(it is established practice) and ``-o whiteout=whenneeded'' is less
disk-space using mode especially for resource restricted environments
like embedded environments. (Contributed by Ed Schouten. Thanks)
Submitted by: Masanori Ozawa <ozawa@ongs.co.jp> (unionfs developer)
Reviewed by: jeff, kensmith
Approved by: re (kensmith)
MFC after: 1 week
This commit includes the following core components:
* sample configuration file for sensorsd
* rc(8) script and glue code for sensorsd(8)
* sysctl(3) doc fixes for CTL_HW tree
* sysctl(3) documentation for hardware sensors
* sysctl(8) documentation for hardware sensors
* support for the sensor structure for sysctl(8)
* rc.conf(5) documentation for starting sensorsd(8)
* sensor_attach(9) et al documentation
* /sys/kern/kern_sensors.c
o sensor_attach(9) API for drivers to register ksensors
o sensor_task_register(9) API for the update task
o sysctl(3) glue code
o hw.sensors shadow tree for sysctl(8) internal magic
* <sys/sensors.h>
* HW_SENSORS definition for <sys/sysctl.h>
* sensors display for systat(1), including documentation
* sensorsd(8) and all applicable documentation
The userland part of the framework is entirely source-code
compatible with OpenBSD 4.1, 4.2 and -current as of today.
All sensor readings can be viewed with `sysctl hw.sensors`,
monitored in semi-realtime with `systat -sensors` and also
logged with `sensorsd`.
Submitted by: Constantine A. Murenin <cnst@FreeBSD.org>
Sponsored by: Google Summer of Code 2007 (GSoC2007/cnst-sensors)
Mentored by: syrinx
Tested by: many
OKed by: kensmith
Obtained from: OpenBSD (parts)
it would return true on a partial match where it would think the edsc module
was already present by having a positive match on 'ed'. This changes it so
that it compares the full string including the nul terminators.
This also fixes a buffer overflow in the ifkind variable where the length of
the interface name in *argv wasnt checked for size.
Reviewed by: brooks
Approved by: re (gnn)
the threading libraries is built. This simplifies the
logic in makefiles that need to check if the pthreads
support is present. It also fixes a bug where we would
build a threading library that we shouldn't have built:
for example, building with WITHOUT_LIBTHR and the default
value of DEFAULT_THREADING_LIB (libthr) would mistakenly
build the libthr library, but not install it.
Approved by: re (kensmith)
$ ipfw -n add 1 allow layer2 not mac-type ip
00001 allow ip from any to any layer2 not not mac-type 0x0800
PR: bin/115372
Submitted by: Andrey V. Elsukov
Approved by: re (hrs)
MFC after: 3 weeks
providers with limited physical storage and add physical storage as
needed.
Submitted by: Ivan Voras
Sponsored by: Google Summer of Code 2006
Approved by: re (kensmith)
This allows to use numbers in human-readable form in many geom(8)
utilities. Such a simple change and makes live so much nicer.
Some examples:
gstripe label -s 16k
gmirror label -s 4k
gnop create -o 1g -s 128m -S 2k
gjournal label -s 2g
geli label -i 128k -s 4k
Approved by: re (kensmith)
declaring the return value used by the routines in preen.c as a pointer
type, instead of "int", which was causing the pointer to be truncated.
Tested by: marck
Approved by: re (bmah)
will automatically issue the 16 byte verison of read capacity if the device
in question is larger than 2TB.
There are also a number of output options here (last block, number of
blocks, human readable) that should meet most needs, and also aid in
scripting.
Approved by: re (bmah)
MFC after: 1 week
pack a set number correctly.
Submitted by: oleg
o Plug a memory leak.
Submitted by: oleg and Andrey V. Elsukov
Approved by: re (kensmith)
MFC after: 1 week
detailed status on each of the backing subdisks. This allows userland
to see which subdisks are online, failed, missing, or a hot spare.
MFC after: 1 week
Approved by: re (bmah)
Reviewed by: sos
read-only, so we can't simply exit right after calling gjournal_check(),
instead we need to ask about super block reload.
Submitted by: Niki Denev <niki@totalterror.net>
PR: misc/113889
Approved by: re (kensmith)
Also rename the related functions in a similar way.
There are no functional changes.
For a packet coming in with IPsec tunnel mode, the default is
to only call into the firewall with the "outer" IP header and
payload.
With this option turned on, in addition to the "outer" parts,
the "inner" IP header and payload are passed to the
firewall too when going through ip_input() the second time.
The option was never only related to a gif(4) tunnel within
an IPsec tunnel and thus the name was very misleading.
Discussed at: BSDCan 2007
Best new name suggested by: rwatson
Reviewed by: rwatson
Approved by: re (bmah)
communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the
same way as using firewall rules but scales better and is generally easier as
firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans
bridged with a server network. All the vlans are marked private, they can all
communicate with the server network unhindered, but can not exchange any
traffic whatsoever with each other.
Approved by: re (rwatson)
included man pages on how to use it. This code is still somewhat experimental
but has been successfully tested on a number of targets. Many thanks to
Danny for contributing this.
Approved by: re
NET_NEEDS_GIANT, which will shortly be removed. This is done in a
away that it may be easily reattached to the build before 7.1 if
appropriate locking is added. Specifics:
- Don't install netatm include files
- Disconnect netatm command line management tools
- Don't build libatm
- Don't include ATM parts in rescue or sysinstall
- Don't install sample configuration files and documents
- Don't build kernel support as a module or in NOTES
- Don't build netgraph wrapper nodes for netatm
This removes the last remaining consumer of NET_NEEDS_GIANT.
