancy of messages
- allow -f to recover cleared dumps
- return bufsize to 1024 * 1024
- return the ability to write sparse files
- update man page
- fix minfree to require 2k for info file instead of the kernel size
- include Berkeley copyright too due to amount of old code copied
Submitted by: Chad David <davidc@acns.ab.ca>
restores the check_space() function with small modifications
to make it work with the current code. The patch was slightly
modified by Bill Fenner to handle error messages better.
Reviewed by: fenner
fatal if the declaration of strdup() isn't in scope. The upper 32 bits
of the pointer are lost since it defaults to returning "int". Fix some
warnings while here, including trying to make gcc-3.1 happy.
more on how ipfw(8) deals with tiny fragments. While we're at it, add
a quick log message to even let people know we dropped a packet. (Note
that the second FINE POINT is somewhat redundant given the first, but
since the code is there, leave the docs for it.)
MFC after: 1 day
around. If the kernel boots successfully, the record of this kernel
is erased, it is intended to be a one-shot option for testing
kernels.
This could be improved by having the loader remove the record of
the next kernel to boot, it is currently removed in /etc/rc immediately
after disks are mounted r/w.
I'd like to MFC this before the 4.6 freeze unless there is violent
objection.
Reviewed by: Several on IRC
MFC after: 4 days
Use only one filedescriptor. Open in R/O or R/W based in the '-N' option.
Make the filedescriptor a global variable instead of passing it around
as semi-global variable(s).
Remove the undocumented ability to specify type without '-T' option.
Replace fatal() with straight err(3)/errx(3). Save calls to strerror()
where applicable. Loose the progname variable.
Get the sense of the cpgflag test correct so we only issue warnings if
people specify cpg and can't get that. It can be argued that this
should be an error.
Remove the check to see if the disk is mounted: Open for writing
would fail if it were mounted.
Attempt to get the sectorsize and mediasize with the generic disk
ioctls, fall back to disklabel and /etc/disktab as we can.
Notice that on-disk labels still take precedence over /etc/disktab,
this is probably wrong, but not as wrong as the entire concept of
/etc/disktab is.
Sponsored by: DARPA & NAI Labs.
the filesystem type isn't given in the command line. In the case of
an IPv6 address containing ':', one must use the '@' separator for it
to be properly parsed (mount_nfs(8) still needs fixing at the moment
though).
PR: bin/37230
Reviewed by: obrien
MFC after: 1 week
blocksizes, etc
does not give the default of -b
only mentiones rdump in the NAME section
uses both filesystem and file system in similar contexts
PR: 34248
Submitted by: Gary W. Swearingen <swear@blarg.net>
MFC after: 3 days
--change "-s newboot" to "-s newboot2" in an example
--Fixed spelling
--Fixed some confusion between slice/parition/primary partition and other
things.
PR: 35947 and 35951
Noticed by: Gary W. Swearingen <swear@blarg.net>
Reviewed by: keramida
Thanks to: grog
MFC after: 2 days
o Implement -c (clear) to clear previously kept headers (note that
dumps not cleared will remain until -c is used),
o Implement -f (force) to allow re-saving a previously saved dump,
o Implement -k (keep) and make clearing the dump header the default,
o Implement -v (verbose) and make most output conditional upon it,
o Emit minimal output for the non-verbose case with the assumption
that savecore is run mostly from within /etc/rc,
o Update usage message to reflect what is and what's not,
o mark -d as obsolete.
Low-level changes:
o Rename devname to device, for devname mirrors a global declaration
and GCC 3.x warns about it,
o Open the dump device R/W for clear and !keep to work,
o Reorder the locals of DoFile according to style(9),
o Remove newlines from strings passed to warn* and err*,
o Use stat(2) to check if a dump has been saved before,
o Truncate existing core and info files to support force,
o First check for the magic and the version before we complain about
parity errors. This prevents emitting parity error messages when
there's no dump,
o Keep track of the number of headers found and the number of headers
saved to support the minimal output,
o Close files we opened in DoFile. Not critical, but cleaner.
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.
I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
particular as there may not be one. Remove #if 0'ed code which might
mislead people to think otherwise.
unifdef -ULOSTDIR, fsck can make lost+found on the fly.
Sponsored by: DARPA & NAI Labs
Pick up the c-partitions magicness from sys/disklabel.h instead
of defining our own magicness for it, remove trivial comment.
Sponsored by: DARPA and NAI Labs.
that might have changed, then did a byte-by-byte comparison with
the alternate. If any unused fields got used, they had to be added
to the exception list. Such changes caused too many false alarms.
So, I have changed the comparison algorithm to compare a selected
set of fields that are not expected to change. This new algorithm
causes far fewer false hits and still does a good job of detecting
problems when they have really occurred. In particular, this change
should ease the transition to kernels supporting UFS2 which make
some significant changes to the superblock.
Sponsored by: DARPA, NAI Labs
in dump byte order (=network byte order). Swap blocksize and dumptime
to avoid extraneous padding on 64-bit architectures. Use CTASSERT
instead of runtime checks to make sure the header is 512 bytes large.
Various style(9) fixes.
Reviewed by: phk, bde, mike
Commandline compatible with the previous savecore unless you specify
any options, none of them are implemented (yet).
Scans all devices marked "dump" or "swap" for dump header signatures
and saves dumps off under a name which is a MD5 hash of the header
information. This should give unique filenames. A *.info file contains
ascii version of the header information.
Caveats:
The new savecore program is not complete in the sense that it emulates
enough of the old savecores features to do the job, but implements none
of the options yet.
I would appreciate if a userland hacker could help me out getting savecore
to do what we want it to do from a users point of view, compression,
email-notification, space reservation etc etc. (send me email if
you are interested).
Currently, savecore will scan all devices marked as "swap" or "dump" in
/etc/fstab _or_ any devices specified on the command-line.
All architectures but i386 lack an implementation of dumpsys(), but
looking at the i386 version it should be trivial for anybody familiar
with the platform(s) to provide this function.
Documentation is quite sparse at this time, more to come.
Sponsored by: DARPA, NAI Labs
Details:
Dumpon now opens the device and uses ioctl(DIOCGKERNELDUMP) to set it
to be the dumpdevice. When "off" is set, /dev/null is used.
that could be used to set/get arbitrary length link level
addresses. Alias "lladdr" parameter and "ether" family
to the new "link" family for backward compatibility.
PR: bin/31476
MFC after: 1 week
It does not help modern compilers, and some may take some hit from it.
(I also found several functions that listed *every* of its 10 local vars with
"register" -- just how many free registers do people think machines have?)
diskdrives do neither need nor want:
-O create a 4.3BSD format filesystem
-d rotational delay between contiguous blocks
-k sector 0 skew, per track
-l hardware sector interleave
-n number of distinguished rotational positions
-p spare sectors per track
-r revolutions/minute
-t tracks/cylinder
-x spare sectors per cylinder
No change in the produced filesystem image unless one or more of
these options were used.
Approved by: mckusick
open "/dev/stdout". This doesn't actually affect growfs, but does affect
ffsinfo, permitting ffsinfo to output to the shell's stdout rather than
requiring it be dumped to a file or explicitly pointed at a special
device.
Reviewed by: peter
Add a couple of simple regression tests accessible with "make test", they
depend on the md(4) driver.
FYI I have also tried running the test against a week old newfs and it
passed.
anyone needs a newfs without it. Remove the #ifdef's from around
the code and the -DFSIRAND from the Makefile. Also remove redundant
declarations of random() and srandomdev().
for i386 and alpha. Although it builds on sparc64, it does not yet work.
A similar hack as what is used on the sparc64 MD macros can be used to
make ia64 build too, but there doesn't seem to be much point.
Old code obfuscates long (but single-line) messages by printing them in
pieces using %s. Rev.1.41 obfuscated some new long messages using ISO
string concatenation. This commit only fixes the new obfuscations.
by Sheldon.
For a detailed description look at the commit log for sysctl.c
rev.1.42 -- i do not think it is appropriate to put the full
description in this manpage, and the "boot" and "loader" manpages
where this description might go are also missing a description of
a number of similar variables, so i think this it is ok to limit
documentation to this now, and update it later when I (or someone
else) have a chance to revise "boot" and "loader".
machdep.guessed_bootdev, and add code to sysctl to parse its value
and give a (not necessarily correct) name to the device we booted
from (the main motivation for this code is to use the info in the
PicoBSD boot scripts, and the impact on the kernel is minimal).
NOTE: the information available in bootdev is not always reliable,
so you should not trust it too much. The parsing code is the same
as in boot2.c, and cannot cover all cases -- as it is, it seems to
work fine with floppies and IDE disks recognised by the BIOS. It
_should_ work as well with SCSI disks recognised by the BIOS.
Booting from a CDROM in floppy emulation will return /dev/fd0 (because
this is what the BIOS tells us).
Booting off the network (e.g. with etherboot) leaves bootdev unset so
the value will be printed as "invalid (0xffffffff)".
Finally, this feature might go away at some point, hopefully when we
have a more reliable way to get the same information.
MFC-after: 5 days
src/contrib/isc-dhcp/includes/minires/resolv.h has a 'extern' definition
but it makes an error when linking crunched binary just like this:
dhclient.lo: In function `MRres_nquery':
dhclient.lo(.text+0x2dcce): undefined reference to `__h_errno_set'
dhclient.lo(.text+0x2dd5b): undefined reference to `__h_errno_set'
dhclient.lo: In function `MRres_nquerydomain':
dhclient.lo(.text+0x2de53): undefined reference to `__h_errno_set'
The author understands this will be a problem (see comments in resolv.h).
Murray said that the author will fix this, but as a temporary solution,
modifying the source code and not to use __h_errno_set.
BTW, I'm sorry that previous commitlog in src/sbin/dhclient/Makefile should
read "Found by:" instead of "Confirmed by"; I just found that rev 1.15
has a typo so fixed.
Tested on: ushi.jp.FreeBSD.org with today's 5-current source code.
(belive me, "make release.4" works fine now)
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being). Accordingly, change users of
xucred to set and check this field as appropriate. In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former. This also has the pleasant sideaffect of removing some
duplicate code.
Reviewed by: rwatson
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386
Reviewed by: bde, jake, tmm
after an EOT-terminated volume. We keep track of the current record
number, and synchronise it with the c_tapea field each time we read
a header. Avoid the use of c_firstrec because some bugs in dump can
cause it to be set incorrectly.
Move the initialisation of some variables to avoid compiler warnings.
volume if we missed some earlier tapes (the user can still enter
'none' later if the tapes are unavailable). Previously with 'x'
restores, we might not ask for all tapes if the tapes are supplied
in reverse order.
Clarify the message that describes what volume should be mounted
first; reverse order is only efficient when extracting a few files.
for monitoring automated backups. This is based on a patch by Mikhail
Teterin, with some changes to make its operation clearer and to
update the proctitle more frequently.
PR: bin/32138
volumes are available, instead of getting stuck in a loop calling
getvol(). Normally restore in 'x' or 'i' modes will ask for a new
(earlier) volume when the current inode number on the tape is greater
than the last inode to be restored, since there can be no further
inodes of interest on that volume. However we don't want to change
volumes in this case either if the user explicitly said that there
are no more tapes, or if we are looking at the first volume.
