Commit Graph

4106 Commits

Author SHA1 Message Date
Wes Peters
f44ec7f89e Don't use UFS2_BAD_MAGIC on UFS (v1) filesystems; it is Not Ready
for Prime Time there.

Submitted by:	Xin LI <delphij@frontfree.net>
Approved by:	RE@ (John, Scott)
2003-11-23 08:29:01 +00:00
Alfred Perlstein
1647bdb853 Cleanup manpage for mount_nfs4 (make it actually refer to nfs4 options).
Cleanup option parsing for mount_nfs4 program, and remove dead code.

Approved by: re
2003-11-22 02:18:30 +00:00
Alfred Perlstein
38edd6eae9 Bring in manpage for idmapd and change domain to @FreeBSD.org.
Approved by: re
2003-11-22 02:16:53 +00:00
Gordon Tetlow
dc59303d62 Make init statically linked by default. It's not worth the pain of having
a dynamically linked init as recently seen by ia64 woes.

Approved by:	re (jhb)
2003-11-19 19:57:20 +00:00
Marcel Moolenaar
bd8477d623 Force a staticly linked /bin and /sbin for ia64. The necessary changes
to gcc have not been made for ia64, which means that executables still
have /usr/libexec/ld-elf.so.1 as the dynamic linker. This simply does
not work if /usr is a seperate filesystem not mounted when the kernel
tries to execute init(8).

Note that this is a temporary fix until a new gcc has been imported
that does have the required changes.

Approved: re@
2003-11-19 16:59:00 +00:00
Kirk McKusick
b17f40bbda Document that the live dump command (`dump -L') creates its snapshot
in the .snap directory in the root of the filesystem being dumped.
Document that if the .snap directory is missing that it must be
created manually and that it should be owned by user root and
group operator and set to mode 770 before a live dump can be run.
2003-11-18 00:36:40 +00:00
Robert Watson
2fa430f2ab Add an entry to the BUGS section indicating that Vinum cannot currently
be used on devices with a block size other than DEV_BSIZE (512),
which specifically includes being unable to run on a swap-backed
md device.  Swap-backed md devices use a 4k block size.
2003-11-17 16:04:52 +00:00
Robert Watson
f315f7629f Don't attempt to make devices if we're using devfs. This
substantially cleans up the output when running the vinum
management tool, and also makes it work better.

Long sustained silence from:	grog
2003-11-17 15:56:00 +00:00
David Schultz
170f850343 Remove the BUGS section introduced in rev 1.11 now that the problem
has been addressed.
2003-11-17 06:39:54 +00:00
David Schultz
71ff2d08cd Reimplement nologin(8) as a C program. This allows us to statically
link it at low cost and avoid environment poisoning attacks associated
with LD_LIBRARY_PATH.

Suggested by:	rwatson
2003-11-17 06:39:38 +00:00
Don Lewis
88beb5c906 Print the dirpref avgfilesize and avgfpdir parameters.
MFC after:	2 weeks
2003-11-17 01:22:07 +00:00
David Schultz
4240849261 Document nologin(8) as being insecure in conjunction with a dynamic
root and suggest alternatives.
2003-11-17 00:08:28 +00:00
Ian Dowse
0ed25a9ad1 If the unmount by file system ID fails, don't warn before retrying
a non-fsid unmount if the file system ID is all zeros. This is a
temporary workaround for warnings that occur in the vfs.usermount=1
case because non-root users get a zeroed filesystem ID. I have a
more complete fix in the works, but I won't get it done for 5.2.
2003-11-16 16:48:18 +00:00
Kirk McKusick
d46b52859a Convert the live dump command (`dump -L') to use mksnap_ffs instead
of trying to directly create the snapshot itself. This change allows
users logged into the system as operator to run live dumps.