Reviewed by: harti
Discussed with: bz, bms
Approved by: re (kensmith)
This was needed during the IPSEC->FAST_IPSEC->IPSEC transition
period to not break the build after picking up netipsec header
files. Now that the FAST_IPSEC kernel option is gone and the
default is IPSEC again those defines are superfluous.
Approved by: re (rwatson)
- to show a specific set: ipfw set 3 show
- to delete rules from the set: ipfw set 9 delete 100 200 300
- to flush the set: ipfw set 4 flush
- to reset rules counters in the set: ipfw set 1 zero
PR: kern/113388
Submitted by: Andrey V. Elsukov
Approved by: re (kensmith)
MFC after: 6 weeks
removed, which will cause problems on architectures where
longs are longer than ints, for instance,
"mknod foo c 0 0xffff00ff"
would fail in such cases.
Use a proper cast instead.
Prompted by: bde
bridged, previously legitimate traffic was not passed as the bridge could not
tell that it was on a different Ethernet segment.
All non-tagged traffic is treated as vlan1 as per IEEE 802.1Q-2003
previous commit:
Remove IPX over IP tunneling support, which allows IPX routing over IP
tunnels, and was not MPSAFE. The code can be easily restored in the
event that someone with an IPX over IP tunnel configuration can work
with me to test patches.
This removes one of five remaining consumers of NET_NEEDS_GIANT.
Approved by: re (kensmith)
Spotted by: Artem Naluzhny <tutat nhamon dot com dot ua>
It only provides inet_aton(), which is already provided by the libc. This
causes multiple symbol definitions when linking statically.
Reviewed by: darrenr
a warning, return 1 instead of 0 to indicate that we didn't print
anything, so that top-level callers don't print a spurious newline.
This is mainly to fix output formatting when stderr is redirected. It
also helps in some cases when stderr is interleaved with stdout,
depending on the details of the interleaving (this program has the
usual null explicit support for syncing stderr with stdout).
Return 1 instead of -1 after printing the "malloc failed" warning, since
the return value is boolean.
o revised channel handling support; ifconfig now queries the kernel to
find the list of available channels and handles channel promotion;
channel attributes can be specified as part of the channel; e.g. 36:a
for channel 36 in 11a (as opposed to turbo A or HT A)
o use channel list to map between freq and IEEE channel #; this eliminates
all knowledge of how the mapping is done and fixes handling of cases
where channels overlap in the IEEE channel # space but are distinct in
the frequency+attributes space (e.g. PSB)
o add new knobs: bgscan, ff (Atheors fast frames), dturbo (Atheros
Dynamic Turbo mode), bgscanidle, bgscanintvl, scanvalid, roam:rssi11a,
roam:rssi11b, roam:rssi11g, roam:rate11a, roam:rate11b, roam:rate11g
(roaming parameters), burst, doth (forthcoming 11h support)
o print contents of WME, ATH, WPA, RSN, information elements with -v option
o print signal strength in dBm
o print noise floor in dBm
o add list txpow to print tx power caps/channel
o change default channel display in status to be more informative
value into a variable of the right type and then printing it via
an intmax_t. This makes avoids some duplication and makes it easy
to add a new integer format Q for printing things of type CTLTYPE_QUAD.
correct place on large sector disks. The boot signature should be at
offset 0x1fe in the BPB; newfs_msdos currently stores it 2 bytes from
the end of the sector.
Taken from: NetBSD
previous commit and that introduced optional parameters.
Existing classes (like geli(8)) use empty strings by default
and expect the parameter to be passed to the kernel as such.
Also, the default value of a string argument can be NULL.
Fix both cases by making the optional parameter conditional
upon gc_argname being set and making sure to test for NULL
before dereferencing the pointer.
Reported by: brueffer@
In order to support gpart(8), geom(8) needs to support a named
argument. Also, optional string parameters are a requirement.
Both have been added to the infrastructure. The former required
all existing classes to be adjusted.
specifying rotational-positions, reflect that in the command arguments.
PR: bin/110178
Submitted by: Alex Kozlov <spam at rm-rf dot kiev dot ua>
Approved by: imp (mentor)
Before:
$ ipfw -n add 100 count icmp from any to any mac-type 0x01
00100 count icmp 0x0001
$ ipfw -n add 100 count icmp from any to any mac any any
00100 count icmp MAC any any any
After:
$ ipfw -n add 100 count icmp from any to any mac-type 0x01
00100 count icmp from any to any mac-type 0x0001
$ ipfw -n add 100 count icmp from any to any mac any any
00100 count icmp from any to any MAC any any
PR: bin/112244
Submitted by: Andrey V. Elsukov
MFC after: 1 month
Rationale:
We are interested in the current (last) element of the argv array
there, not in its first element. The if construct is there because
we want to avoid adding empty (zero-length) arguments to argv, so
we just don't advance argvp if the current argument is empty, and
it gets overwritten at the next iteration. Note that strsep(3)
doesn't treat consecutive delim characters as a single separator,
it returns empty fields between such characters, and it's up to the
caller to handle them this or that way.
Also add a comment that the argv array ends up null-terminated in
any case (it's due to the design of the for loop) as an answer to
a possible question why the whole argv isn't zero-filled.
Submitted by: yongari
Tested by: yongari
MFC after: 3 days
vs 4), supress all unused partition output unless -v is specified.
This makes operating on a 'typical' disk with one partition less
painful. The 30 lines needed for the empty partitions no longer
scroll the useful information off the screen. When the user requests
a specific partition, the unused information is not suppressed.
Also add the partition name to the -s output.