When no more volumes are available but there are still inodes that
we have not found, we now just fall through to the code that prints
out a list of any missing files, so the restore completes normally.
Also simplify the logic a bit by always returning to the start of
the main for(;;) loop whenever the volume has changed.
This should completely fix the "Changing volumes on pipe input" bug
that is often observed when restoring dumps of active filesystems.
PR: bin/4176, bin/34604, misc/34675
to multi-volume restores:
- In findinode(), keep a copy of header->c_type so that we don't
exit the do-while loop until we have processed the current header.
Exiting too early leaves curfile.ino set to 0, which confuses
the logic in createfiles(), so multi-volume restores with the
'x' command don't work if you follow the instructions and supply
the tapes in reverse order. This appears to have been broken
by CSRG revision 5.33 tape.c (Oct 1992).
- The logic in getvol() for deciding how many records to skip after
the volume header was confused; sometimes it would skip too few
records and sometimes too many, leading to "resync restore"
warnings and missing files. Skip to the next header only when
the current action is not `USING'. Work around a dump bug that
sets c_count incorrectly in the volume header of the first tape.
Some of the problems here date back to at least 1991.
- Back out revision 1.23. This appeared to avoid warnings about
missing files in the 'rN' verification case, but it made the
problems with the 'x' command worse by stopping getvol() from
even attempting to find the first inode number on the newly
inserted tape. The bug it addressed is fixed by correcting the
skipping logic as described above.
- Save the value of `tpblksread' in case the wrong volume is
supplied, because it is incremented each time we read a volume
header. We already saved `blksread' for the same reson.
Normally trewind() performs a close-open-close cycle to rewind the
tape when closing the device, but this is not ideal for fifos. We
now skip the final open-close if the output descriptor is a fifo.
PR: bin/25474
Submitted by: Alex Bakhtin <bakhtin@amt.ru>
MFC after: 1 week
blocks allocated by some inode. Indirect blocks are printed
recursively, so beware :), the list could become lengthy...
(We should probably add some output pager to fsdb.)
MFC after: 1 month
bloats the resulting binary file by forcing them out of .bss into
.data, while the C standard already guarantees them to become
initialized to 0 at program startup.
MFC after: 1 week
Cure the "lets put everything in registers" ailment.
Set WARNS=2
Fix two problems where casting messed up large quotafiles.
PR: 34108
Submitted by: Maxim Katargin <kmv@asplinux.ru>
MFC after: 3 weeks
This works by retokenizing a line with a split limit so that if the
argument count for a command is greater than the number of arguments
formed by splitting apart the line of user input, the last argument
is instead all of the remainder of the input line.
Yes, I needed this capability at one point to fix a filesystem manually,
which happened to break with a problematic space-containing directory
entry.
This allows obtaining crash dumps from the panics occured during late stages
of kernel initialisation before system enters into single-user mode.
MFC after: 2 weeks
Any of readfds, writefds, and exceptfds may be given as nil
pointers if no descriptors are of interest.
neither wfds nor efds were of interest so now they are nil.
also, do a little better then making an educated guess for nfds.
time_to_xxx() and xxx_to_time() functions. e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard. They will eventually be replaced when a real standard
comes out of committee.
camcontrol.
This enables rescanning all busses or resetting all busses in a system.
The current implementation is not the ideal way to do it -- the ideal way
to do it would be for the transport layer to handle wildcarded busses on
bus rescan and reset operations. The current implementation enumerates all
the busses and sends a rescan or reset CCB individually. Handling this
behavior in the transport layer will happen later.
Reviewed by: imp
Tested by: joerg
MFC after: 1 week
socket so that routing daemons and other interested parties
know when an interface is attached/detached.
PR: kern/33747
Obtained from: NetBSD
MFC after: 2 weeks
variable RELEASE_BUILD_FIXIT is defined, a camcontrol binary will be
built that only knows the "rescan" and "reset" subcommands. The
resulting code is small enough to still fit onto the boot floppy.
Reviewed by: ken
MFC after: 1 week
not return ENOBUFS for unreliable protocols like divert.
This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.
Spotted by: chkno@dork.com
Explained by: luigi
Reviewed by: Ari Suutari <ari.suutari@syncrontech.com>
MFC after: 2 weeks
The first "synopsis" example has a "[/prefixlength]" which shouldn't
be there, since that stuff is part of the preceeding "address" as is
explained in the description of "address".
(The way it is now, 192.168.0.1/16/prefixlength would be a proper
operand. Note that "prefixlength" is not mentioned by name anywhere.)
PR: 32462
Submitted by: Gary W. Swearingen <swear@blarg.net>
disklabel(8)'s "Reading the disk label" section starts out "To examine
or save the label on a disk drive,...". This is confusing. The given
command (disklabel [-r] disk) doesn't save anything (except to standard
out, but that should go without saying). It reads as if the command
might save something on the disk drive.
PR: 32452
Submitted by: Gary W. Swearingen <swear@blarg.net>
reinserted by a userland process, will lose a number of packet
attributes, including their source interface. This may affect
the behavior of later rules, and while not strictly a BUG, may
cause unexpected behavior if not clearly documented. A similar
note for natd(8) might be desirable.
ipfirewall(4) to the IMPLEMENTATION NOTES section because it
considers kernel internals and may confuse newbies if placed
at the very beginning of the manpage (where it used to be previously.)
Not objected by: luigi
a packed array so sizeof work. This broke RFMON mode and passing
up 802.11 packets.
The Linux emulation code was derived from the open source Linux driver to
maintain compatibility.
LEAP support is added, hints from Richard Johnson. I've verified this
locally with PC350v42510.img firmware. More bug fixing from Marco to
fix long passwords.
Change DELAYs in flash part of driver to FLASH_DELAY which uses tsleep
so it doesn't look like your system died during a flash update.
Install header files in /usr/include/dev/an
Cleanup some ifmedia bugs add "Home" key mode to ifmedia and ancontrol.
This way you can manage 2 keys a little easier. Map the home mode into
key 5. Enhance ifconfig to dump the various configured SSIDs. I use
a bunch of different ones and roam between them. Use the syntax similar
to the WEP keys to deal with setting difference SSIDs.
Bump up up the Card capabilities RID since they added 2 bytes to it
in the latest firmware. Thankfully we changed it from a terminal
failure so the card still worked but the driver whined.
Some cleanup patches from Marco Molteni.
Submitted by: Richard Johnson <raj@cisco.com>
Marco Molteni <molter@tin.it>
and myself
Various checks: David Wolfskill <david@catwhisker.org>
Reviewed by: Brooks Davis <brooks@freebsd.org>
Warner Losh <imp@freebsd.org>
Approved by: Brooks Davis <brooks@freebsd.org>
Warner Losh <imp@freebsd.org>
Obtained from: Linux emulation API's from Aironet driver.
of unused partition entries and later detection of unused entries.
Use memcpy to be consistent with the rest of the code, and fix a
minor style nit.
Submitted by: bde
a special file on the command line, eg:
sysctl kern.dumpdev=/dev/ad1s1b
In parse(), when a value is given for a CTLTYPE_QUAD variable,
newval and newsize erroneously fail to be set because of an early
"break".
show_var() contains code that duplicates the functionality of the
oidfmt() function.
PR: 33151, 33150
Submitted by: Thomas Quinot <thomas@cuivre.fr.eu.org>
variables. Use the -d flag in sysctl(8) to see this information.
Possible extensions to sysctl:
+ report variables that do not have a description
+ given a name, report the oid it maps to.
Note to developers: have a look at your code, there are a number of
variables which do not have a description.
Note to developers: do we want this in 4.5 ? It is a very small change
and very useful for documentation purposes.
Suggested by: Orion Hodson
Fair Queueing) and RED (Random Early Detection) to both give the reader
a hint what they are and to make it easier to find out more information
about them.
16384/2048.
Following recent discussions on the -arch mailing list, involving dillon
and mckusick, this change parallels the one made over a decade ago when
the default was bumped up from 4096/512.
This should provide significant performance improvements for most
folks, less significant performance losses for a few folks and
wasted space lost to large fragments for many folks.
For discussion, please see the following thread in the -arch archive:
Subject: Using a larger block size on large filesystems
The discussion ceases to be relevant when the issue of partitioning
schemes is raised.
This flag adds a pausing utility. When ran with -p, during the kernel
probing phase, the kernel will pause after each line of output.
This pausing can be ended with the '.' key, and is automatically
suspended when entering ddb.
This flag comes in handy at systems without a serial port that either hang
during booting or reser.
Reviewed by: (partly by jlemon)
MFC after: 1 week
are sometimes incorrectly being dumped.
The problem arises because the subdirectory only gets its entry
cleared from usedinomap if it is also present in dumpinomap, and it is
the absence of a directory in usedinomap that internally indicates
that the directory is under the effects of UF_NODUMP (either directly
or inherited).
PR: 32414
Submitted by: David C Lawrence <tale@dd.org>
recovery code) back in March, 2001.
In effect, this brain-o would cause 'camcontrol defects' to always return
an error.
Pointed out by: joerg
Tested by: mdodd
were only of benefit to large filesystems, which recent research
suggests is not the case, and which the original author of the text
no longer endorses.
size ratio other than 8:1. Currently, we only recommend an 8:1
ratio, because the impact of others ratios has not been adequately
investigated.
Also, do not recommend the use of the -c option in the example, since
newfs now automatically calculates the best cyl:cylgrp ratio.
This change was discussed with the author of rev 1.29.
These were mainly missing casts or wrong format strings in printf
statements, but there were also missing includes, unused variables,
functions and arguments.
The choice of `long' vs `int' still seems almost random in a lot
of places though.
directory is encountered. This includes the full path of the
directory that will be removed if the user answers "y" to the
"REMOVE?" question.
PR: bin/226851
Submitted by: KOIE Hide <hide@koie.org>
MFC after: 1 week
not listed in /etc/fstab. Previously, the user would be greeted
with "DUMP: bad sblock magic number" when dump tried to parse
the directory contents as an FFS filesystem.
PR: bin/12789
Submitted by: Bob Willcox <bob@pmr.com>
This works for wi(4), but apparantly other wireless drivers seem to do
the right thing.
Submitter and yours truly both got Mislead(tm).
Submitted by: udp <udp@sneakerz.org>
to avoid the need for rpc.lockd to perform client locks. Using
this option a user can revert back to using local locks for NFS mounts
like we did before we had rpc.lockd.
inode type bits set. Previously it would let you set IFMT bits (but
not clear them). The `chtype' command should be be used instead
for changing the inode type; having chmod half-work only causes
confusion.
MAKEDEV and sys/conf/majors, not sys/conf/device.<arch>, which has
never existed in the history of FreeBSD (well, at least it isn't in
the repository).
PR: 31558
Set 'log_ipfw_denied' option if you want the old behaviour.
PR: 30255
Submitted by: Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by: phk
MFC after: 4 weeks
such a way that the name and the value of the variable(s) are separated
with `=' instead of the usual `: '. This is useful for producing output
that can be fed back to the sysctl utility (pasted to sysctl.conf, for
example).
