of by mount point, umount had to take care not to unmount the wrong
file system if another file system was covering the requested one.
Now that the file system to unmount is specified to the kernel using
the filesystem ID, this confusion cannot occur, so remove the code
that checked for it.
Allow set 31 to be used for rules other than 65535.
Set 31 is still special because rules belonging to it are not deleted
by the "ipfw flush" command, but must be deleted explicitly with
"ipfw delete set 31" or by individual rule numbers.
This implement a flexible form of "persistent rules" which you might
want to have available even after an "ipfw flush".
Note that this change does not violate POLA, because you could not
use set 31 in a ruleset before this change.
Suggested by: Paul Richards
o Warn when recieved packet length is not equal to length of the
packet we sent out. Idea from NetBSD.
o Fit the dump of packet with wrong data to 80 columns (from NetBSD).
Comments from: bde
introduced in the latest commits).
Also:
* update the 'ipfw -h' output;
* allow rules of the form "100 add allow ..." i.e. with the index first.
(requested by Paul Richards). This was an undocumented ipfw1 behaviour,
and it is left undocumented.
and minor code cleanups.
* make the code compile with WARNS=5 (at least on i386), mostly
by adding 'const' specifier and replacing "void *" with "char *"
in places where pointer arithmetic was used.
This also spotted a few places where invalid tests (e.g. uint < 0)
were used.
* support ranges in "list" and "show" commands. Now you can say
ipfw show 100-1000 4000-8000
which is very convenient when you have large rulesets.
* implement comments in ipfw commands. These are implemented in the
kernel as O_NOP commands (which always match) whose body contains
the comment string. In userland, a comment is a C++-style comment:
ipfw add allow ip from me to any // i can talk to everybody
The choice of '//' versus '#' is somewhat arbitrary, but because
the preprocessor/readfile part of ipfw used to strip away '#',
I did not want to change this behaviour.
If a rule only contains a comment
ipfw add 1000 // this rule is just a comment
then it is stored as a 'count' rule (this is also to remind
the user that scanning through a rule is expensive).
* improve handling of flags (still to be completed).
ipfw_main() was written thinking of 'one rule per ipfw invocation',
and so flags are set and never cleared. With readfile/preprocessor
support, this changes and certain flags should be reset on each
line. For the time being, only fix handling of '-a' which
differentiates the "list" and "show" commands.
* rework the preprocessor support -- ipfw_main() already had most
of the parsing code, so i have moved in there the only missing
bit (stripping away '#' and comments) and removed the parsing
from ipfw_readfile().
Also, add some more options (such as -c, -N, -S) to the readfile
section.
MFC after: 3 days
spaces and comma-separated lists of arguments;
* reword the description of address specifications, to include
previous and current changes for address sets and lists;
* document the new '-n' flag.
* update the section on differences between ipfw1 and ipfw2
(this is becoming boring!)
MFC after: 3 days
* Make the addr-set size optional (defaults to /24)
You can now write 1.2.3.0/24{56-80} or 1.2.3.0{56-80}
Also make the parser more strict.
* Support a new format for the list of addresses:
1.2.3.4,5.6.7.8/30,9.10.11.12/22,12.12.12.13, ...
which exploits the new capabilities of O_IP_SRC_MASK/O_IP_DST_MASK
* Allow spaces after commas to make lists of addresses more readable.
1.2.3.4, 5.6.7.8/30, 9.10.11.12/22, 12.12.12.13, ...
* ipfw will now accept full commands as a single argument and strip
extra leading/trailing whitespace as below:
ipfw "-q add allow ip from 1.2.3.4 to 5.6.7.8, 9.10.11.23 "
This should help in moving the body of ipfw into a library
that user programs can invoke.
* Cleanup some comments and data structures.
* Do not print rule counters for dynamic rules with ipfw -d list
(PR 51182)
* Improve 'ipfw -h' output (PR 46785)
* Add a '-n' flag to test the syntax of commands without actually
calling [gs]etsockopt() (PR 44238)
* Support the '-n' flag also with the preprocessors;
Manpage commit to follow.
MFC after: 3 days
Should work with both regular and fast ipsec (mutually exclusive).