Note that dump no longer tries to create the snapshot in the root of
the filesystem, but rather in a .snap directory in the root of the
filesystem. The reason is that the operator is usually not permitted
to write into the root of the filesystem. The newfs command and
background fsck have both been modified to create a .snap directory
in the root of the filesystem, but if neither of these have been run,
then the .snap directory must be created manually by the superuser
before a live dump can be run. The .snap directory should be owned
by user root and group operator and set to mode 770.
2003-11-16 08:01:58 +00:00
Wes Peters
0af4e34b2e Add the -E command line option to force error conditions for testing.
Sponsord by:	St. Bernard Software
2003-11-16 07:17:30 +00:00
Wes Peters
3b7e1bf6b5 Catch and report on filesystems that were interrupted during newfs,
sporting the new 'BAD' magic number.  Exit with a unique error code
(11) so callers who care about this can respond appropriately.
2003-11-16 07:10:55 +00:00
Wes Peters
ec52df8eb9 Write the UFS2 superblock with a 'BAD' magic number at the beginning
of newfs, to signify the newfs operation has not yet completed.  Re-
write the superblock with the correct magic number once all of the
cylinder groups have been created to show the operation has finished.

Sponsored by:	St. Bernard Software
2003-11-16 07:08:27 +00:00
Ken Smith
12ce12716f - Add GPT header/table recovery command
- Minor related cleanup in add command

Approved by:	marcel
2003-11-16 06:45:26 +00:00
Ken Smith
3834ba7920 - Provide default values for LABELOFFSET and LABELSECTOR so
it compiles on all architectures.

Approved by:	marcel
2003-11-16 06:43:25 +00:00
Gordon Tetlow
7e83e0de77 Change the default for binaries in /bin and /sbin from statically to
dynamically linked. This has been a long time coming with the move of
critical libraries from /usr/lib to /lib. If you don't feel comfortable
with dynamically linked binaries in your root partition, now is the
time to define NO_DYNAMICROOT in your make.conf.

Approved by:	re
2003-11-16 04:57:28 +00:00
Alfred Perlstein
5d01eeb9e1 University of Michigan's Citi NFSv4 userland client code.
Submitted by: Jim Rees <rees@umich.edu>
2003-11-14 21:04:33 +00:00
Johan Karlsson
657c605c12 Make this WARNS=2 clean by
- using (intmax_t) and %j instead of %q

Tested by:	make universe
2003-11-14 13:13:23 +00:00
Johan Karlsson
8a0453d614 Make this WARNS=2 clean by
- using (intmax_t) and %j
	- giving a non-empty format string to msg()

Include <stdint.h> directly instead of depending on <inttypes.h>
to do it.

Tested by:	make universe
2003-11-14 13:07:38 +00:00
Dag-Erling Smørgrav
7fb7df3159 Warn about partitions that would overlap with the master boot record, and
if the user agrees, move them out one track.

MFC after:	7 days
2003-11-13 21:13:43 +00:00
Johan Karlsson
b1da57aeb5 Make this WARNS=2 clean by
- constifying copyright

PR:		39867
Submitted by:	Dan Lukes <dan@obluda.cz>
Tested by:	make universe
2003-11-13 19:18:43 +00:00
Johan Karlsson
8b5e064d28 Make this WARNS=2 clean by
- #include <timeconv.h> for _time_to_time32 et al
	- use (uintmax_t) and %j
	- remove unused variable 'j' (from PR 39866)

PR:		39866
Submitted by:	Dan Lukes <dan@obluda.cz>
Tested by:	make universe
2003-11-13 19:08:43 +00:00
Ken Smith
280b191c3a - Add some information about how init, securelevel, and jails
interact with each other.
	- Minor markup fix (.Dq -> .Va for a variable)

Reviewed by:	rwatson
Approved by:	blackend (mentor)
2003-11-11 18:37:50 +00:00
Christian Brueffer
76a8862646 Add a describtion for the '-d' flag
While I'm here, add a missing comma

PR:		41787
Obtained from:	OpenBSD
MFC after:	5 days
2003-11-10 14:28:33 +00:00
Hajimu UMEMOTO
db54001806 enable aes-xcbc-mac and aes-ctr, again. 2003-11-10 10:39:14 +00:00
Dag-Erling Smørgrav
7434ec74a8 Alphabetization braino.
Pointed out by:	johan
2003-11-07 21:28:29 +00:00
Dag-Erling Smørgrav
705916c692 Whitespace cleanup. 2003-11-07 16:41:47 +00:00
Dag-Erling Smørgrav
45817aaa9c Add a command-line option to format output for human readability.
Currently, the only effect it has is to print some (but not all) numbers
using thousands separators.
2003-11-07 16:33:45 +00:00
Ken Smith
5324d49a71 - add explanation of what an active file system is
- explain the reason for permitting 32 read errors for a dump