Reviewed by: rwatson
Approved by: markm
MFC after: 2 weeks
header for the case where sizeof(time_t) != sizeof(int). dumprestore.h
was embedding time_t when it should have been embedding int32_t.
Use time_to_time32() and time32_to_time() to convert between the
protocoll/file-format time and time_t.
index, then retrieve statistics for that index, rather than retrieving
all interfaces and then looking for a matching name. This allows the
user to refer to an interface via an alias name.
While I'm here, also perform a few assorted cleanups.
spin in a loop eating CPU time. This bug has existed since the
TI-RPC import. The problem is that we should only enter the select
loop if at least one TCP server was started. Fix this by having
the master nfsd become a UDP server itself if there are no TCP
servers.
Also improve/correct the code for cleaning up slave nfsd processes
and unregistering with rpcbind when the master nfsd exits.
One issue that remains open is that if a slave nfsd dies, then all
nfsds will shut down. This is because nfssvc() in the master nfsd
returns 0 when the master nfsd receives a SIGCHLD.
Submitted by: tmm
1) Allow the sending of more than one control message at a time
over a unix domain socket. This should cover the PR 29499.
2) This requires that unp_{ex,in}ternalize and unp_scan understand
mbufs with more than one control message at a time.
3) Internalize and externalize used to work on the mbuf in-place.
This made life quite complicated and the code for sizeof(int) <
sizeof(file *) could end up doing the wrong thing. The patch always
create a new mbuf/cluster now. This resulted in the change of the
prototype for the domain externalise function.
4) You can now send SCM_TIMESTAMP messages.
5) Always use CMSG_DATA(cm) to determine the start where the data
in unp_{ex,in}ternalize. It was using ((struct cmsghdr *)cm + 1)
in some places, which gives the wrong alignment on the alpha.
(NetBSD made this fix some time ago).
This results in an ABI change for discriptor passing and creds
passing on the alpha. (Probably on the IA64 and Spare ports too).
6) Fix userland programs to use CMSG_* macros too.
7) Be more careful about freeing mbufs containing (file *)s.
This is made possible by the prototype change of externalise.
PR: 29499
MFC after: 6 weeks
name is "mount_mfs" or "mfs". Previously, the condition was that
the program name must start with "mount_", but this both missed
the case where mount(8) invokes mdmfs with argv[0] = "mfs", and it
included cases such as "mount_md" where compatibility is not
required.
Reviewed by: dd
a block or character device; the rest of tunefs works just fine on
filesystem images in regular files. Instead, if getfsfile() failed
and if the specified filesystem is a directory then print a more
useful "unknown file system" error.
Also, _PATH_DEV already contains a trailing slash, so don't add
another one when constructing a device path, and use errx() instead
of err() in a case where errno is meangingless.
addresses (and the macros that ipfw(4) use to lookup data for the 'me'
keyword have been converted) remove a comment about using 'me' being a
"computationally expensive" operation.
while I'm here, change two instances of "IP number" to "IP address"
+ implement "limit" rules, which permit to limit the number of sessions
between certain host pairs (according to masks). These are a special
type of stateful rules, which might be of interest in some cases.
See the ipfw manpage for details.
+ merge the list pointers and ipfw rule descriptors in the kernel, so
the code is smaller, faster and more readable. This patch basically
consists in replacing "foo->rule->bar" with "rule->bar" all over
the place.
I have been willing to do this for ages!
MFC after: 1 week
right; after a single packet was dropped it beeped after every
transmission.
Change its implementation to only output a bell when there is an
increase in the maximum value of the number of packets that were
sent but not yet received. This has the benefit that even for very
long round-trip times, ping -A will do roughly the right thing
after a few inital false-positives.
Reviewed by: ru
and speed. No new functionality added (yet) apart from a bugfix.
MFC will occur in due time and probably in stages.
BUGFIX: fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (there is a PR on this).
OTHER CHANGES: minor changes to the internal struct for static and dynamic rules.
Requires rebuild of ipfw binary.
Add comments to show how data structures are linked together.
(It probably makes no sense to keep the chain pointers separate
from actual rule descriptors. They will be hopefully merged soon.
keep a (sysctl-readable) counter for the number of static rules,
to speed up IP_FW_GET operations
initial support for a "grace time" for expired connections, so we
can set timeouts for closing connections to much shorter times.
merge zero_entry() and resetlog_entry(), they use basically the
same code.
clean up and reduce replication of code for removing rules,
both for readability and code size.
introduce a separate lifetime for dynamic UDP rules.
fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (PR ...)
restructure dynamic rule descriptors
introduce some local variables to avoid multiple dereferencing of
pointer chains (reduces code size and hopefully increases speed).
of dumpmag from an int to a u_long in rev 1.41 -- without this
change, savecore will always fail like this:
#savecore -v /var/crash
dumplo = 874356736 (1707728 * 512)
savecore: magic number mismatch (8fca0101 != 8fca0101)
savecore: no core dump
gzip(1). gdb doesn't understand these, but then again it didn't
understand compressed crashdumps either.
* Change a stray lseek() into a Lseek()
* Remove the extraneous prototype for log() which has apparently never
existed in FreeBSD's sources
Obtained from: NetBSD (partially)
MFC after: 2 weeks
COPTS towards the end of final CFLAGS so that it can be used to
override Makefile and other defaults. Using it in Makefiles risks
having options set using it clobbered when somebody uses it on the
command line.
Approved by: bde
where the headers should live, as the code references both "ip_fil.h" and
"netinet/ip_fil.h" (among others). As a consequence, put both
sys/contrib/ipfilter and sys/contrib/ipfilter/netinet to the include path
so either variant works.
PR: 29384
Pointed out by: Thomas.Quinot@Cuivre.FR.EU.ORG
Allow non-superuser to open, listen to, and send safe commands on the
routing socket. Superuser priviledge is required for all commands
but RTM_GET.
Lose `setuid root' bit of route(8).
Reviewed by: wollman, dd
At the times, restore(8) and rrestore(8) were the different
utilities. rrestore(8) was installed setuid `root', while
restore(8) with usual ownership and privileges. Later on,
on August 28, 1991 (what a coincidence!), rrestore(8) code
was merged with restore(8). The setgid `tty' bit then was
accidentally put.
default if the executable is named (called as) "mount_*", or can be
enabled with the -C option. This allows users to leave their old
fstab entires unchanged (modulo symlink'ing mdmfs to mount(md|mfs))
and have things behave the way they should (by emulating mount_mfs
silliness), while still allowing mdmfs to be used as a generic
make-an-md-and-mount-it type thing.
Right now, the only effects of this option is to set the mount-point
mode to 01777 as if "-p 1777" was given, and to complain about getting
command-line options that mount_mfs didn't take (e.g., -X, -L, et al).
The latter is mostly to try to catch operator errors.
Also implement -U, which turns on soft-updates. It's redundant (since
softdep is the default), but implement it anyway for compatibility.
bypass some extra anti-foot-shooting measures. Currently, its only
effect is to allow detaching a device while it's still open (e.g.,
mounted). This is useful for testing how the system reacts to a disk
suddenly going away, which can happen with some removeable media.
At this point, the force option is only checked on detach, so it
would've been possible to allow the option to be passed with the
MDIOCDETACH operation. This was not done to allow the possibility of
having the force flag influence other tests in the future, which may
not necessarily deal with detaching the device.
Reviewed by: sobomax
Approved by: phk
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure. Also the output of setkey is changed. sequence number
of the sadb is replaced to the end of the output.
Obtained from: KAME
pointed out by bde:
- Ask for user confirmation before adjusting to a head/cylinder
boundary (only when running interactively), and separate this
adjustment from the automatic calculation of c/h/s parameters.
- In sanitize_partition, don't change any values in the slice until
we know that the automatic adjustment will succeed.
- When auto-adjusting, ignore unused slices and give an appropriate
error for other zero-size slices depending on the cause.
- Change dos() to do all of the c/h/s calculations for a whole slice;
this fixes a bug where the ending c/h/s of an unused slice was set
incorrectly.
- When changing the active slice, detect the currently active slice
number instead of always defaulting to slice 4.
- Call fflush(stdout) before calling fgets().
- Test for fgets() returning NULL so we don't loop on EOF.
Reviewed by: bde
1.) prefix all functions in the library with devstat_ (compatability
functions are available for all functions that were chaned in an
incompatible way, but are deprecated).
2.) Add a pointer to a kvm_t as the first argument to functions that
used to get their information via sysctl; they behave the same
as before when NULL is passed as this argument, otherwise, the
information is obtained via libkvm using the supplied handle.
3.) Add a new function, devstat_compute_statistics(), that is intended
to replace the old compute_stats() function. It offers more
statistics data, and has a more flexible interface.
libdevstat does now require libkvm; a library depedency is added, so
that libkvm only needs to be explicitely specified for statically linked
programs.
The library major version number is bumped.
Submitted by: Sergey A. Osokin <osa@freebsd.org.ru>, ken (3)
Reviewed by: ken
- Declare mtabhead as an extern in mounttab.h and define it only in
mounttab.c.
- Remove shared global `verbose' and instead pass it as a parameter.
- Remove the `mtabp' argument to read_mtab(). It served no purpose
whatsoever, although read_mtab() did use it as a temporary local
variable.
- Don't check for impossible conditions when parsing mounttab, and
do detect zero-length fields.
- Correctly test for strtoul() failures - just testing ERANGE is wrong.
- Include a field name in syslog errors, and avoid passing NULL to
a syslog %s field.
- Don't test if arrays are NULL.
- If there are duplicates when writing out mounttab, keep the last
entry instead of the first, as it will have a later timestamp.
- Fix a few formatting issues.
Update rpc.umntall and umount to match the mounttab interface changes.
information for any command line error, the actual error message
almost always (and sometimes irretrievably) lost scrolling off the top
of the screen. Now just print the error. Give ipfw(8) no arguments for
the old usage summary.
Thanks to Lyndon Nerenberg <lyndon@orthanc.ab.ca> for the patch and
PR, but I had already done this when ru pointed out the PR.
PR: bin/28729
Approved by: ru
MFC after: 1 week
immediately if a host specified by the -h flag cannot be parsed
instead of attempting to unmount all NFS filesystems, which was
bad.
Add a missing return statement at the end of checkname(); this
could result in a non-zero exit status in some cases even if the
unmount succeeded.
Group two separate NFS-related operations into one block to make
it more obvious that a variable (hostp) is not dereferenced when
uninitialised. Initialise it to NULL anyway to avoid a warning.
Pass in the read_mtab()'s bogus argument as NULL instead of messing
with a local variable to achieve the same effect. A later commit
will clean up this mounttab interface.
forever by default. This matches what mount_nfs did before revision
1.40, and it is the generally expected behaviour for NFS mounts.
Document the current defaults near the start of the man page and
mention the options that can be used to change them.
Discussed on: -hackers
to give up after one attempt unless a background mount is requested.
Background mounts would retry 10000 times (at least 7 days) before
giving up.