See manpage for more details.
Submitted by: Ari Suutari (ari.suutari@syncrontech.com)
Revised by: sam
MFC after: 1 week
They don't have alot of reason to be in sbin and contribute to library
bloat in the dynamic case. If you are using any of these filesystem
type to hold your /usr, please seek professional help.
The actual code was repo-copied by joe.
system by specifying the file system ID instead of a path. Use this
by default in umount(8). This avoids the need to perform any vnode
operations to look up the mount point, so it makes it possible to
unmount a file system whose root vnode cannot be looked up (e.g.
due to a dead NFS server, or a file system that has become detached
from the hierarchy because an underlying file system was unmounted).
It also provides an unambiguous way to specify which file system is
to be unmunted.
Since the ability to unmount using a path name is retained only for
compatibility, that case now just uses a simple string comparison
of the supplied path against f_mntonname of each mounted file system.
Discussed on: freebsd-arch
mdoc help from: ru
1.2.3.4/24{5,6,7,10-20,60-90}
for set of ip addresses.
Previously you needed to specify every address in the range, which
was unconvenient and lead to very long lines.
Internally the set is still stored in the same way, just the
input and output routines are modified.
Manpage update still missing.
Perhaps a similar preprocessing step would be useful for port ranges.
MFC after: 3 days
"ipid" options. This feature has been requested by several users.
On passing, fix some minor bugs in the parser. This change is fully
backward compatible so if you have an old /sbin/ipfw and a new
kernel you are not in trouble (but you need to update /sbin/ipfw
if you want to use the new features).
Document the changes in the manpage.
Now you can write things like
ipfw add skipto 1000 iplen 0-500
which some people were asking to give preferential treatment to
short packets.
The 'MFC after' is just set as a reminder, because I still need
to merge the Alpha/Sparc64 fixes for ipfw2 (which unfortunately
change the size of certain kernel structures; not that it matters
a lot since ipfw2 is entirely optional and not the default...)
PR: bin/48015
MFC after: 1 week
with a new implementation that has a mostly reentrant "addchar"
routine, supports multiple message buffers in the kernel, and hides
the implementation details from callers.
The new code uses a kind of sequence number to represend the current
read and write positions in the buffer. This approach (suggested
mainly by bde) permits the read and write pointers to be maintained
separately, which reduces the number of atomic operations that are
required. The "mostly reentrant" above refers to the way that while
it is now always safe to have any number of concurrent writers,
readers could see the message buffer after a writer has advanced
the pointers but before it has witten the new character.
Discussed on: freebsd-arch
(1) Reject zero-length strings for CTLTYPE_INT, _UINT, _LONG,
_ULONG. Do not silently convert to 0.
(2) When converting CTLTYPE_INT, _UINT, _LONG, and _ULONG, check the
end pointer generated by strtol() and strtoul() rather than
discarding it. Reject the string if either none of the string
was useful for conversion to an integer, or if there was
trailing garbage.
I.e., we will not allow you to set a numeric sysctl to a value unless
we can completely convert the string argument to a numeric value.
I tripped over this when I put the following in /etc/sysctl.conf:
kern.maxfiles="4000"
Ouch.
and libdevstat, since the new way of doing things is to just list
maintainership in src/MAINTAINERS.
Also, remove duplicate entries in src/MAINTAINERS for those utilities. I
already had entries for them.
number X, rather than mdX, making it easier to script tests that
use md devices but don't want to make assumptions about any existing
md use (such as in diskless environments).
Change the list interface to simplify things.
Remove old list ioctls which bogusly exported the softc to userland.
Move the softc and associated structures from the public header to
the source file.
hinge on the "verb" parameter which the class gets to interpret as
it sees fit.
Move the entire request into the kernel and move changed parameters
back when done.
with UFS1, the UFS1 superblocks were not deleted. This allowed any
RELENG_4 (or other non-UFS2-aware) fsck to think it knew how to "fix"
the file system, resulting in severe data scrambling.
This patch is a more advanced version than the one originally submitted.