PR:		docs/35602 and docs/35607
Reviewed by:	jhb
Approved by:	blackend (mentor)
2003-11-05 22:17:37 +00:00
Johan Karlsson
8fbf7d0847 Make sure argv[x] exists before using it.
PR:		56696
Reported by:	Igor Truszkowski <igort@intergate.pl>
Submitted by:	maxim@
Approved by:	sos@
MFC after:	2 weeks
2003-11-05 21:56:21 +00:00
Johan Karlsson
8fb7e78565 Make this WARNS=6 clean by:
- declaring 'mode2str' as returning a 'const char *'
 - prototyping all function
 - rename the argument 'version' to 'ver', not to shadow
        the now prototyped function 'version'.

Also mark it as WARNS?= 6 clean to try to keep it clean.

Tested by:	make universe (including amd64)
2003-11-05 19:20:41 +00:00
Hajimu UMEMOTO
cf43a05493 - do hexdump on send. set length field properly
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
  is specified.
- changed the syntax how to define a policy of a ICMPv6 type and/or a
  code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none;
- random cleanup in parser.
- use yyfatal, or return -1 after yyerror.
- deal with strdup() failure.
- permit scope notation in policy string (-P
  esp/tunnel/foo%scope-bar%scope/use)
- simplify /prefix and [port].
- g/c some unused symbols.

Obtained from:	KAME
2003-11-05 09:47:54 +00:00
Scott Long
cc2c948fb5 Add support for multibyte character conversions.
Submitted by: imura@ryu16.org
2003-11-05 06:21:45 +00:00
Tom Rhodes
1476864b52 Use 'const' in the copyright stamp, this is done in other utilities.
Return linker.h to the includes list.

No objection from:	wollman (for the copyright)
2003-11-04 21:04:14 +00:00
Ian Dowse
155ea0634c In mapdirs(), do not use the `dp' inode pointer after searchdir()
has been called, since it points to a shared inode buffer that may
be overwritten. The two cases where `dp' was used incorrectly appear
to have been overlooked when "nodump" inheritance was first added
in revision 1.12.

This is reported to correct propagation of the nodump flag on
directories that are larger than one block in size.

PR:		bin/58912
Submitted by:	Volker Paepcke <vpaepcke@incore.de>
MFC after:	1 week
2003-11-04 14:20:14 +00:00
Ian Dowse
ec3f495c76 Add missing prototype for cread(). 2003-11-04 12:27:18 +00:00
Kirk McKusick
524ee1107f Create a .snap directory mode 770 group operator in the root of
a new filesystem. Dump and fsck will create snapshots in this
directory rather than in the root for two reasons:

1) For terabyte-sized filesystems, the snapshot may require many
   minutes to build. Although the filesystem will not be suspended
   during most of the snapshot build, the snapshot file itself is
   locked during the entire snapshot build period. Thus, if it is
   accessed during the period that it is being built, the process
   trying to access it will block holding its containing directory
   locked. If the snapshot is in the root, the root will lock and
   the system will come to a halt until the snapshot finishes. By
   putting the snapshot in a subdirectory, it is out of the likely
   path of any process traversing through the root and hence much
   less likely to cause a lock race to the root.

2) The dump program is usually run by a non-root user running with
   operator group privilege. Such a user is typically not permitted
   to create files in the root of a filesystem. By having a directory
   in group operator with group write access available, such a user
   will be able to create a snapshot there. Having the dump program
   create its snapshot in a subdirectory below the root will benefit
   from point (1) as well.

Sponsored by:   DARPA & NAI Labs.
2003-11-04 07:34:32 +00:00
Kirk McKusick
d62e006473 Check that the user running mksnap_ffs has permission to create and
remove a snapshot file from the directory in which they have requested
to have it made. If they do not have write permission in the directory
or the directory is sticky and not owned by the user, then they
will not be able to remove the snapshot when they are done with it.
2003-11-04 07:04:01 +00:00
Stefan Eßer
5758d949d5 Set exit code to 1 in case at least one of the input files
could not be opened.
2003-11-02 23:12:08 +00:00
Ruslan Ermilov
3565c6a8e3 Style. 2003-11-02 06:47:39 +00:00
Tom Rhodes
b34553a3ab Revert the first part of my previous change.
Requested by:	wollman
2003-11-01 16:57:19 +00:00
Tom Rhodes
31212c21bf The copywrite is not a 'static char', remove the #ifdefs and move the copywrite up
into the commented out 'copywrite' section.