For some situations such as diskless terminals, an NFS filesystem
may be critical to the boot process, so neither the "try once" nor
background mounts are appropiate. To cater for this situation,
unbreak the -R (retry count) parameter so that it also works in
the non-background case. Interpret a zero retry count as "retry
forever".
The defaults are now "try once" for non-background mounts and "retry
forever" for background mounts; both can be overridden via -R.
Add a description of this behaviour to the manpage.
device search code i introduce nearly six years ago in rev 1.8. Bruce
suggested to rather use the device name of the root filesystem instead
which is certainly the most sensible default. Since there are many
possible cases for a root filesystem name (device with and without
slices, consider /dev/vinum/root even though it currently could not
work as such), there's some heuristic using a RE in order to find out
the canonical device name from the mounted name. This probably won't
quite fit for a NFS root (can't test that right now), but then,
there's hard to find a good default for those machines anyway. ;-)
This unbreaks the functionality of rev 1.2 i once broke in 1.8. :)
to use 0xffffffff (INADDR_NONE) as a netmask value. The fix
is to use inet_addr(3) which doesn't suffer from this problem.
PR: bin/28873
Also, while here, fixed the bug when netmask value was ignored
(RTF_HOST flag was set) if the "destination gateway netmask"
syntax is used, e.g. ``route add 1.2.3.4 127.1 255.255.255.255''.
The original code was certainly broken; it knows that whereto is
to be used for a sockaddr_in, so it should be declared as such.
To support multiple protocols, there is also a sockaddr_storage
struct that can be used; I don't think struct sockaddr is supposed
to be used anywhere other than for casts and pointers.
Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
MFC after: 3 weeks
This one is strange and goes against my rusty compiler knowledge.
The global declaration
struct sockaddr whereto;
produces for both i386 && alpha:
.comm whereto,16,1
which means common storage, byte aligned. Ahem. I though structs
were supposed to be ALDOUBLE always? I mean, w/o pragma packed?
Later on, this address is coerced to:
to = (struct sockaddr_in *)&whereto;
Up until now, we've been fine on alpha because the address
just ended up aligned to a 4 byte boundary. Lately, though,
it end up as:
0000000120027b0f B whereto
And, tra la, you get unaligned access faults. The solution I picked, in
lieu of understanding what the compiler was doing, is to put whereto
as a union of a sockaddr and sockaddr_in. That's more formally correct
if somewhat awkward looking.
prematurely terminate the search for a usable disk. ENOENT is quite
normal in particulare now with the advent of devfs.
While being here, also remove /dev/wd0 and /dev/od0 from the list of
disks to search since we don't have them anymore.
MFC after: 1 week
backslash as nothing, treat it like a space so that adjacent lines
aren't glued together.
PR: 8479
Submitted by: Adrian Filipi-Martin <adrian@ubergeeks.com>
user runs with privilege, allowing the sending of icmp packets with
larger size (up to 48k, the default receive buffer size in ping),
which is useful for network driver development testing, as well
as experimentation with fragmentation.
Reviewed by: wpaul
ensure that we never proceed with the mount() syscall if the server
is replying from the wrong source address. Previously the userland
RPC call to the remote nfsd would succeed, but the kernel uses
connect() so it would not see the replies, resulting in a hung
mount.
NQNFS code is ancient, bug-ridden, and should probably be removed).
The wording here was very confusing; it was easy to get the impression
that NQNFS is an extension to NFSv3 when in fact it just uses some
NFSv3-like extensions on top of NFSv2. As witnessed by the mailing
lists and PRs, some people were reading the description and deciding
that NQNFS was what they wanted to use.
MFC after: 1 week
driver itself obviously won't configure such a disk, but the error
returned (EDOM) is more cryptic to the average user than it should be.
Also assert that the argument to -u is in fact a valid unit; don't
just accept any string to mean 0.
Approved by: phk
in revision 1.48. It is pretty valid and often feasible to use
a non-point-to-point interface as the gateway. One might, for
example, use this to route some hosts through an ARP on a local
interface, without having to assign an additional IP address:
Script started on Tue Jun 12 16:16:09 2001
# ifconfig rl0 inet
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.4.115 netmask 0xffffff00 broadcast 192.168.4.255
# netstat -arn -finet | grep -w rl0
192.168.4 link#1 UC 3 0 rl0 =>
192.168.4.65 0:d0:b7:16:9c:c6 UHLW 1 0 rl0 1197
# route add -net 192.168.100 -iface rl0
add net 192.168.100: gateway rl0
# ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1): 56 data bytes
64 bytes from 192.168.100.1: icmp_seq=0 ttl=255 time=0.551 ms
64 bytes from 192.168.100.1: icmp_seq=1 ttl=255 time=0.268 ms
^C
--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.268/0.410/0.551/0.142 ms
# netstat -arn -finet | grep -w rl0
192.168.4 link#1 UC 3 0 rl0 =>
192.168.4.65 0:d0:b7:16:9c:c6 UHLW 1 0 rl0 1165
192.168.100 link#1 UCSc 1 0 rl0 =>
192.168.100.1 0:d0:b7:16:9c:c6 UHLW 1 4 rl0 1192
Script done on Tue Jun 12 16:17:12 2001
This is needed to pick up the right headers. Wrong headers from
src/contrib/ipfilter are used otherwise.
The right fix would be to fix contrib/ipfilter C sources to pick up
headers from <sys/netinet>.
Noticed by: peter
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
the individual options to increment argv and decrement argc. This
caused the -T option to swallow an extra argument.
PR: 27982
Submitted by: Samuel Greear <sgreear@vsni.com>
a route to the gateway and caches it in the route structure.
It may happen (if the routing table is screwed) that the gateway
route is the same route as the one being modified, in which case
a kernel reports EDQUOT. Be more verbose about this:
# route add -net 10 192.168.4.65
add net 10: gateway 192.168.4.65
# netstat -rn -finet
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.4.65 UGSc 1 7 rl0
10 192.168.4.65 UGSc 0 0 rl0
127.0.0.1 127.0.0.1 UH 0 178 lo0
192.168.4 link#1 UC 2 0 rl0 =>
192.168.4.65 0:d0:b7:16:9c:c6 UHLW 2 0 rl0 1123
Before:
# route change -net 10 10.0.0.1
route: writing to routing socket: Disc quota exceeded
change net 10: gateway 10.0.0.1: Disc quota exceeded
After:
# ./route change -net 10 10.0.0.1
route: writing to routing socket: Disc quota exceeded
change net 10: gateway 10.0.0.1: gateway uses the same route
PR: bin/1093, misc/26833
blackhole(4), except that blackhole(4) uses sysctl's. This xref
obviously isn't appropriate unless we want to xref all the other man
pages which mention sysctls, which we obviously don't (we may want to
list those sysctls, but that's another story).
PR: 27937
Submitted by: yar
PR: bin/12489
- Use inet_ntoa(3) where it should have been used. This
part of code simply wasn't converted to the "new" style
after the routename() function was converted from the
protocol-generic version to protocol-specific version
in CSRG revision 5.6.
MFC after: 1 week
but list them if -d was specified).
Avoid listing expired dynamic rules unless the (new) -e option was specified.
If specific rule numbers were listed on the command line, and the -d flag was
specified, only list dynamic rules that match the specified rule numbers.
Try to partly clean up the bleeding mess this file has become. If there is
any justice in this world, the responsible parties (you know who you are!)
should expect to wake up one morning with a horse's head in their bed. The
code still looks like spaghetti, but at least now it's *properly intented*
spaghetti (hmm? did somebody say "tagliatelle"?).
when comparing with the alternate superblock. These fields are used
for temporary in-core information only. This should fix the "VALUES
IN SUPER BLOCK DISAGREE WITH THOSE IN FIRST ALTERNATE" error from
fsck_ffs that has been seen a lot recently.
attempting to remove nonexistant exports with MNT_DELEXPORT returns
an error; before this change it always succeeded. This caused
mountd(8) to log "can't delete exports for /whatever" warnings.
Change the error code from EINVAL to a more specific ENOENT, and
make mountd ignore this error when deleting the export list. I
could have just restored the previous behaviour of returning success,
but I think an error return is a useful diagnostic.
Reviewed by: phk
printed on a single, very long, and generally unreadable line. This
isn't very useful. It's also really ugly and most of the time you don't
care what media is supported anyway.
PR: 27701
Submitted by: Brooks Davis <brooks@one-eyed-alien.net>
- introduce a -o option that displays opaque variables.
- introduce a -x option that displays opaque variables in full.
- deprecate -A in favor of -ao and -X in favor of -ax.
- remove -A and -X from usage() and SYNOPSIS (but not from DESCRIPTION).
- ignore -a if one or more variables were listed on the command line.
- deprecate -w, it is not needed to determine the user's intentions.
- some language and style cleanup in the man page.
This commit should not break any existing scripts.
MFC after: 4 weeks
despite the fact that most people want to set exactly the same settings
regardless of which card they have. It has been repeatidly suggested
that this configuration should be done via ifconfig. This patch
implements the required functionality in ifconfig and add support to the
wi and an drivers. It also provides partial, untested support for the
awi driver.
PR: 25577
Submitted by: Brooks Davis <brooks@one-eyed-alien.net>
systems were repo-copied from sys/miscfs to sys/fs.
- Renamed the following file systems and their modules:
fdesc -> fdescfs, portal -> portalfs, union -> unionfs.
- Renamed corresponding kernel options:
FDESC -> FDESCFS, PORTAL -> PORTALFS, UNION -> UNIONFS.
- Install header files for the above file systems.
- Removed bogus -I${.CURDIR}/../../sys CFLAGS from userland
Makefiles.
if the kernel module is built that way.
Remove the gross debug device/non-debug device hack used to recognize
whether the kernel module was in sync with the userland module.
vinum_mirror, vinum_raid4, vinum_raid5.
Correct typos.
Show new output of the 'list' and 'ls' commands.
Update examples to use 279 kB stripe sizes instead of 256 kB.
Clarify some text.
Remove the description of the 'invalid ioctl' messages which now no
longer occur.
Add a description of the 'retryerrors' keyword.
to avoid including the kernel headers.
Move a number of definitions of userland functions from
dev/vinum/vinumext.h.
Desired by: bde
This commit is the first of a general cleanup of the header files..
It won't be enough to make bde happy.
Remove vinum_perror and associated DEVBUG definition.
Use userland expurgated versions of kernel structures, since that's
what the ioctls return now.
Remove vinum_perror.
main: Check kernel version with userland version in _vinum_conf. This
field is a constant which gets incremented every time the
kernel-userland interface changes. This enables vinum(8) to
check for the correct kernel version and to produce a useful
message if it doesn't match. For previous versions, which don't
have a version number, the length of the structure is different,
so we can recognize it via the EINVAL return from ioctl.
Supply count parameter to tokenize().
Change method of recognizing active devfs: replace devfs_is_active
with (complemented) no_devfs.
make_devices: remove references to devfs. If we're running devfs, we
don't need to call make_devices at all.
vinum_makedev (user command 'makedev'): Print a warning message if
devfs is running and don't do anything else.
Remove vinum_perror.
Modify 'list' brief printout to fit in 80 columns.
Modify 'ls' brief printout to show the drive to which the subdisk
before instead of the plex offset, which is usually less interesting.