Initialize the partition name to 'FreeBSD' when -I is specified.
1. The static buffer that ping6(8) uses to hold the control data
it gets from recvmsg(2) is too small in some cases.
2. When it prints the extra header information it doesn't do
any checking to make sure the data it's printing is within
the bounds of the supplied buffer.
Fix this by:
o Increasing the buffer to hold extra headers to 10240 bytes (the minimum
according to RFC3542 sec. 20.1) and allocate it dynamically.
o In verbose mode, specify a warning if any control data from recvmsg(2)
was truncated because the buffer was too small.
o When printing the extra headers make sure not to overrun the buffer
boundaries.
Reviewed By: mlaier
PR: kern/99425
MFC After: 1 month
The name trunk is misused as the networking term trunk means carrying multiple
VLANs over a single connection. The IEEE standard for link aggregation (802.3
section 3) does not talk about 'trunk' at all while it is used throughout IEEE
802.1Q in describing vlans.
The lagg(4) driver provides link aggregation, failover and fault tolerance.
Discussed on: current@
tolerance. This driver allows aggregation of multiple network interfaces as
one virtual interface using a number of different protocols/algorithms.
failover - Sends traffic through the secondary port if the master becomes
inactive.
fec - Supports Cisco Fast EtherChannel.
lacp - Supports the IEEE 802.3ad Link Aggregation Control Protocol
(LACP) and the Marker Protocol.
loadbalance - Static loadbalancing using an outgoing hash.
roundrobin - Distributes outgoing traffic using a round-robin scheduler
through all active ports.
This code was obtained from OpenBSD and this also includes 802.3ad LACP support
from agr(4) in NetBSD.
which size is not multiple of sector size.
Reported by: Eric Anderson <anderson@centtech.com>
- Improve wording in error message. I'm sorry, I don't remember who
submitted this one.
hardware drivers. Unlike pseudo-device drivers, which just attach
to the cloning framework and wait for "ifconfig create", h/w drivers
create interfaces for installed cards as soon as loaded. The issue
of devd(8) involuntarily reloading modules should be dealt with in a
different way.
new interface. In other cases loading the module is unwanted and
can lead to ill side effects. One such effect found is as follows:
"kldunload if_foo" tells the module to kill all its interfaces,
which results in messages sent to devd; the module unloads. Then
devd starts processing the messages, which ends up in a etc script
running ifconfig fooX, which reloads the module.
unit w/o suffix is specified. It had better be an empty
string as it will be passed to a printf-like function that
builds the command line to run.
PR: kern/109863
MFC after: 1 week
<sys/extattr.h> to <ufs/ufs/extattr.h>. Move description
of extended attributes in UFS from man9/extattr.9 to
man5/fs.5.
Note that restore will not compile until <sys/extattr.h>
and <ufs/ufs/extattr.h> have been updated.
Suggested by: Robert Watson
This is for better compatibility with other environments (Linux, Solaris,
HP-UX, AIX and Tru64 support these options).
PR: bin/109924
MFC after: 1 week
to problems when the geli device is used with file system or as a swap.
Hopefully will prevent problems like kern/98742 in the future.
MFC after: 1 week
arrangement that has no intrinsic internal knowledge of whether devices
it is given are truly multipath devices. As such, this is a simplistic
approach, but still a useful one.
The basic approach is to (at present- this will change soon) use camcontrol
to find likely identical devices and and label the trailing sector of the
first one. This label contains both a full UUID and a name. The name is
what is presented in /dev/multipath, but the UUID is used as a true
distinguishor at g_taste time, thus making sure we don't have chaos
on a shared SAN where everyone names their data multipath as "Fred".
The first of N identical devices (and N *may* be 1!) becomes the active
path until a BIO request is failed with EIO or ENXIO. When this occurs,
the active disk is ripped away and the next in a list is picked to
(retry and) continue with.
During g_taste events new disks that meet the match criteria for existing
multipath geoms get added to the tail end of the list.
Thus, this active/passive setup actually does work for devices which
go away and come back, as do (now) mpt(4) and isp(4) SAN based disks.
There is still a lot to do to improve this- like about 5 of the 12
recommendations I've received about it, but it's been functional enough
for a while that it deserves a broader test base.
Reviewed by: pjd
Sponsored by: IronPort Systems
MFC: 2 months
the restore program to restore all dumped extended attributes.
If the restore is running as root, it will always be able
to restore all extended attributes. If it is not running
as root, it makes a best effort to set them. Using the -v
command line flag or the `verbose' command in interactive
mode will display all the extended attributes being set on
files (and at the end on directories) that are being restored.
It will note any extended attributes that could not be set.
The extended attributes are placed on the dump image immediately
following each file's data. Older versions of restore can work
with the newer dump images. Old versions of restore will
correctly restore the file data and then (silently) skip
over the extended attribute data and proceed to the next file.
This resolves PR 93085 which will be closed once the code
has been MFC'ed.
Note that this code will not compile until these header
files have been updated: <protocols/dumprestore.h> and
<sys/extattr.h>.
PR: bin/93085
Comments from: Poul-Henning Kamp and Robert Watson
MFC after: 3 weeks
The original DHCP specification includes a route option but it supports
only class-based routes. RFC3442 adds support for specifying the netmask
width for each static route. A variable length encoding is used to minimize
the size of this option.
PR: bin/99534
Submitted by: Andrey V. Elsukov <bu7cher@yandex.ru>
Reviewed by: brooks
"-t msdosfs". The conversion has been happening since 1.43, but
no equivalent conversion happens in "umount -t", which led to some
confusion with some users.