Include sys/linker.h for kldload(3).
2003-11-01 15:58:06 +00:00
Mike Silbersack
ac8711d28e Fix a few style glitches in the previous commit and make the
tunable error message more brief.

Suggested by:	bde
2003-11-01 07:06:04 +00:00
Brooks Davis
405077fd53 We want the length of the string, not the size of its pointer. 2003-11-01 00:03:20 +00:00
Brooks Davis
cd30ca946d Temporarily disconnect ipfstat, ipnat, and ipftest to unbreak world.
Pointy hat to:	brooks
2003-10-31 18:54:46 +00:00
Brooks Davis
9bf40ede4a Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By:	re (in principle)
Reviewed By:	njl, imp
Tested On:	i386, amd64, sparc64
Obtained From:	NetBSD (if_xname)
2003-10-31 18:32:15 +00:00
Hartmut Brandt
14ecc3c0f0 Use (char *)NULL to terminate the argument list for execlp().
Without this cast the compiler cannot know that it has to convert the
null pointer constant NULL to a null pointer.
2003-10-30 15:04:37 +00:00
Tom Rhodes
565e3e6567 In check.c:
Avoid shadowing declarations.
Avoid compairing signed and unsigned types.
2003-10-30 09:08:09 +00:00
Tom Rhodes
654c287479 Remove a few unused variables. 2003-10-30 05:43:56 +00:00
Tom Rhodes
201747dffc style(9): sort functions. 2003-10-29 21:23:44 +00:00
Tom Rhodes
91b6ac7c44 Properly prototype C function usage().
Sync usage() with the manual page: s/file/snapshot_name/g.
2003-10-29 21:21:09 +00:00
Ian Dowse
5fff09147f When removing trailing slashes, don't remove the first character
of the name if it is '/'. Also fix a comparison between signed and
unsigned quantities (pointed out by trhodes).
2003-10-29 17:44:36 +00:00
Tom Rhodes
feeac7d216 Bump WARNS level and add a '?' to WARNS=. 2003-10-29 16:10:17 +00:00
Tom Rhodes
ff7e70a9ab Remove redundant declaration of the perror() function, it's provided by stdio.h.
Don't define DKTYPENAMES without using it.
2003-10-29 16:09:17 +00:00
Hartmut Brandt
7672807356 Defer allocation of the actual receive mbuf until the external buffer
is returned from the card to the driver. Add a counter that shows
how many times this allocation has failed. Note, that we could even
further delay the allocation of the mbuf until we know, that we need it
(there are no receive errors and the connection is open). This will be done
in a later commit.

Print the new statistics field in atmconfig.
2003-10-29 13:14:39 +00:00
Peter Wemm
a2141d7a53 Fix some 64 bit warnings. You can't fit a pointer in an int. 2003-10-26 04:47:31 +00:00
Peter Wemm
7e9c84c757 Fix a 64 bit warning. Have set_T_dev_t() take a pointer to a size_t rather
than a pointer to an int, since that is what it really wants anyway.
2003-10-26 04:45:08 +00:00
Peter Wemm
30d38f7b0d Fix gcc warnings. If NAME_MAX is 255, and d_namlen is a uint8_t, then
d_namlen can never be > NAME_MAX.  Stop gcc worrying about this by
using a preprocessor test to see if NAME_MAX changes.
2003-10-26 04:43:02 +00:00
Peter Wemm
7b4ef4ac04 64 bit fixes. in_addr_t is an uint32_t, not a u_long. 2003-10-26 04:37:57 +00:00
Peter Wemm
566214a32a Give wider types to sscanf to fix two warnings (u_short cannot be > 0xffff)
and to make sure that we catch oversized arguments rather than silently
truncate them.  I dont know if sscanf will reject an integer if it will
not fit in the short return variable or not, but this way it should be
detected.
2003-10-26 04:36:47 +00:00
Tom Rhodes
2998b879f0 style.Makefile: Add a '?' before '=' in WARNS. 2003-10-26 00:35:05 +00:00
Warner Losh
842ccec57e Parse the ! lines that will soon be coming from the kernel. These are
a generalized notification mechanism for subsystems wishing to report
events.