The verbose printout remains unchanged.
Use userland expurgated versions of kernel structures, since that's
what the ioctls return now.
Move checkupdates here to simplify header file mess.
Remove 'vinum_perror'.
Only call make_devices if we're not running devfs.
Use userland expurgated versions of kernel structures, since that's
what the ioctls return now.
Update help list, which was lagging behind reality.
checkupdates: move to list.c to simplify header file mess.
vinum_stripe, vinum_mirror, vinum_raid4, vinum_raid5: change the
default stripe size from 256 k to 279 k, thus hopefully spreading
superblocks more evenly.
rules. Also, don't show dynamic rules if you only asked to see a
certain rule number.
PR: 18550
Submitted by: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
Approved by: luigi
MFC after: 2 weeks
page with *all* the permissible values.
This should really be spelt ipencap (as /etc/protocols does),
but a precedent has already been set by the ipproto array in
setkey.c.
It would be nice if /etc/protocols was parsed for the upperspec
field, but I don't do yacc/lex...
This change allows policies that only encrypt the encapsulated
packets passing between the endpoints of a gif tunnel. Setting
such a policy means that you can still talk directly (and
unencrypted) between the public IP numbers with (say) ssh.
MFC after: 1 week
function; we now handle unknown protocols more gracefully.
- Cache the return from getnetconfigent() so that we don't have to
remember to call freenetconfigent() each time. This fixes a memory
leak that would cause retrying background mount_nfs processes to
slowly increase their memory usage.
longer includes machine/elf.h.
* consumers of elf.h now use the minimalist elf header possible.
This change is motivated by Binutils 2.11.0 and too much clashing over
our base elf headers and the Binutils elf headers.
least in -w's case, simply unsetting the correct bit in init_flags was not
enough. The bit may be reset later if, say, the filesystem is marked `ro'
in fstab. The command line option should override the fstab setting, but
did not. The implementation of -r was changed for consistency.
PR: 26886
Reviewed by: archie
Traditionally, fsck is invoked before the filesystems are mounted
and all checks are done to completion at that time. If background
checking is available, fsck is invoked twice. It is first invoked
at the traditional time, before the filesystems are mounted, with
the -F flag to do checking on all the filesystems that cannot do
background checking. It is then invoked a second time, after the
system has completed going multiuser, with the -B flag to do checking
on all the filesystems that can do background checking. Unlike
the foreground checking, the background checking is started
asynchonously so that other system activity can proceed even on
the filesystems that are being checked.
At the moment, only the fast filesystem supports background checking.
To be able to do background checking, a filesystem must have been
running with soft updates, not have been marked as needing a
foreground check, and be mounted and writable when the background
check is to be done (i.e., not listed as `noauto' in /etc/fstab).
These changes are the final piece needed to support background
filesystem checking. They will not have any effect until you update
your /etc/rc to invoke fsck in its new mode of operation. I am
still playing around with exactly what those changes should be
and should be committing them later this week.
filesystem needs foreground checking (usually at boot time) or
can defer to background checking (after the system is up and running).
See the manual page, fsck_ffs(8), for details on the -F and -B options.
These options are primarily intended for use by the fsck front end.
All output is directed to stdout so that the output is coherent
when redirected to a file or a pipe. Unify the code with the fsck
front end that allows either a device or a mount point to be
specified as the argument to be checked.
always look up -network and -mask addresses numerically before
trying getnetbyname(). Without this, we may end up attempting DNS
queries on silly names such as "127.0.0.0.my-domain.com". See the
commit log from revisions 1.21 and 1.20 for further details.
removes the last path component until the mount() succeeds. However,
the code never checks if it has passed the mountpoint, so in some
cases where the mount() never succeeds, it can end up applying the
flags from a mounted filesystem to the underlying one.
Add a sanity check to the code which removes the last path component:
test that the fsid associated with the new path is the same as that
of the old one.
PR: bin/7872
a number of assumptions related to the parsing of options in
/etc/exports, and missed a few necessary new error checks.
The main problems related to netmasks: an IPv6 network address
missing a netmask would result in the filesystem being exported to
the whole IPv6 world, non-continuous netmasks would be made continuous
without any warnings, and nothing prevented you specifying an IPv4
mask with an IPv6 address.
This change addresses these issues. As a side-effect we now store
netmasks in sockaddr structs (this matches the kernel interface,
and is closer to the way it used to be). Add a flag OP_HAVEMASK to
keep track of whether or not we have successfully got a mask from
any source. Replace some mask-related helper functions with versions
that use the sockaddr-based masks.
Also tidy up get_net() and fix the code that interprets IPv4 partial
networks such as "127.1" as network rather than host addresses.
Properly zero out some structures that were ending up partially
containing junk from the stack, fix a few formatting issues, and
add a comment noting some assumptions about export arguments.
would call malloc, stdio and other library functions from the signal
handler which is not safe due to reentrancy problems.
Instead, add a simple handler that just sets a flag, and call the
more complex function from main() when necessary. Unfortunately to
be able to check this flag, we must expand the svc_run() call, but
the RPC library makes that relatively easy to do.
- Remove some horrible code that faked a "struct addrinfo" to be
later passed to freeaddrinfo(). Instead, add a new group type
"GT_DEFAULT" used to denote that the filesystem is exported to the
world, and treat this case separately.
- Don't clear the AI_CANONNAME flag in a struct addrinfo returned
by getaddrinfo. There's still a bit more struct addrinfo abuse
left in here.
- Simplify do_mount() slightly by using an addrinfo pointer to keep
track of the current address.
- Revert del_mlist() to its pre-tirpc prototype. Unlike NetBSD's version,
ours lets the caller generate any syslog() messages, so that it
can include the service name in the message.
- Initialise a few local variables to clarify the logic and avoid some
compiler warnings.
- Remove a few unused functions and local variables, and fix some
whitespace issues.
- Reinstate the logic for avoiding duplicate host entries that got
removed accidentally in revision 1.41 (added in r1.5). This bit
was submitted in a slightly different form by Thomas Quinot.
Submitted by: Martin Blapp <mb@imp.ch>,
Thomas Quinot <quinot@inf.enst.fr>
PR: bin/26148
1) Set the FS_NEEDSFSCK flag when unexpected problems are encountered.
2) Clear the FS_NEEDSFSCK flag after a successful foreground cleanup.
3) Refuse to run in background when the FS_NEEDSFSCK flag is set.
4) Avoid taking and removing a snapshot when the filesystem is already clean.
5) Properly implement the force cleaning (-f) flag when in preen mode.
Note that you need to have revision 1.21 (date: 2001/04/14 05:26:28) of
fs.h installed in <ufs/ffs/fs.h> defining FS_NEEDSFSCK for this to compile.
Because the kernel will allow the mounting of unclean filesystems when
the soft updates flag is set, it is important that only soft updates
style inconsistencies (missing blocks and inodes) be present. Otherwise
a panic may ensue. It is also important that the filesystem be in a clean
state when the soft updates flag is set because the background fsck uses
the fact that the flag is set to indicate that it is safe to run. If
background fsck encounters non-soft updates style inconsistencies, it
will exit with unexpected inconsistencies.
not -tag. Instead, put a period after the error messages to aide
those using dumb terminals not capable of properly displaying markup.
Requested by: ru
the ability to use a preprocessor, use the -q (quiet) flag when reading
from a file). The source used is from ipfw.
Clean up exit codes while I am here.
KAME has been informed and plans on integrating these patches into their
own source as well.
number of issues:
- Fix background mounts; these were broken in revision 1.40.
- Don't give up before trying all addresses returned by getaddrinfo().
- Use protocol-independent routines where possible.
- Improve error reporting for RPC errors.
- In non-background mode, give up after trying all protocols once.
- Use daemon(3) instead of rolling our own version.
- Never go ahead with the mount() syscall until we have received
a reply from the remote nfsd; this is especially important with
non-interruptible mounts, as otherwise a mistyped command might
require a reboot to correct.
Reviewed by: alfred, Martin Blapp <mb@imp.ch>
His description of the problem and solution follow. My own tests show
speedups on typical filesystem intensive workloads of 5% to 12% which
is very impressive considering the small amount of code change involved.
------
One day I noticed that some file operations run much faster on
small file systems then on big ones. I've looked at the ffs
algorithms, thought about them, and redesigned the dirpref algorithm.
First I want to describe the results of my tests. These results are old
and I have improved the algorithm after these tests were done. Nevertheless
they show how big the perfomance speedup may be. I have done two file/directory
intensive tests on a two OpenBSD systems with old and new dirpref algorithm.
The first test is "tar -xzf ports.tar.gz", the second is "rm -rf ports".
The ports.tar.gz file is the ports collection from the OpenBSD 2.8 release.
It contains 6596 directories and 13868 files. The test systems are:
1. Celeron-450, 128Mb, two IDE drives, the system at wd0, file system for
test is at wd1. Size of test file system is 8 Gb, number of cg=991,
size of cg is 8m, block size = 8k, fragment size = 1k OpenBSD-current
from Dec 2000 with BUFCACHEPERCENT=35
2. PIII-600, 128Mb, two IBM DTLA-307045 IDE drives at i815e, the system
at wd0, file system for test is at wd1. Size of test file system is 40 Gb,
number of cg=5324, size of cg is 8m, block size = 8k, fragment size = 1k
OpenBSD-current from Dec 2000 with BUFCACHEPERCENT=50
You can get more info about the test systems and methods at:
http://www.ptci.ru/gluk/dirpref/old/dirpref.html
Test Results
tar -xzf ports.tar.gz rm -rf ports
mode old dirpref new dirpref speedup old dirprefnew dirpref speedup
First system
normal 667 472 1.41 477 331 1.44
async 285 144 1.98 130 14 9.29
sync 768 616 1.25 477 334 1.43
softdep 413 252 1.64 241 38 6.34
Second system
normal 329 81 4.06 263.5 93.5 2.81
async 302 25.7 11.75 112 2.26 49.56
sync 281 57.0 4.93 263 90.5 2.9
softdep 341 40.6 8.4 284 4.76 59.66
"old dirpref" and "new dirpref" columns give a test time in seconds.
speedup - speed increasement in times, ie. old dirpref / new dirpref.
------
Algorithm description
The old dirpref algorithm is described in comments:
/*
* Find a cylinder to place a directory.
*
* The policy implemented by this algorithm is to select from
* among those cylinder groups with above the average number of
* free inodes, the one with the smallest number of directories.
*/
A new directory is allocated in a different cylinder groups than its
parent directory resulting in a directory tree that is spreaded across
all the cylinder groups. This spreading out results in a non-optimal
access to the directories and files. When we have a small filesystem
it is not a problem but when the filesystem is big then perfomance
degradation becomes very apparent.
What I mean by a big file system ?
1. A big filesystem is a filesystem which occupy 20-30 or more percent
of total drive space, i.e. first and last cylinder are physically
located relatively far from each other.
2. It has a relatively large number of cylinder groups, for example
more cylinder groups than 50% of the buffers in the buffer cache.
The first results in long access times, while the second results in
many buffers being used by metadata operations. Such operations use
cylinder group blocks and on-disk inode blocks. The cylinder group
block (fs->fs_cblkno) contains struct cg, inode and block bit maps.