PR: 79296
Submitted by: Nobuhiro Yasutomi <nobuhiro yasutomi nifty ne jp>
'-alias', and that 'add' and 'delete are in fact synonyms for these
in the ifconfig(8) grammar.
Use network prefixes explicitly specified in IETF RFCs for
documentation purposes. (bz)
PR: 102701
MFC after: 1 day
See also: RFC 3330, RFC 3849
Submitted by: bz
in fstab and they are normally mounted as /a/b, if /b is not mounted,
the various quota utilities will incorrectly operate with the quotas on
/a (silently) when operations are attemted on /b.
Sync up all the hasquota() routines between all the different
quota utilities and change it to detect if the file system we are
attempting to perform quota operations on is not currently mounted
and warn the user accordingly.
PR: bin/38918
This includes support for running a script to setup that directory.
The kenv variables init_chroot and init_script control this behavior,
and are documented in loader(8) that's about to be committed (along
with the other variables like init_path...).
Submitted by: Oliver Fromme
Reviewed by: myself, jhb (earlier versions)
negative are now ignored by the quota system and that extremely
large ids may make quotacheck run for a very long time.
Also mention that "options QUOTA" is required for the kernel
to provide quota support.
- First configured key is based only on keyfile (no passphrase).
- Device is attached.
- User changes first key (setkey) from keyfile to passphrase and doesn't
specify number of iterations (with -i option).
...geli(8) won't store calculated number of iterations in metadata.
This result in device beeing unaccesable after detach.
One can recover from this situation by guessing number of iterations
generated, storing it in metadata and trying to attach device.
Recovery procedure isn't nice, but one's data is not lost.
Reported by: Thomas Nickl <T.Nickl@gmx.net>
MFC after: 1 week
If argv[0] == "mount_nfs4", then default to mounting NFSv4,
otherwise if argv[0] == "mount_nfs", default to the old mount_nfs behavior.
- Add a -4 option.
- Add the University of Michigan copyright from mount_nfs4.c, for the
code merged from mount_nfs4.c.
Reviewed by: rees
1) Do not account for uids/gids that appear negative to prevent
the creation of 131GB+ quota files. This is the same as the kernel
now determines which files to provide quota accounting for.
Related to PR kern/38156. This should also prevent boots from
hanging if a negative uid appears in the file systems.
2) Do not count system files in the usage counts. These currently are
file system snapshot and quota data files. This is how the kernel
now handles those files.
3) Correctly generate new quota data files if the current files
do not exist or are zero length in size. PR kern/30958.
It should now be possible to newfs / mount / touch quota.{user,group}
and quotaon a file system and have everything work.
4) Change some diagnostics to report the file system and type of
id (uid or gid) that is being reported.
5) Truncate the quota data files if possible, instead of letting
them grow to a big enough size to hold the largest UID/GID on
the system (typically "nobody"). The kernel should now be able to
grow the files as needed without deadlocking the system.
PR: kern/30958, kern/38156
one. This is based on NetBSD but unlike NetBSD this implementation prints
the instance number for all media instances and doesn't skip it for the
first one as I don't see a reason to suppress it except for the vague
reason to preserve the output for single-instance configurations.
- Fix some whitespace nits.
With the second (and last) part of my previous Summer of Code work, we get:
-ipfw's in kernel nat
-redirect_* and LSNAT support
General information about nat syntax and some examples are available
in the ipfw (8) man page. The redirect and LSNAT syntax are identical
to natd, so please refer to natd (8) man page.
To enable in kernel nat in rc.conf, two options were added:
o firewall_nat_enable: equivalent to natd_enable
o firewall_nat_interface: equivalent to natd_interface
Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet
to continue being checked by the firewall ruleset after being
(de)aliased.
NOTA BENE: due to some problems with libalias architecture, in kernel
nat won't work with TSO enabled nic, thus you have to disable TSO via
ifconfig (ifconfig foo0 -tso).
Approved by: glebius (mentor)
- Somewhat improve wording.
- Change the layout of the EXAMPLES section so that descriptions
come before example, as in most other manpages.
- Fix a bad example that edits a label using a `c' partition.
o add hack/nonstandard channel mapping for public safety band channels to
mirror kernel (temporary until we have proper 802.11 state)
o change ieee80211_mhz2ieee to take channel flags (unused right now)
While here do some minor fixups like using IEEE80211_IS_CHAN_ANYG.
: fdisk.c revision 1.74
: date: 2004/06/14 07:21:19; author: phk; state: Exp; lines: +3 -3
: Make fdisk initialize the first instead of the last slice by default.
For filesystems which use vfs_mount_error() to log an error, this
char buffer will be populated with a string error message.
If nmount() fails, in addition to printing out strerror(errno),
print out the "errmsg" populated by vfs_mount_error().
makes restore less efficient, but it makes a bigger effore to read
corrupted dumps. Specifiacally, when in degreded mode:
1) Restore shifts the input by 1 byte if it sees a problem,
rather than one tape block.
2) It doesn't assume the inodes are stored in ascending order.
3) It turns some panics into warning printfs.
We also verify some fields more carefully than before.
There's probably more a degreded mode could do, but this seems to
help a lot.
Approved by: imp, iedowse, mckusick
MFC after: 3 weeks
and Daichi GOTO <daichi@FreeBSD.org> for submitting this
major rewrite of unionfs. This rewrite was done to
try to solve many of the longstanding crashing and locking
issues in the existing unionfs implementation. This
implementation also adds a 'MASQUERADE mode', which allows
the user to set different user, group, and file permission
modes in the upper layer.