Lukas improved it based on feedback from Kirk, and testing by me. It
blanks all UFS1 superblocks (if any) during a UFS2 newfs, thereby causing
fsck's that are not UFS2 aware to generate the "SEARCH FOR ALTERNATE
SUPER-BLOCK FAILED" message, and exit without damaging the fs.
PR: bin/51619
Submitted by: Lukas Ertl <l.ertl@univie.ac.at>
Reviewed by: kirk
Approved by: re (scottl)
one or more actions in the list. This makes constructs like:
attach 10 {
// echo "Driver $device_name attached"
};
to be accepted by the parser. It will be treated as if the user had
entered:
// attach 10 {
// echo "Driver $device_name attached"
// };
(eg totally ignored).
Approved by: re@ (rwatson)
changed to use libufs in revision 1.71. Without this, any write
failures in newfs were silently ignored.
Note that this will display a meaningless errno string in the case
of a short write as opposed to a write error, since bwrite()'s
return value does not allow the caller to determine if errno is
valid.
Reported by: Lukas Ertl <l.ertl@univie.ac.at>
Reviewed by: jmallett
Approved by: re (bmah)
Just because we for the last ten years have fought for every byte
in the boot code on i386, doesn't mean that other architectures could
not actually have space to spare there.
Remore debugging message.
crashes, the config remains locked and causes all
subsequent start or read attempts to fail. This is part
of a fix for the recently reported hangs.
Approved by: re (scottl)
- dumpon utility has not used kern.dumpdev sysctl
since rev. 1.14 (sbin/dumpon/dumpon.c) when phk@
updated it to use the DIOCSKERNELDUMP ioctl [1]
- remove obsolete reference to sysctl(3)
While I am there, fix two style nits:
- use .Nm instead of `dumpon'
- change NOTES to IMPLEMENTATION NOTES, to bring
it in line with recommended section headings in
mdoc(7)
Original patch by: Martin Faxer <gmh003532brfmasthugget.se> [1]
PR: docs/39293
Approved and Reviewed by: des (mentor), re (scottl, bmah)
1024-byte boundaries. For many years this was a reasonable
assumption. However, in recent years we have begun seeing
devices with 2048-byte sectors. These devices return errors
when dump tries to read starting in the middle of a sector
or when it tries to read only the first half of a sector.
Rather than change the native block size used by dump (and
thus create an incompatible dump format), this fix checks
for transfer requests that start and/or end on a non-sector
boundary. When such a read is detected, the new code reads
the entire sector and copies out just the part that dump
needs.
Reviewed by: Poul-Henning Kamp <phk@critter.freebsd.dk>
Approved by: re (John Baldwin <jhb@FreeBSD.org>)
Sponsored by: DARPA & NAI Labs.
work because it referred to plexes which were almost invariably when
referred to. Instead, deprecate the "prefer" keyword for volumes
(though it's still there for the moment) and add a keyword "preferred"
to the plex definition. The relationship is like this:
Old:
vol foo ... prefer foo.p3
New:
plex foo.p3 volume foo preferred
printconfig: Print out the "preferred" keyword for plexes where
appropriate.
Still print out "prefer" for volumes. The kernel module
continues to accept this version, but it's probably not
going to live much longer.
references to it's man page, which is almost never installed on a
FreeBSD system. The information about using this command with gated
has been retained. I have just made it clear that gated is not a part
of FreeBSD.
PR: docs/51407
vinum_read:
Accept 0 parameters, hand an empty string to the kernel if so.
Use new ioctl VINUM_READCONFIG, not VINUM_CREATE, to read config.
vinum_start: When passed 0 parameters, drop the devstat kludge and
call vinum_read instead. It's no longer necessary to distinguish
between "start" and "read" if no parameters are passed, and
probably one of them should go away.
Hide all the historical fields of the label, unless people ask for them with -A,
set them to intelligently chosen defaults otherwise.
Distill the manual page to remove inaccuracies, misundertandings and obsolete
information. It can probably still be done better but now at least it is
not misinforming people.
recorded in global variables, rather than checks on the architecture.
Drop horribly code to handle MBR/PC98's embedded in the BSD label area.