Revieded by: njl

# The kernel side seems like it might be causing panics for me, but should
# be forthcoming shortly.
2003-10-24 22:02:29 +00:00
Hajimu UMEMOTO
f95d46333d Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542
(aka RFC2292bis).  Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.

Obtained from:	KAME
2003-10-24 18:26:30 +00:00
Tom Rhodes
1c614e098d Fix several old bugs which got worse over time:
o WARNS should be WARNS?= (broke in rev 1.21).
o Includes should be sorted.
o Move "mntopt.h" out of the standard includes section.
o Rewrite usage() to match the manual page and make it < 80 characters.
o Remove extra .El call on line 187.  It is unused and causes mdoc(7) warnings.

Discussed with:	bde
2003-10-23 16:09:20 +00:00
Tom Rhodes
9d9696b8e3 Move prototypes into their function. 2003-10-22 20:58:57 +00:00
Tom Rhodes
b0e30de9d8 Make WARNS=2 build without error. 2003-10-22 20:11:42 +00:00
Tom Rhodes
5c9124b23e Add back the commas ',' in usage to avoid a garbled usage message.
They were erroneously removed in revision 1.27.
2003-10-22 19:50:57 +00:00
Sean Chittenden
c80f12d0af Reduce fstab(5)/mount(8) confusion by changing the man pages to say "ro"
instead of "rdonly".  "rdonly" works for mount(8) and mount_std(8) but
not from /etc/fstab, whereas "ro" works for all mount_*(8) commands.
2003-10-22 18:25:49 +00:00
Hajimu UMEMOTO
d24cb2490d stop use of NI_WITHSCOPEID. it was deprecated.
Obtained from:	KAME
2003-10-21 20:11:47 +00:00
Mike Silbersack
d108e6633b Wrap a long line in the previous commit
Suggested by:	njl
2003-10-21 18:48:49 +00:00
Mike Silbersack
9b4b73b7ba Have sysctl print out a more useful error message when it detects that the
user has attempted to write to a read only, tunable value.
2003-10-21 16:49:30 +00:00
Ian Dowse
d6ad008082 Change the default mode for lost+found from 01777 to 0700. The
original intention of the less restrictive permissions was to allow
users to move or delete recovered files that they own. However, it
is better to not create world-writable directories by default; the
administrator can always pre-create lost+found if different permissions
are desired.

Reviewed by:	mckusick
2003-10-19 21:49:44 +00:00
Poul-Henning Kamp
427823d576 Only automatically create an 'a' partition when there is nothing
but a 'c' partition.
2003-10-18 19:32:35 +00:00
Poul-Henning Kamp
2925fa2283 Make the regression test run also with obj directories. 2003-10-17 19:52:07 +00:00
Hajimu UMEMOTO
2f4c5de968 - style
- rename variable
- use strlcpy
- const'fy

Obtained from:	KAME
2003-10-17 11:43:44 +00:00
Poul-Henning Kamp
b6badb5a54 Insert an overview of the plans here, in case I get run over by a bus. 2003-10-13 20:14:02 +00:00
Hajimu UMEMOTO
b42ac57f4f - support AES counter mode for ESP.
- use size_t as return type of schedlen(), as there's no error
  check needed.
- clear key schedule buffer before freeing.

Obtained from:	KAME
2003-10-13 14:57:41 +00:00
Hajimu UMEMOTO
c65ee7c758 - support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8

Obtained from:	KAME
2003-10-13 04:54:51 +00:00
Hajimu UMEMOTO
492528c051 - RIPEMD160 support
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
2003-10-12 09:41:42 +00:00
Max Khon
d03a9dc77a Describe '-M' in usage().
PR:		57462
Submitted by:	Ryuichiro Imura <imura@ryu16.org>
2003-10-11 12:05:05 +00:00
Hajimu UMEMOTO
c0839c961f correct unsafe use of realloc().
Obtained from:	KAME
2003-10-11 10:37:43 +00:00
Marc Fonvieille
84783ceaeb Add a full example of a file-backed disk creation, I used the Handbook's
example.