Submitted by: daichi, Masanori OZAWA
Reviewed by: rodrigc (modified for minor style issues)
This will allow the NFS mount code to return a string error message
in addition to returning an error integer value.
Reviewed by: mohans
MFC after: 1 month
them unsigned I made the possible overflows hard to detect,
and it only saved 1 bit which isn't principal, even less now
that the underlying issue with the total of virtual memory has
been fixed. (For the record, it will overflow with >=2T of
VM total, with 32-bit ints used to keep counters in pages.)
- While here, fix printing of other "struct vmtotal" members
such as t_rq, t_dw, t_pw, and t_sw as they are also signed.
Reviewed by: bde
MFC after: 3 days
- use flags rather than sperate ioctls for edge, p2p
- implement p2p and autop2p flags
- define large pathcost constant as ULL
- show bridgeid and rootid in ifconfig
Obtained from: Reyk Floeter <reyk@openbsd.org>
- Fix overflow bugs in sysctl(8), systat(1), and vmstat(8)
when printing values of "struct vmmeter" in kilobytes as
they don't necessarily fit into 32 bits. (Fix sysctl(8)
reporting of a total virtual memory; it's in pages too.)
address learned by the bridge is made permanent, the address will not age out
and most importantly will not migrate to another interface.
This can be used to stop mac address poisoning or clients roaming in much the
same way as static entries without the hassle of preloading the table.
compatible, it would have to (at least):
- support the "compat-compat" -T option,
- *not* support the -l, -O, and -v options,
- default to soft updates being disabled.
Worse, the compatibility mode makes it impossible to mount_mfs(8)
a file system from fstab(5) with soft updates disabled (-S). [1]
Now, the only difference when called as "mount_mfs" or "mfs" (as
opposed to "mdmfs") is that the file mode of the mount point is
set by default to 01777. All options available to mdmfs(8) are
also available to mount_mfs(8); the -C option is still recognized
but ignored for backward compatibility.
PR: bin/98860 [1]
MFC after: 2 weeks
gmirror and graid3 in a way that it is not resynchronized after a
power failure or system crash.
It is safe when gjournal is running on top of gmirror/graid3.
RSTP provides faster spanning tree convergence, the protocol will exchange
information with neighboring switches to quickly transition to forwarding
without creating loops. The code will default to RSTP mode but will downgrade
any port connected to a legacy STP network so is fully backward compatible.
Reviewed by: syrinx
Tested by: syrinx
and -p flag was given perform fast file system checking (bascially only
garbage collecting of orphaned objects).
Rename bread() to blread() and bwrite() to blwrite() as we now link to
the libufs library, which also implement functions with that names.
Sponsored by: home.pl
in /etc/fstab.
This has been happening due to the priority inversion; options
specified on the command line should take precedence over options
from fstab over default "noro" option, but since both the default
"noro" and options specified on the command line (-w, -r, -o ...)
were put into the same "options" variable, "noro" took precedence
over fstab "ro" (this is easily visible with "mount -d").
PR: bin/100164
replace them with references to newfs(8) which documents them.
- Remove mentions of LFS support for which was retired in 1998.
- Regenerate an example output.
PR: docs/84913
MFC after: 3 days
gramatical tweaks along w/ sorting the list, and adding that serial is
available for USB....
PR: 85097
Submitted by: Fredrik Lindberg
MFC after: 1 week
read requests to its consumer. It has been developed to address
the problem of a horrible read performance of a 64k blocksize FS
residing on a RAID3 array with 8 data components, where a single
disk component would only get 8k read requests, thus effectively
killing disk performance under high load. Documentation will be
provided later. I'd like to thank Vsevolod Lobko for his bright
ideas, and Pawel Jakub Dawidek for helping me fix the nasty bug.
address, to avoid confusing the users that a full address is
always required.
Submitted by: Josh Paetzel <josh@tcbug.org> (through freebsd-doc)
MFC after: 3 days
partition size. On 32-bit platforms sizeof(long) < sizeof(off_t)
and using strtol(3) would prevent partitions larger than 4G
sectors or beyond 4G blocks.
PR: bin/103991
MFC after: 3 days
- Print proper error message when argument is specified twice.
Before the change it was detected properly, because of how
G_OPT_DONE() macro worked.
- Use err(3) functions where appropriate.
- Add some assertions.
- Bump version number, because G_TYPE_BOOL addition breaks API and ABI.
Changes: 98721,98722,98723,101360,106985
With the first part of my previous Summer of Code work, we get:
-made libalias modular:
-support for 'particular' protocols (like ftp/irc/etcetc) is no more
hardcoded inside libalias, but it's available through external
modules loadable at runtime
-modules are available both in kernel (/boot/kernel/alias_*.ko) and
user land (/lib/libalias_*)
-protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
skinny and smedia
-added logging support for kernel side
-cleanup
After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.
During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.
User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.
The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).
General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.
NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.
Approved by: glebius
Reviewed by: glebius, ru
length != BPF_WORDALIGN(length)
This meeans that it is possible for this to be true:
interface->rbuf_offset > interface->rbuf_len
Handle this case in the test for running out of packets. While
OpenBSD's solution of setting interface->rbuf_len to
BPF_WORDALIGN(length) is safe due to the size of the buffer, I think
this solution results in less hidden assumptions.
This should fix the problem of dhclient running away and consuming 100%
CPU.
PR: bin/102226
Submitted by: Joost Bekkers <joost at jodocus.org>
MFC after: 3 days
- after killing all attached providers, all providers are then detached
and operation is repeated for those who were attached,
- we don't want to remove keys for read-only attached providers, we only
want to detach them.