It is 2k in size for the default filesystem parameters. If new and
parent directories are located in different cylinder groups then the
system performs more input/output operations and uses more buffers.
On filesystems with many cylinder groups, lots of cache buffers are
used for metadata operations.
My solution for this problem is very simple. I allocate many directories
in one cylinder group. I also do some things, so that the new allocation
method does not cause excessive fragmentation and all directory inodes
will not be located at a location far from its file's inodes and data.
The algorithm is:
/*
* Find a cylinder group to place a directory.
*
* The policy implemented by this algorithm is to allocate a
* directory inode in the same cylinder group as its parent
* directory, but also to reserve space for its files inodes
* and data. Restrict the number of directories which may be
* allocated one after another in the same cylinder group
* without intervening allocation of files.
*
* If we allocate a first level directory then force allocation
* in another cylinder group.
*/
My early versions of dirpref give me a good results for a wide range of
file operations and different filesystem capacities except one case:
those applications that create their entire directory structure first
and only later fill this structure with files.
My solution for such and similar cases is to limit a number of
directories which may be created one after another in the same cylinder
group without intervening file creations. For this purpose, I allocate
an array of counters at mount time. This array is linked to the superblock
fs->fs_contigdirs[cg]. Each time a directory is created the counter
increases and each time a file is created the counter decreases. A 60Gb
filesystem with 8mb/cg requires 10kb of memory for the counters array.
The maxcontigdirs is a maximum number of directories which may be created
without an intervening file creation. I found in my tests that the best
performance occurs when I restrict the number of directories in one cylinder
group such that all its files may be located in the same cylinder group.
There may be some deterioration in performance if all the file inodes
are in the same cylinder group as its containing directory, but their
data partially resides in a different cylinder group. The maxcontigdirs
value is calculated to try to prevent this condition. Since there is
no way to know how many files and directories will be allocated later
I added two optimization parameters in superblock/tunefs. They are:
int32_t fs_avgfilesize; /* expected average file size */
int32_t fs_avgfpdir; /* expected # of files per directory */
These parameters have reasonable defaults but may be tweeked for special
uses of a filesystem. They are only necessary in rare cases like better
tuning a filesystem being used to store a squid cache.
I have been using this algorithm for about 3 months. I have done
a lot of testing on filesystems with different capacities, average
filesize, average number of files per directory, and so on. I think
this algorithm has no negative impact on filesystem perfomance. It
works better than the default one in all cases. The new dirpref
will greatly improve untarring/removing/coping of big directories,
decrease load on cvs servers and much more. The new dirpref doesn't
speedup a compilation process, but also doesn't slow it down.
Obtained from: Grigoriy Orlov <gluk@ptci.ru>
[I first added this functionality, and thought to check prior art. Seeing
OpenBSD had already done this, I changed my addition to reduce the diffs
between the two and went with their option letter.]
Obtained from: OpenBSD
of pingnfsserver(). The pingnfsport() function is now called everytime.
If we don't get RPC_SUCCESS or RPC_PROGVERSMISMATCH back, there's
something wrong with the NFS server and we just exit.
- Fix cfs mount on IPv4-only machines
- Fixed the looping when we did not run background mode.
- Fixed a getnameinfo() call with uninitialized adress.
This is a NetBSD bug I didn't notified :-( Thanks Ian !
- Added some #ifdef NFSKERB
- Removed some unused variables.
- Fixed idention
- Remove unnecessary ":" in openlog ident
Submitted by: Martin Blapp <mb@imp.ch>
Reviewed by: Ian Dowse <iedowse@maths.tcd.ie>
<QUOTE>
Overflow of cg_niblk causes spurious "SUMMARY INFORMATION BAD" warnings
prompts in fsck_ffs. cg_niblk has type int16_t, but it is (ab)used
to hold the number of inodes per group (it has nothing to do with the
number of inode blocks in the cg as claimed in ffs/fs.h), and there
can be lots of inodes per group. E.g.,
newfs -i 8192 -b 16384 -f 16384 -c 255 ...
gives 0xA900 inodes/group. Assignment of this to cg_niblk gives
-0x5700. This is mostly harmless (ufs/ffs doesn't use cg_niblk, and
bug-for-bug compatible overflow occurs in newfs), but in
fsck_ffs/pass5.c, negative values of cg_niblk limit cg_irotor to 0
and the summary info appears to be bad.
</QUOTE>
Submitted by: Bruce Evans <bde@zeta.org.au>
Obtained from: Kirk McKusick <mckusick@mckusick.com>
Consider this /etc/fstab:
# Device Mountpoint FStype Options Dump Pass#
/dev/ad1s1b none swap sw 0 0
/dev/ad0s1b none swap sw 0 0
/dev/ad0s1a / ufs rw 1 1
/dev/ad0s1e /home ufs rw 2 2
/dev/ad1s1e /tmp ufs rw 2 2
/dev/ad1s1f /usr ufs rw 2 2
/dev/ccd0c /syv ufs rw 2 11
proc /proc procfs rw 0 0
ccd0c is striped over /dev/ad0f and /dev/ad1g
Without this pass, fsck in preen mode will check ad0s1a first,
and then issue three processes in parallel:
One process doing ad0s1e
One process doing ad1s1e and ad1s1f
One process doing ccd0c
There is no way to tell it that ccd0c overlaps ad0 and ad1.
With the patch, it will do it this way:
pass 2:
One process doing ad0s1e
One process doing ad1s1e and ad1s1f
and when they are complete:
pass 11:
One process doing ccd0c
This is much faster and more sane.
Valid pass numbers are anything from 1 to INTMAX-1.
I retired the '-l' option which tried to allow people to do
something like this, but which didn't work and which complicated
the code an awful lot.
If one is trying to dump or repair an ill system, give the user a fighting
chance. Refusing to operate w/o a very non-critical file (feature) is
just plain stupid.
Some of the major changes include:
- The SCSI error handling portion of cam_periph_error() has
been broken out into a number of subfunctions to better
modularize the code that handles the hierarchy of SCSI errors.
As a result, the code is now much easier to read.
- String handling and error printing has been significantly
revamped. We now use sbufs to do string formatting instead
of using printfs (for the kernel) and snprintf/strncat (for
userland) as before.
There is a new catchall error printing routine,
cam_error_print() and its string-based counterpart,
cam_error_string() that allow the kernel and userland
applications to pass in a CCB and have errors printed out
properly, whether or not they're SCSI errors. Among other
things, this helped eliminate a fair amount of duplicate code
in camcontrol.
We now print out more information than before, including
the CAM status and SCSI status and the error recovery action
taken to remedy the problem.
- sbufs are now available in userland, via libsbuf. This
change was necessary since most of the error printing code
is shared between libcam and the kernel.
- A new transfer settings interface is included in this checkin.
This code is #ifdef'ed out, and is primarily intended to aid
discussion with HBA driver authors on the final form the
interface should take. There is example code in the ahc(4)
driver that implements the HBA driver side of the new
interface. The new transfer settings code won't be enabled
until we're ready to switch all HBA drivers over to the new
interface.
src/Makefile.inc1,
lib/Makefile: Add libsbuf. It must be built before libcam,
since libcam uses sbuf routines.
libcam/Makefile: libcam now depends on libsbuf.
libsbuf/Makefile: Add a makefile for libsbuf. This pulls in the
sbuf sources from sys/kern.
bsd.libnames.mk: Add LIBSBUF.
camcontrol/Makefile: Add -lsbuf. Since camcontrol is statically
linked, we can't depend on the dynamic linker
to pull in libsbuf.
camcontrol.c: Use cam_error_print() instead of checking for
CAM_SCSI_STATUS_ERROR on every failed CCB.
sbuf.9: Change the prototypes for sbuf_cat() and
sbuf_cpy() so that the source string is now a
const char *. This is more in line wth the
standard system string functions, and helps
eliminate warnings when dealing with a const
source buffer.
Fix a typo.
cam.c: Add description strings for the various CAM
error status values, as well as routines to
look up those strings.
Add new cam_error_string() and
cam_error_print() routines for userland and
the kernel.
cam.h: Add a new CAM flag, CAM_RETRY_SELTO.
Add enumerated types for the various options
available with cam_error_print() and
cam_error_string().
cam_ccb.h: Add new transfer negotiation structures/types.
Change inq_len in the ccb_getdev structure to
be "reserved". This field has never been
filled in, and will be removed when we next
bump the CAM version.
cam_debug.h: Fix typo.
cam_periph.c: Modularize cam_periph_error(). The SCSI error
handling part of cam_periph_error() is now
in camperiphscsistatuserror() and
camperiphscsisenseerror().
In cam_periph_lock(), increase the reference
count on the periph while we wait for our lock
attempt to succeed so that the periph won't go
away while we're sleeping.
cam_xpt.c: Add new transfer negotiation code. (ifdefed
out)
Add a new function, xpt_path_string(). This
is a string/sbuf analog to xpt_print_path().
scsi_all.c: Revamp string handing and error printing code.
We now use sbufs for much of the string
formatting code. More of that code is shared
between userland the kernel.
scsi_all.h: Get rid of SS_TURSTART, it wasn't terribly
useful in the first place.
Add a new error action, SS_REQSENSE. (Send a
request sense and then retry the command.)
This is useful when the controller hasn't
performed autosense for some reason.
Change the default actions around a bit.
scsi_cd.c,
scsi_da.c,
scsi_pt.c,
scsi_ses.c: SF_RETRY_SELTO -> CAM_RETRY_SELTO. Selection
timeouts shouldn't be covered by a sense flag.
scsi_pass.[ch]: SF_RETRY_SELTO -> CAM_RETRY_SELTO.
Get rid of the last vestiges of a read/write
interface.
libkern/bsearch.c,
sys/libkern.h,
conf/files: Add bsearch.c, which is needed for some of the
new table lookup routines.
aic7xxx_freebsd.c: Define AHC_NEW_TRAN_SETTINGS if
CAM_NEW_TRAN_CODE is defined.
sbuf.h,
subr_sbuf.c: Add the appropriate #ifdefs so sbufs can
compile and run in userland.
Change sbuf_printf() to use vsnprintf()
instead of kvprintf(), which is only available
in the kernel.
Change the source string for sbuf_cpy() and
sbuf_cat() to be a const char *.
Add __BEGIN_DECLS and __END_DECLS around
function prototypes since they're now exported
to userland.
kdump/mkioctls: Include stdio.h before cam.h since cam.h now
includes a function with a FILE * argument.
Submitted by: gibbs (mostly)
Reviewed by: jdp, marcel (libsbuf makefile changes)
Reviewed by: des (sbuf changes)
Reviewed by: ken
So bump the default from `16' to `22', which is the largest value allowed
with the current default block size. This change increases the the
group size from 32MB/g to 44MB/g on a 4GB SCSI disk.
and do the unregister/reregister work.
Don't call syslog in the unregister/reregister code as we haven't called
openlog() yet.