If you need to have an MBR or PC98 on your disk, you should not overlap
it with a BSDLABEL, if you don't need it, this code is nothing but trouble.
for the alpha checksum, and set them depending on the specified architecture
Don't look for disklabels every 16 bytes, look the only place they should
be for the current architecture.
Always read the label from the raw disk and decode it into struct
disklabel rather than trust a cast from random addresses.
When writing to the raw disk, encode the label properly.
Change name of history file to History to avoid name conflicts.
Don't try to make devices unless devfs has been removed.
Don't accept resetconfig command from a file.
Abused by: Jens Schweikhardt <schweikh@schweikhardt.net>
Remove dead code (#if 0)
vinum_mirror: Don't try to create mirrors with 0 drives.
Found by: mismatch between enum kw in two different files.
Change name of history file to History to avoid name conflicts.
Rewrite minor number decoding. Now we have only three types of
object: subdisks, plexes and volumes. The encoding for plexes and
subdisks no longer reflects the object to which they belong. The
super devices are high-order volume numbers. This gives vastly more
potential volumes (4 million instead of 256).
Don't try to chown directories if they haven't been created.
be changed, it is very convenient to be able to toggle SDH/Sonet,
idle/unassigned cells and scrambled mode and to see the carrier
state.
Reviewed by: -arch (if_media.h definitions)
in /etc/fstab to get a memory disk:
md /tmp mfs rw,-s8m,noatime 2 2
Back when mdmfs was created, there was vague discussion about doing this, but
it never materialized.
Reminded by: Ralf S. Engelschall <rse@engelschall.com>
definitions in it. Begin to document the classes that we use, and how
they interrelate (using comments that I can use with doxygen to
automatically generate docs with).
expand one from using a fixed buffer to using a string which
dynamically allocates these things.
Submitted by: green@ (against an earlier version of devd)
Ignored for too long by: imp
Also, put a small work around into devd to prevent a hang on boot this
would cause because select used to return 2 rather than 0 for no
evetnts due to a bug I fixed a few days ago in subr_bus.c. I'll
remove this workaround May 7th. You have until then to upgrade your
kernel if you want to run a new devd with an older kernel.
where we want to take the disklabel filesystem type of "4.2BSD" and use
fsck_4.2bsd on those filesystems.
Add a comment about why the code is there, now that we know:
* XXX This is a kludge to make automatic filesystem type guessing
* from the disklabel work for "4.2BSD" filesystems. It does a
* very limited subset of transliteration to a normalised form of
* filesystem name, and we do not seem to enforce a filesystem
* name character set.
'd': now means don't do daemon().
'D': Debug
'n': Don't wait to process all pending events before calling daemon.
In the past, devd would call daemon immediately. However, this causes
a race. If anything in the boot process depends on configuring the
devices configured by devd, maybe they would be configured in time,
maybe not. Now we don't call daemon until all pending events are
processed, unless -n is specified.
# -n is actually the default for a while due to the select(2) bug in devctl
# that I just fixed to give people a chance to upgrade.
to 0 when we startup. Print a warning in this case. This allows
people that are playing with devd by hand to have something happen.
Otherwise, it appears that devd isn't working because /dev/devctl is
disabled and producing no events.
Suggested by: peter on irc a long time ago.
'a="b" c="d" at loc=1 on busN' properly set 'c' and process the rest of
the stirng. Before it would ignore everything after variable 'a'.
o Parse nomatch and other events differently. They are more different
than the code allowed for, so we weren't properly parsing nomatch
events. It appears this fixes some of the demand loading issues that
I was having with devd.
Noticed by: Gary Palmer
FreeBSD 5.1-RELEASE and later:
- newfs(8) will now create UFS2 file systems unless UFS1 is specifically
requested (-O1). To do this, I just twiddled the Oflag default.
- sysinstall(8) will now select UFS2 as the default layout for new
file systems unless specifically requested (use '1' and '2' to change
the file system layout in the disk labeler). To do this, I inverted
the ufs2 flag into a ufs1 flag, since ufs2 is now the default and
ufs1 is the edge case. There's a slight semantic change in the
key behavior: '2' no longer toggles, it changes the selection to UFS2.
This is very similar to a patch David O'Brien sent me at one point, and
that I couldn't find.