MFC after: 1 week
otherwise this command
ipfw add allow ipv6-icmp from any to 2002::1 icmp6types 1,2,128,129
turns into icmp6types 1,2,32,33,34,...94,95,128,129
PR: 102422 (part 1)
Submitted by: Andrey V. Elsukov <bu7cher at yandex.ru>
MFC after: 5 days
'ifconfig em0 tso' and 'ifconfig em0 -tso'. TSO for IPv4 and IPv6 is always
enabled or disabled together. The driver may enable only one if it doesn't
support both.
Document 'tso' and '-tso' in the ifconfig(8) man pages.
Sponsored by: TCP/IP Optimization Fundraise 2005
the BUGS section of the alloca(3) manpage. In particular, when
the number of TCP sockets is several tens of thousand, trying to
"sysctl -a" would SIGSEGV on the net.inet.tcp.pcblist entry (it
would exceed the stacksize ulimit, in an undetectable manner).
Reported by: Igor Sysoev
o Restore owner/group/mode/atime/mtime of symbolic links, rev. 1.30.
o Extract file flags of symbolic link, rev. 1.42.
o Call getfile() before altering file attributes.
Open file with mode 0600 instead of 0666 so that file won't remain
group or world readable/writable even if getfile() terminated.
Move skipfile() before altering file attributes in IF{CHR,BLK} and
IFIFO case for symmetry, rev. 1.32.
o Use file mode 0600 when creating special file or fifo, revs. 1.33, 1.34.
o Remove redundant -N check.
PR: bin/101660
Submitted by: Andrey V. Elsukov
Obtained from: NetBSD, enami@netbsd
MFC after: 6 weeks
REPORT LUNS command to a device.
camcontrol.[c8]: Implement reportluns. This tries to print the LUNs
out in a reasonable format. Only the periph
addressing method has been tested, since very little
hardware that I know of supports the other methods.
scsi_all.[ch]: Revamp the report luns CDB structure and helper
functions. This constitutes a little bit of an API
change, but since the old CDB length was 10 bytes,
and the REPORT LUNS CDB length is actually 12 bytes,
it's clear that no one was using this API in the
first place.
MFC After: 1 week
having trouble with the "me6" keyword. Also, we were using inet_pton on
the wrong variable in one place.
Reviewed by: mlaier (previous version of patch)
Obtained from: Sascha Blank (inet_pton change)
MFC after: 1 week
for example:
fwd tablearg ip from any to table(1)
where table 1 has entries of the form:
1.1.1.0/24 10.2.3.4
208.23.2.0/24 router2
This allows trivial implementation of a secondary routing table implemented
in the firewall layer.
I expect more work (under discussion with Glebius) to follow this to clean
up some of the messy parts of ipfw related to tables.
Reviewed by: Glebius
MFC after: 1 month
despite the interface link status.
Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface). These can be used to give
interface specific flags to dhclient.
Reviewed by: brooks@
buildworld breakage.
Exclude loglevel.c from the build. It does not appear to be used by
anything in the tree and buildworld succeeds just fine without it.
unlinked as soon as the dump starts (and removed when the dump is
completed, and the dump process exits). Previous wording was confusing
because users might expect the snapshot to be visible in the .snap
subdirectory while dump is running.
MFC after: 1 week
output to setproctitle(3) in order to get rid of the ugly two-character
escape sequence "\n" in the ps(1) output of a dump(8) process:
<< [...] finished in 0:00 at Sat Aug 5 14:44:39 2006\n (dump)
>> [...] finished in 0:00 at Sat Aug 5 14:44:39 2006 (dump)
init(8), to avoid losing a race to them and dying before being able
to call reboot(2).
PR: bin/64664
Submitted by: maxim
Obtained from: NetBSD
MFC after: 30 days
code independent of the macro. This utility is just omitted
from the build as a whole by ../Makefile if MK_INET6 is set to false.
Pointed out by: ume
Tested with: cmp(1)
not be mounted unless the -l flag was specified.
Add an rc script, mountlate, which basically runs 'mount -a -l'. It runs
after DAEMON but before LOGIN.
This is useful for things like loopback mounts, because mountcritremote
runs before mountd / nfsd (since /usr might be a remote file system), so
an attempt to mount a loopback network file system in mountcritremote will
fail.
Also add a progress message to mountcritlocal, for the sake of symmetry
with similar messages in mountcritremote and mountlate.
Reviewed by: freebsd-rc
MFC after: 3 weeks
mechanism
o change vlan cloning to use callback and pass all vlan parameters
on create using the new SIOCREATE2 ioctl
o update vlan set logic to match existing practice
with NACK if I don't set it. Setting 'option dhcp-client-identifier' is
alternative but it is inconvenient because I have to keep the list of
all MAC addresses. As bin/94743 pointed out, it is always sent from
Windows clients and I found Mac OS X does the same.
OK'd by: brooks
order to - for example - apply firewall rules to a whole group of
interfaces. This is required for importing pf from OpenBSD 3.9
Obtained from: OpenBSD (with changes)
Discussed on: -net (back in April)
sector size, instead of later failing with an error about /boot/mbr
not being a multiple of the sector size (since we end up with an
assumed sector size of MAX_SEC_SIZE * 2).
- We query the sector size via an IOCTL anyway, so if that succeeds
use that instead of probing for it via read(2) calls. This fixes
the problem with fdisk failing to operate on at least graid3 and
md(4) devices on kernels with src/sys/geom/geom_dev.c before
rev. 1.90, due to fdisk failing to detect the sector size.
- When detecting the root device allow "/" characters in it, which
happens with e.g. gmirror devices.