Be a more conservative about accepting errno values from socket(2),
only EPROTONOSUPPORT means that the kernel isn't supporting it
something like INET6. The other possible errnos would be returned
if there was a mistake in the socket(2) call so remove them from the
list of "acceptable" return values.
affect current systems until fsck is modified to use these new
facilities. To try out this change, set the fsck passno to zero
in /etc/fstab to cause the filesystem to be mounted without running
fsck, then run `fsck_ffs -p -B <filesystem>' after the system has
been brought up multiuser to run a background cleanup on <filesystem>.
Note that the <filesystem> in question must have soft updates enabled.
processes and then sends SIGKILLs. If a lot of processes are swapped
out, this delay may not be long enough, so processes such as an X
server may be killed before they have had time to clean up properly.
Make this delay more dynamic by waiting up to 60 seconds for swap
page-in activity to end. While I'm here, ANSIfy and remove a
`register' specifier.
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
to not just do it. It is his new code that is being actively
developed so he has say over it. ru's direct changes were premature
as they occurred less than 4 hours after it was committed to the tree.
2) Running `mdconfig -l` without any attached devices results in
mdconfig printing "md0" to standard output.
Submitted by: dd [1]
[1] no, not "dd(1)" but "Dima Dorfman"
being:
# size offset fstype [fsize bsize bps/cpg]
a: 400M 0 4.2BSD 4096 16384 75 # (Cyl. 0 - 812*)
b: 1G * swap
c: * * unused
e: 204800 * 4.2BSD
f: 5g * 4.2BSD
g: * * 4.2BSD
These patches are the original work of Randell Jesup, and
I believe Matt Dillon, with additional work by Warner Losh.
Please let me know if I've left someone out.
Incorporated into this is the fix for PR bin/22727.
This patchset still has style issues and a possible problem on
large disks. However, it was a agreed to get these committed before
performing major surgery on them.
PR: bin/22727
Submitted by: Randell Jesup <rjesup@wgate.com>
userland tool:
Use the vfs.devfs.generation sysctl to test for devfs presense
(thanks phk!) when devfs is active it will not try to create the
device nodes in /dev and therefore will not complain about the
failure to do so.
Revert the change in the #define for VINUM_DIR in the kernel
header so that vinum can find its device nodes.
Replace perror() with vinum_perror() to print file/line when
DEVBUG is defined (not defined by default).
kernel:
Don't use the #define names for the "superdev" creation since
they will be prepended by "/dev/" (based on VINUM_DIR), instead
use string constants.
Create both debug and non-debug "superdev" nodes in the devfs.
Problem noticed and fix tested by: Martin Blapp <mblapp@fuchur.lan.attic.ch>
actually in the kernel. This structure is a different size than
what is currently in -CURRENT, but should hopefully be the last time
any application breakage is caused there. As soon as any major
inconveniences are removed, the definition of the in-kernel struct
ucred should be conditionalized upon defined(_KERNEL).
This also changes struct export_args to remove dependency on the
constantly-changing struct ucred, as well as limiting the bounds
of the size fields to the correct size. This means: a) mountd and
friends won't break all the time, b) mountd and friends won't crash
the kernel all the time if they don't know what they're doing wrt
actual struct export_args layout.
Reviewed by: bde
Use sysctlbyname() instead of sysctl().
Clear up and simplify the version extraction code.
Attempt to detect stretches of zeroes in the dump and avoid writing
them to disk to save space and time.
address is configured on a interface. This is useful for routers with
dynamic interfaces. It is now possible to say:
0100 allow tcp from any to any established
0200 skipto 1000 tcp from any to any
0300 allow ip from any to any
1000 allow tcp from 1.2.3.4 to me 22
1010 deny tcp from any to me 22
1020 allow tcp from any to any
and not have to worry about the behaviour if dynamic interfaces configure
new IP numbers later on.
The check is semi expensive (traverses the interface address list)
so it should be protected as in the above example if high performance
is a requirement.
to be the same as -ragged in the current implementation) to
-ragged. With mdocNG, -filled displays produce the correct
output, formatted and justified to both margins.
field, so it was possible for a filesystem marked clean by fsck_ffs
to cause kernel crashes later when mounted. This could occur when
fsck_ffs was used to repair a badly corrupted filesystem.
As pointed out by bde, it is not sufficient to restrict di_size to
just the superblock fs_maxfilesize limit. The use of 32-bit logical
block numbers (both in fsck and the kernel) induces another file
size limit which is usually lower than fs_maxfilesize. Also, the
old 4.3BSD filesystem does not have fs_maxfilesize initialised.
Following this change, fsck_ffs will enforce exactly the same
file size limits as are used by the kernel.
PR: kern/15065
Discussed with: bde
Reviewed by: bde, mckusick
Removed used copies of ../mount/getmntopts.c ../mount/mntopts.h. Use the
versions in ../mount directly like all other mount utilities.
Removed used copy of ../mount/pathnames.h. Use the version in ../mount
for free as a side effect of using the mntopts files there. We should
not use it at all, since the 2/3 of the definitions in it are in <paths.h>
and the other 1/3 should be in ../mountd/pathnames.h and is not used by
mount_ifs anyway.
in-core pointers to summary information. An array in this region
(fs_csp) could overflow on filesystems with a very large number of
cylinder groups (~16000 on i386 with 8k blocks). When this happens,
other fields in the superblock get corrupted, and fsck refuses to
check the filesystem.
Solve this problem by replacing the fs_csp array in 'struct fs'
with a single pointer, and add padding to keep the length of the
128-byte region fixed. Update the kernel and userland utilities
to use just this single pointer.
With this change, the kernel no longer makes use of the superblock
fields 'fs_csshift' and 'fs_csmask'. Add a comment to newfs/mkfs.c
to indicate that these fields must be calculated for compatibility
with older kernels.
Reviewed by: mckusick
Zsh users can add the following to their .zshrc for sysctl completion:
function listsysctls {
case $1 in
*.*) set -A reply $(sysctl -AN ${1%.*}) ;;
*) set -A reply $(sysctl -AN) ;;
esac
}
compctl -K listsysctls sysctl
While I'm here, brucify the getopt() switch.
reserved and now allocated TCP flags in incoming packets. This patch
stops overloading those bits in the IP firewall rules, and moves
colliding flags to a seperate field, ipflg. The IPFW userland
management tool, ipfw(8), is updated to reflect this change. New TCP
flags related to ECN are now included in tcp.h for reference, although
we don't currently implement TCP+ECN.
o To use this fix without completely rebuilding, it is sufficient to copy
ip_fw.h and tcp.h into your appropriate include directory, then rebuild
the ipfw kernel module, and ipfw tool, and install both. Note that a
mismatch between module and userland tool will result in incorrect
installation of firewall rules that may have unexpected effects. This
is an MFC candidate, following shakedown. This bug does not appear
to affect ipfilter.
Reviewed by: security-officer, billf
Reported by: Aragon Gouveia <aragon@phat.za.net>
extension.
Add ability to create a preload disk giving an address and a length
(suggested by imp)
Fix bug relating to very small md(4) devices.
Update md.c copyright to reflect the status of code copied from vn.c.
(noticed by dillon)
I decided to work on the md(4) driver and integrate the vn(4)
functionality into it mainly based on the name being more suitable.
Ideally 'vd' as in "virtual disk" would probably be the most logical
but our sound-master pointed out that this would cause uncontrollable
fits of giggles in the brits. Another complication would the needed
changes to the ramdisk boot/root functionality.
The vn driver will stay around for some time after I complete this
merge for transition reasons, and I'll make it whine to people that
they should migrate to the md(4) driver for some time before it
dies.
The kernel part of the new md(4) driver will be committed after more
testing.
parallel fsck's one per drive, use the shortest prefix ending in
a digit rather than the longest prefix ending in a digit.
This makes "/dev/ad0s1a" and "/dev/ad0s2a" appear to both reside
on the disk "/dev/ad0" and consequently they will be fsck'ed
sequentially rather than in parallel as now.
In general this heuristic is rather soft and errorprone. For
instance ccd may often reside on two or more physical disks. A
good solution would be to look for passes larger than 1 until no
disks are found in a particular pass, that way people could put
ccd stripes in pass 3... and have them fsck'ed sequentially.
Reviewed by: mjacob
directories in addition to world-writable directories. As before,
this check can be disabled with the "-i" option, which in turn can
be made the default for boot-up by setting "ldconfig_insecure=YES"
in "/etc/rc.conf".
Also fix an mdoc nit in the manual page.
Submitted by: Maxime Henrion <mux@qualys.com>
a SIGINFO (normally via Ctrl-T), a line will be output indicating
the current phase number and progress information relevant to the
current phase.
Approved by: mckusick
corrects cases where restore would spew an infinite stream of
"Changing volumes on pipe input?" messages, or would loop waiting
for a response to the "set owner/mode for '.'" question.
PR: bin/14250
Reviewed by: dwmalone
We need to parse the arguments first, then open the device (if
specified) and then apply the changes. This change will disallow the
(undocumented) use of multiple instances of the same argument on the
same command line for the sack of a better error message.
Other changes are:
1) the softupdates (-n) now issue a warning about remaining unchanged
2) the usage and man page is changed to specify "space | time" instead of
"optimization preference".
PR: bin/23335
Submitted by:Mark Peek <mark@whistle.com>
Remove some PNP-related dead code that is unlikely to survive the
changes in -current PNP anyway.
Submitted by: fixes from Chris Faulhaber <jedgar@freebsd.org>
files. Mostly -I${.CURDIR} was needed -- especially for YACC generated
files as the new cpp does not look in the ultimate source file
(ie, the .y file)'s directory as told by the "#line" directive. Some were
misspellings of "-I${.CURDIR}" as "-I.".
touch ups. The cache needs to be flushed against block
reads, and a final flush at process termination to force the
backup superblocks to disk.
I believe this will allow 'make release' to complete.
Submitted by: Tor.Egge@fast.no
returns doesn't exist, or doesn't match the desired device, fall back to
scanning /dev for a matching node, and as a last resort, if that fails,
try to create the node ourselves as /dev/dump.
Add comments to several variables and functions.
Clean up syslog(3) usage; use %m instead of strerror(3).
Other minor cleanup.
for large scsi disks with WCE = 0. This yields around a 7 times speedup
on elapsed newfs time on test disks here. 64k clusters seems to be the
sweet spot for scsi disks using our present drivers.
mount_ifs: repocopy of sbin/mount, with most of the intelligence ripped out
and "ufs" replaced with "ifs" in the right places. It will only
mount a single filesystem, rather than the -t <type> magic that
our real mount does.
fsck_ifs: repocopy of sbin/fsck_ffs, but the directory structure stuff
(pass2 and some refcount checks) has been #ifdef'ed out.
src/sbin/Makefile: Build these two utilities
There is probably cruft code left in both which can be removed at a later
date, especially in mount_ifs, but I trust that people will not try
mount_ifs -a ..
Note: there are no man pages installed for these two commands as I haven't
actually written them yet.
Approved by: rwatson
Obtained from: NetBSD source tree
Second part of the fsck wrappers commit. This commit enables the new fsck
code (removing the fsck/* code and replacing it with the netbsd fsck
wrapper code), and enabling some FFS-based utilities to compile.