Approved by: re (telecon)
Reviewed by: mckusick, phk, bmah
kern.geom.conftxt, which md disks don't show up in. If the magic and
the checksum are right assume its a valid sunlabel, otherwise use the
DIOC ioctls to get the disk parameters and whip up a label out of thin
air.
- Don't just silently create or correct invalid c partitions, warn about
invalid ones in label proto files.
- Split checksumming into a function since we do it a couple times. Also
don't include the sl_cksum field in the checksum, which avoids needing
to clear it first.
This is makes sunlabel a suitable replacement for disklabel in make release.
Always set the magic sequence when we write, rather than trusting the
previously read boot code to do so.
Use explicit encoding/decoding of little endian disk image.
Remove a comment which was OBE.
Change the test vector for "fdisk -I" to reflect that there is a magic
sequence in the result now.
Add test case for "fdisk" which reads the image back.
At least for the two test-cases this program now gives the same result
on sparc64 as on i386. The lack of an installed /boot/mbr on sparc64
raises an (un)interesting question.
doesn't have a process group, which can occur if you're working with
a custom init that doesn't set up a full tty context. Rather than
refusing to reboot, ignore ESRCH from the kill attempt in reboot(8).
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)
This fulfills the host requirements for userland support by
way of the setsockopt() IP_EVIL_INTENT message.
There are three sysctl tunables provided to govern system behavior.
net.inet.ip.rfc3514:
Enables support for rfc3514. As this is an
Informational RFC and support is not yet widespread
this option is disabled by default.
net.inet.ip.hear_no_evil
If set the host will discard all received evil packets.
net.inet.ip.speak_no_evil
If set the host will discard all transmitted evil packets.
The IP statistics counter 'ips_evil' (available via 'netstat') provides
information on the number of 'evil' packets recieved.
For reference, the '-E' option to 'ping' has been provided to demonstrate
and test the implementation.
- Correct some problems with packet construction.
+--------+------------+----------+-------------+---------+
| | | | | |
| IP Hdr | MINICMPLEN | phdr_len | TIMEVAL_LEN | payload |
| | | | | |
+--------+------------+----------+-------------+---------+
| | | |
|<- IP ->|<------- ICMP -------->|<------ datalen ------>|
My previous changes tried to mess around with 'datalen' instead of
modifying 'phdr_len'.
I'm including this nice ASCII diagram (from Maxim) to further clarify things
in CVS history.
Submitted by: Maxim Konovalov <maxim@macomnet.ru>
when WARNS was increased recently, but __printf0like() has been
temporarily disabled for 8 months.
Fixed related style bugs (disordered declaraction and silly type for
maxpayload -- assume 16-bit ints like the rest of ping.c).
- Use it in atacontrol(8) when listing ATA devices instead of
stopping at the first ENXIO received.
This makes atacontrol list work on my sparc64 where the two ATA
channels I have are numbered 2 and 3.
Reviewed by: sos
This is aimed at creating floppies during cross-releases.
For different endianness machines, a tool like bswapfs(8)
is necessary to make the generated floppies readable on
the target machine. While here, fixed unaligned access
on Alphas.
Tested on: i386, alpha
Notable changes:
- Removed the "disktype" argument from the -B only synopsis
form. This form doesn't touch the disk label, and doesn't
use this argument.
- Fixed the first example in the EXAMPLES section. Support
for compatibility slices has been recently dropped from
the GEOM kernels, and a bit later GEOM became standard.
- Removed the buggy notion from rev. 1.37 that disklabel(8)
may be used to define mount points; it cannot. Improve
some DOS partition / FreeBSD slice wording. Among these,
``dangerously-dedicated slice'' was just a nonsense. ;-)
comes in on is the same interface that we would route out of to get to
the packet's source address. Essentially automates an anti-spoofing
check using the information in the routing table.
Experimental. The usage and rule format for the feature may still be
subject to change.
width of fields for packets and bytes counters.
PR: bin/47196
Reviewed by: -audit
Not objected by: luigi, des
o Use %llu instead of deprecated %qu convert specification for ipfw
packets and bytes counters.
Noted by: des
MFC after: 1 month