Reviewed by: cperciva
MFC after: 1 week
- 'tag' & 'untag' action parameters.
- 'tagged' & 'limit' rule options.
Rule examples:
pipe 1 tag tablearg ip from table(1) to any
allow ip from any to table(2) tagged tablearg
allow tcp from table(3) to any 25 setup limit src-addr tablearg
sbin/ipfw/ipfw2.c:
1) new macros
GET_UINT_ARG - support of 'tablearg' keyword, argument range checking.
PRINT_UINT_ARG - support of 'tablearg' keyword.
2) strtoport(): do not silently truncate/accept invalid port list expressions
like: '1,2-abc' or '1,2-3-4' or '1,2-3x4'. style(9) cleanup.
Approved by: glebius (mentor)
MFC after: 1 month
keeping a flag to check whether we actually wanted to mount the filesystem
readonly, setup the options list so that we start off by assuming rw is what's
desired and let later flags change that.
to the init. This prevents zombies from being accumulated.
PR: bin/64198
Tested by: Eugene Grosbein <eugen at www svzserv kemerovo su>
Approved by: kan (mentor)
MFC after: 1 month
Now, encryption algorithm is given using '-e' option, not '-a'.
The '-a' option is now used to specify authentication algorithm.
Supported by: Wheel Sp. z o.o. (http://www.wheel.pl)
- remove call to getmntopts(), and just pass -o options to
nmount(). This removes some confusion as to what options
msdosfs can parse, by pushing the responsibility of option parsing
to the VFS and FS specific code in the kernel.
msdosfs_vfsops.c:
- add "force" and "sync" to msdosfs_opts. They used to be specified
in mount_msdosfs.c, so move them here. It's not clear whethere these
options should be placed into global_opts in vfs_mount.c or not.
Motivated by: marcus
Since tags are kept while packet resides in kernelspace, it's possible to
use other kernel facilities (like netgraph nodes) for altering those tags.
Submitted by: Andrey Elsukov <bu7cher at yandex dot ru>
Submitted by: Vadim Goncharov <vadimnuclight at tpu dot ru>
Approved by: glebius (mentor)
Idea from: OpenBSD PF
MFC after: 1 month
It is no longer needed, because "mount -t reiserfs" calls nmount(2)
directly to mount a ReiserFS file system without the use of
this external mount program.
Approved by: dumbbell
option if none is given in the config file. Also add #ifdefd out
support for sending a client ID based on our MAC address.
PR: bin/94743, bin/76401
Submitted by: Frank Behrens <frank at pinky dot sax dot de>
X-MFC after: 6.1-RELEASE
o Introduce -r and -w keys which allow to load and save a worklist.
o Replace README by man page.
PR: bin/96677
Submitted by: Ulrich Spoerlein
Approved by: phk
MFC after: 1 month
arguments so we do not coredump at "help foo", "back bar" and such.
o Be consistent and print argc - 1 as a command arguments number in
all cases.
PR: bin/37096
Submitted by: Joshua Goodall
MFC after: 1 month
Reset it to 1 for each devd config file so if the parser finds
a syntax error devd(8) will report a correct line number.
Submitted by: Niki Denev
MFC after: 2 weeks
to match the number of inodes on the disk. If we find a directory
entry with a crazy inode number in it, don't look beyond the end
of the bitmap to find that inode's state. Instead skip that directory
entry and print a warning.
Reviewed by: iedowse
MFC after: 3 weeks
wait time for a packet. This allows to:
- Count number of packets received before and after specified
time.
- Shorten time of execution of 'ping -c 1' scripts.
Submitted by: Lytochkin Boris <lytboris gmail.com>
device number at creation time with -u option. Together with XMLizing
mdconfig(8), I broke this functionality.
This change is temporary. Complete fix will be commited soon.
Approved by: cognet (mentor)
a problem with listing large number of md(4) devices. Either 'list' or
'query' mode uses XML.
Additionally, new functionality was introduced. It's possible to pass
multiple devices to -u:
# ./mdconfig -l -u md0,md1
Approved by: cognet (mentor)
- <netipx> headers [1]
- IPX library (libipx)
- IPX support in ifconfig(8)
- IPXrouted(8)
- new MK_NCP option
New MK_NCP build option controls:
- <netncp> and <fs/nwfs> headers
- NCP library (libncp)
- ncplist(1) and ncplogin(1)
- mount_nwfs(8)
- ncp and nwfs kernel modules
User knobs: WITHOUT_IPX, WITHOUT_IPX_SUPPORT, WITHOUT_NCP.
[1] <netsmb/netbios.h> unconditionally uses <netipx> headers
so they are still installed. This needs to be dealt with.
as both have been read from the command line. Still use the callback,
but this time only to verify that both vlan and vlandev have been
found on the command line.
This should allow for control over the relative order of processing
parameters, which is needed to satisfy some caveats of the if_vlan
driver. E.g., MTU cannot be changed on a vlan interface until it's
attached to its parent.
PR: bin/94028
Reviewed by: ru
MFC after: 3 days
As discussed on -current, there is no sensitive info in /sbin/init
to prevent reading it from non-privileged users, nor any reason to
remove the 'x' bit as the first thing the program does is check the
uid and exit if it is not run by root.
Instead (and this is why i make the change), mode 500 prevents
operation when exporting the partition without -maproot=0 to diskless
clients.
All previuos releases are affected by the same problem, so a merge
to RELENG_6 at least would be appropriate (after proper re@ approval
of course).
o multiple modules can be unloaded at once (specified either by id or be
module name)
o exit with EX_USAGE after usage() is called.
o remove unused variables, since we keep command line flags as bitmask,
in 'opt'.
o 'kldload -n ...' does nothing. Add comment to this options.