Details:
* quotacheck, fsdb required modification to use the fsck_ffs/ code rather
than fsck/ . This might change later since quotacheck requires preen.c
which should exist in fsck/ rather than fsck_ffs/
* src/Makefile has fsck_ffs added to it so it it built as part of the tree
now
* share/doc/smm/03.fsck/ uses the SMM.doc/ stuff from fsck_ffs, not fsck.
I've tested this, and it shouldn't require any changes on your machine.
The fsck wrapper reads /etc/fsck and is command-line-compatible enough
to not require rc changes (well, most changes unless you want to do
anything nifty by specifying the fs types explicityly, read the man page
if you want further details on what it can do.)
This now allows us to support multiple filesystem types during bootup.
Approved by: rwatson
Obtained from: NetbSD source tree
Second part of the fsck wrappers commit. This commit enables the new fsck
code (removing the fsck/* code and replacing it with the netbsd fsck
wrapper code), and enabling some FFS-based utilities to compile.
Details:
* quotacheck, fsdb required modification to use the fsck_ffs/ code rather
than fsck/ . This might change later since quotacheck requires preen.c
which should exist in fsck/ rather than fsck_ffs/
* src/Makefile has fsck_ffs added to it so it it built as part of the tree
now
* share/doc/smm/03.fsck/ uses the SMM.doc/ stuff from fsck_ffs, not fsck.
I've tested this, and it shouldn't require any changes on your machine.
The fsck wrapper reads /etc/fsck and is command-line-compatible enough
to not require rc changes (well, most changes unless you want to do
anything nifty by specifying the fs types explicityly, read the man page
if you want further details on what it can do.)
This now allows us to support multiple filesystem types during bootup.
utilities which use bits of fsck_ffs - namely quotacheck and fsdb.
In depth, utilities.c contains blockcheck() which is needed by both,
but also a slew of routines which require bits of the FFS code to be
compiled in. This breaks the fs-specific and non-fs-specific code
up into two files (well, blockcheck() is the only routine in utilities.c,
that'll change later) which makes building fsck_ffs, quotacheck and
fsdb work yet again.
(You won't find commits to fsdb and quotacheck here before I haven't
committed the post-fsck-wrappers version of them yet.)
Approved by: rwatson
Obtained from: NetBSD-current source tree
The beginnings of the fsck wrappers stuff from NetBSD. This particular commit
brings a newly repo-copied sbin/fsck_ffs/ (from sbin/fsck/) into fsck wrappers
mode.
A quick overview (the code reflects this):
* Documentation changed to reflect fsck_ffs instead of fsck
* Simply acts on a single filesystem, doesn't try to do any multiple filesystem
magic - this is done by the fsck wrappers now
And then specific to fsck_ffs:
* link to /sbin/fsck_4.2bsd and /sbin/fsck_ufs. This is because right now
the filesystem is of type ufs not ffs, and that during autodetection the
labeltype rather than the VFS type is used - this is because when doing
an autodetection of filesystem type in the fsck wrapper program, it does
not have any link between label type (4.2bsd, vinum, etc) and VFS string.
Note that this shouldn't break a build since the required buildworld Makefile
magic and import of the fsck wrapper code into src/sbin/fsck/ will happen
in a seperate commit.
argument only. Before that, the `route add default gateway' first tried
the `gateway' as network address and passed its name to getnetbyname(3),
which in the BIND resolution case does the T_PTR lookup on that name.
1) use devname() instead of searching /dev for the dump device
2) use fopen() instead of open() so we don't need to differentiate
between compressing and not compressing when writing the core
file or the kernel (zopen() returns a FILE *, so we just use
fwrite() in both cases)
There should be no functional changes.
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
adjust the size, but the actual end.
- Break out some of the sanity checks on partitions into a sanitize_partition
function.
- When adjusting partitions, always adjust the start "up", and the end "down"
so that we stay within the boundaries of the original request.
- Various small nits found by bde.
Reported by: bde, imp, rgrimes
verbose mode) is specified. This should really have been the case
when this extra cruft was first introduced in rev 1.23.
PR: 20710
Reported by: Mike Meyer <mwm@mired.org>
related patches. These include:
* Mode page editting can be scripted. This involves two
things: first, if stdin is not a tty, changes are read from
stdin rather than invoking $EDITOR. Second, and more
importantly, not all modepage entries must be included in the
change set. This means that camcontrol can now gracefully handle
more intrusive editting from the $EDITOR, including removal or
rearrangement of lines. It also means that you can do stuff
like:
# echo "WCE: 1" | camcontrol modepage da3 -m 8 -e
# newfs /dev/da3
# echo "WCE: 0" | camcontrol modepage da3 -m 8 -e
* Range-checking on user-supplied input values. modeedit.c now
uses the field width specifiers to determine the maximum
allowable value for a field. If the user enters a value larger
than the maximum, it clips the value to the max and warns the
user. This also involved patching cam_cmdparse.c to be more
consistent with regards to the "count" parameter to arg_put
(previously is was the length of strings and 1 for all integral
types). The cam_cdbparse(3) man page was also updated to reflect
the revised semantics.
* In the process, I removed the 64 entry limit on mode pages (not
that we were even close to hitting that limit). This was a nice
side-effect of the other changes.
* Technically, the new mode editting functionality allows editting
of character array entries in mode pages (type 'c' or 'z'),
however since buff_encode doesn't grok them it is currently
useless.
* Camcontrol gained two new options related to mode pages: -l and
-b. The former lists all available mode pages for a given
device. The latter forces mode page display in binary format
(the default when no mode page definition was found in
scsi_modes).
* Added support for mode page names to scsi_modes. Allows names to
be displayed alongside mode numbers in the mode page
listing. Updated scsi_modes to use the new functionality. This
also adds the semicolon into the scsi_modes syntax as an
optional mode page definition terminator. This is needed to name
pages without providing a page format definition.
* Updated scsi_all.h to include a structure describing mode page
headers.
* Added $FreeBSD$ line to scsi_modes.
Inspired by: dwhite
Reviewed by: ken
Could you please enable my "state top" patches in the FreeBSD distribution.
I developped the stuff under FreeBSD, so it must be good there :-)
Here is a patch (relative to the RELENG_4 branch).
Thanks,
Frank
and emit a warning. This is a security measure since ldconfig
influences the shared libraries used by all programs.
I think the check should be made even more stringent by also
ignoring group-writable directories. I will make that change soon
unless we encounter a good reason not to do it.
Submitted by: Maxime Henrion <mhenrion@cybercable.fr>
which sets the inoinfo's i_parent and i_dotdot to 0, but they never get
set to ROOTINO. This means that propagate will never find lost+found and
its descendents, subdirectories will remain DSTATE (instead of DFOUND)
even though they *are* correctly linked in, and pass4.c will try to
clear them unsuccessfully, thinking that there is no link count from the
DSTATE directory's parent. The result is that you need to run fsck twice
and get link count increasing errors (which are unexpected and fatal
when running in preen mode). The fix is to set i_parent and i_dotdot to
"parent" after the second cacheino() call in dir.c:allocdir().
Obtained from: "Ethan Solomita" <ethan@geocast.com> (of the NetBSD Project)
Of course this is a bug in that the dhclient script will not work properly
if one has a local / and an NFS mounted /usr and needs to obtain its IP
address via DHCP before being able to mount /usr.
some reason, mboot.bootinst is not initialized to NULL at the beginning
of the program, then the last commit to this would try to free whatever
bogus address is in it.
- Restore the behavior of free()'ing the mboot.bootinst buffer after we
abuse it to determine the sector size of the disk (as clearly noted in
the comments). Properly fix the double free() bug by setting the pointer
to NULL after we free it.
* Remove the text which states only devices with minor number 1 can be used
- this is no longer true.
* Mention that dumpon(8) cannot be used to capture dumps from panics during
kernel initialization.
* /dev/wd -> /dev/ad
PR: 19848
Submitted by: Udo Erdelhoff <ue@nathan.ruhr.de>
Reviewed by: sheldonh
explicitly sets the geometry.
- Allow for MBR boot loaders that are longer than one sector. Only accept
boot loaders if their size is a multiple of the sector size, however.
This allows you to set ether addresses with 'ifconfig ether'. Also, use
some saner socket address families that allow several special case tests
to be removed.
all have zero length. A non-zero length panic's the kernel when one
of these is deleted.
PR: 19426
Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
Reviewed by: dwmalone@FreeBSD.org
effect on operation of fsck on filesystems without snapshots.
If you get compilation errors, be sure that you have copies of
/usr/include/sys/mount.h (1.94), /usr/include/sys/stat.h (1.21),
and /usr/include/ufs/ffs/fs.h (1.16) as of July 4, 2000 or later.
SYSCTL_LONG macro to be consistent with other integer sysctl variables
and require an initial value instead of assuming 0. Update several
sysctl variables to use the unsigned types.
PR: 15251
Submitted by: Kelly Yancey <kbyanc@posi.net>
with other utilities which offer similar functionality.
This change was discussed with ache, who brought in the ability to
use a dash to represent stdin in comcontrol.
delta touched the Name Description (Nd). It introduced a grammar
error and did not fix the extraneous punctuation (Nd lines are not
terminated with a period).
use the current setting for tagged queueing when deciding whether or not to
print "Tagged Queueing Enabled" instead of using the device's actual
capabilities.
This is more consistent with the rest of the transfer rate display, which
relies on current settings, and is more consistent with the way we display
things on boot.
Reported by: Gustavo Vieira Goncalves Coelho Rios <kernel@tdnet.com.br>
Reviewed by: mjacob
The first one got screwed up by me because of rev 1.33, which was
incorrectly merged into my patches by myself, and so Ruslan (maintainer)
asked me to back them out.
Ruslan was ok with the second one, but since it needs rework, it'll be
readded later, when it doesn't conflict with the backout of the first one.
Pointy hat: alex
Beer on next meeting: ru
address on an interface. This basically allows you to do what my
little setmac module/utility does via ifconfig. This involves the
following changes:
socket.h: define SIOCSIFLLADDR
if.c: add support for SIOCSIFLLADDR, which resets the values in
the arpcom struct and sockaddr_dl for the specified interface.
Note that if the interface is already up, we need to down/up
it in order to program the underlying hardware's receive filter.
ifconfig.c: add lladdr command
ifconfig.8: document lladdr command
You can now force the MAC address on any ethernet interface to be
whatever you want. (The change is not sticky across reboots of course:
we don't actually reprogram the EEPROM or anything.) Actually, you
can reprogram the MAC address on other kinds of interfaces too; this
shouldn't be ethernet-specific (though at the moment it's limited to
6 bytes of address data).
Nobody ran up to me and said "this is the politically correct way to
do this!" so I don't want to hear any complaints from people who think
I could have done it more elegantly. Consider yourselves lucky I didn't
do it by having ifconfig tread all over /dev/kmem.
It also squashes 99% of packet kiddie synflood orgies. For example, to
rate syn packets without MSS,
ipfw pipe 10 config 56Kbit/s queue 10Packets
ipfw add pipe 10 tcp from any to any in setup tcpoptions !mss
Submitted by: Richard A. Steenbergen <ras@e-gerbil.net>