Additionally:
o Update manual page to conform new functionality.
o Increace WARNS to 6. Because we can.
Approved by: cognet (mentor)
MFC after: 1 week
in the buffer. This isn't exactly the patch that Stephen submitted, but
is based on one of his suggestions.
PR: 93841
Submitted by: Stephen Montgomery-Smith <stephen@math.missouri.edu>
MFC after: 2 weeks
o Also, fdisk_pc98 appears to support -i, so add it to the man page.
o Ditto -v
o Change the name from PC partition table maintenance program to NEC PC-98x1
partition table maintenance program, since it is possible to have a DOS MBR
formatted disk on FreeBSD/pc98 now (although we don't install any tools for
this).
o Merge the -I switch from i386 verison to initialize the partition table
to use the maximum amount possible for a single FreeBSD table.
o Improve warning when the geom method fails (which I think it
always will until geom_pc98 is updated to respond to this ctl message)
o when writing out the boot sector, we have to write out a minimum of
1024 bytes or the sector size. This is different than the i386 case where
we need to write out a minimum of 512 bytes (which is also the minimum
sector size). We already handle this difference on reading, but didn't
in writing, so attempting to write a new partition table would fail.
o Add MID to the -s output, since pc98 users are likely interested in
both of these parameters.
# I can now initialize disks on my pc98 machine either by -I or by
# manually entering the parameters. I don't know if fdisk -B works or not,
# since I'm not willing to risk my only working boot disk to test it..
additional -r (read-only) flag or or -w (read-write) flag,
then assume we want, mount -u -w.
When doing a mount update, this will implicitly pass a "noro" mount
option down to the VFS layer.
vfs_mergeopts() in vfs_mount.c will then remove the "ro" mount option
if it exists in the mount options for a mounted file system.
This means that "mount -u" works the same as "mount -u -w"
and will convert a read-only mount to read-write.
- mount(8) now calls the nmount(2) system call directly, not mount(2)
- specifying a filesystem type with -t will not automatically
invoke an external /sbin/mount_XXXX program....this only happens for
certain file system types. For all other file system types, nmount(2)
is called directly.
doesn't exist or add one that is already present, if the -q flag
is set. Useful for "ipfw -q /dev/stdin" when the command above is
invoked from something like python or TCL to feed commands
down the throat of ipfw.
MFC in: 1 week
supported for a moment.
- Don't allow to use -i when no passphrase is given. Now if iterations is
equal to -1 (not set), we know that we should not ask for the passphrase
on boot.
It still doesn't handle situation when one key is protected with
passphrase and the other is not. There is no quick fix for this.
The complete solution will be to make number of iterations a per-key
value. Because this need metadata format change and is only needed for
devices attached on boot, I'll leave it as it is for now.
MFC after: 3 days
makes it practical to use GBDE for "something you have plus something
you know" security together with a USB flash drive.
Reviewed by: phk
MFC after: 7 days
Presently, ifconfig callbacks are used for L2 configuration, media
and vlan, so actions associated with address assignment, like sending
out a gratuitous ARP, should go when L2 is running already.
This also should fix the problem with setting up vlan interfaces
from rc.conf, when both IP and vlan+vlandev parameters are passed
to ifconfig at once.
Future work: Consider introducing several ifconfig callback lists
to invoke callbacks orderly.
MFC after: 1 week
/tmp may not be writeable yet when dhclient is first run via
/etc/rc.d/netif so using it may not work. Also, writing to a
predictable file in /tmp as root is a really bad idea since a malicious
user may be able to win a race and insert a symlink which will allow
them to cause any file to be overwritten. To solve these problems,
create the tempory file in /var/run which will exist this early and is
writable only by root.
Security: Local risk if users can cause dhclient to run on demand
(such as by unplugging and replugging the network cable).
system is mounted. This prevevents duplicated mounts.
The change I made against the original patch is to fall back to the given
path on realpath(2) failure instead of exiting with an error.
Submitted by: Andreas Kohn <andreas@syndrom23.de>
PR: bin/89782
MFC after: 3 days
circumstances that include circular dependencies.
PR: bin/91789
PR submitted by: Frank Behrens <frank@pinky.sax.de>
Patch submitted by: Divacky Roman <xdivac02@stud.fit.vutbr.cz>
entries from the interface rather than using ifconfig's delete command.
This preserves non-dhclient configured addresses (though they are wiped
out when dhclient is restarted).
MFC after: 1 week
disk. Apparently some people want to use mdmfs as mount_* as a
shortcut for mounting existing file-based file systems.
Note that unlike in the patches from the submitters, this option is
not available in compat mode. Compat mode was supposed to support only
things that mount_mfs used to support. To use this option from fstab,
mdmfs should be called mount_md, not mount_mfs. This distinction has
not always upkept for new options, and those can't be fixed now
without breaking people's systems, but new options should not usually
be allowed in compat mode. (Not sure why -F is allowed there at all.)
PR: 57641
Submitted by: Ruben de Groot
Submitted independently by: Wojciech A. Koszek, for Urzad Miasta Czestochowa
autonumbering is requested, set the unit to 0 instead of -1. This
option is just for output, and "/dev/md-1" looks disconcerting.
Submitted by: Wojciech A. Koszek
kernel is in the order the devices were made, which is not useful to
the user. Also, remove the "%d more" test since the kernel does not
return the complete count in md_pad[0] (maybe it should?).
Submitted by: Wojciech A. Koszek