PR:		docs/51897
Submitted by:	Kevin Oberman <oberman@es.net>
2003-10-11 09:59:25 +00:00
Marc Fonvieille
8b23842d38 s/disklabel/bsdlabel where needed. 2003-10-11 08:24:07 +00:00
Poul-Henning Kamp
fc36082a22 I think it is more correct to use modfind() than kldfind() here. 2003-10-10 14:32:28 +00:00
Marcel Moolenaar
4b290df1dd Revision 1.61 changed the allocation of buffer 'buf' in DoFile() from
the stack to the heap to work around a problem on ia64. Now, roughly
16 months and two compiler updates later, it isn't an issue anymore
in the sense that putting a 1M buffer on the stack just works and we
don't actually need to work around anything anymore.
However, since there's no advantage or need to put the buffer on the
stack (again), this change merely removes the XXX comment describing
that there's an explicit reason for the heap allocation. Hence, this
change is a functional no-op.

PR: ia64/38677
2003-10-08 07:37:11 +00:00
Kirk McKusick
ff76fc7f16 Create a .snap directory mode 770 group operator in the root of each
filesystem that is checked in background. Create the snapshot in this
directory rather than in the root. There are two benefits:

1) For terabyte-sized filesystems, the snapshot may require many
   minutes to build. Although the filesystem will not be suspended
   during most of the snapshot build, the snapshot file itself is
   locked during the entire snapshot build period. Thus, if it is
   accessed during the period that it is being built, the process
   trying to access it will block holding its containing directory
   locked. If the snapshot is in the root, the root will lock and
   the system will come to a halt until the snapshot finishes. By
   putting the snapshot in a subdirectory, it is out of the likely
   path of any process traversing through the root and hence much
   less likely to cause a lock race to the root.

2) The dump program is usually run by a non-root user running with
   operator group privilege. Such a user is typically not permitted
   to create files in the root of a filesystem. By having a directory
   in group operator with group write access available, such a user
   will be able to create a snapshot there. Having the dump program
   create its snapshot in a subdirectory below the root will benefit
   from point (1) as well.

Sponsored by:   DARPA & NAI Labs.
2003-10-08 02:14:03 +00:00
Poul-Henning Kamp
f1b9e7798d Improve regression test with an image file which must work. 2003-10-07 09:31:51 +00:00
Poul-Henning Kamp
ad3cb316b3 Autoload kernel module if necessary.
Submitted by:	mr
2003-10-07 09:29:59 +00:00
Poul-Henning Kamp
f4db0cbe58 Interior decoration changes. 2003-10-07 09:28:07 +00:00
Ian Dowse
640c9cb297 Remove the hardcoded default block/frag/cpg values from bsdlabel
and the logic for setting them according to the partition size.
Instead, unspecified filesystem values are left at 0 so that newfs
will use its own defaults. It just caused confusion to have the
defaults duplicated in two different places.

Reviewed by:	phk
2003-10-05 19:40:02 +00:00
Sam Leffler
2091a3fbaf remove include of route.h now that ip_dummynet.h no longer exposes
data structures that have an embedded struct route

Sponsored by:	FreeBSD Foundation
2003-10-03 21:01:48 +00:00
Ruslan Ermilov
deb62e2887 By popular demand, added the "static ARP" per-interface option. 2003-10-01 08:32:37 +00:00
Max Khon
c4f02a891f - Support for multibyte charsets in LIBICONV.
- CD9660_ICONV, NTFS_ICONV and MSDOSFS_ICONV kernel options
(with corresponding modules).
- kiconv(3) for loadable charset conversion tables support.

Submitted by:	Ryuichiro Imura <imura@ryu16.org>
2003-09-26 20:26:25 +00:00
Bruce M Simpson
a441e6c4c5 Add the -xresolve flag to the route(8) man page.
Reviewed by:	ru
2003-09-26 17:03:09 +00:00
Ralf S. Engelschall
ffd1bc0626 fix typo: s/Instaed/Instead/ 2003-09-26 12:24:16 +00:00
Ralf S. Engelschall
d1f602f79e fix typo: s/sytem/system/ 2003-09-26 12:22:28 +00:00
Joe Marcus Clarke
b07fbc17e9 Add Cisco Skinny Station protocol support to libalias, natd, and ppp.
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers.  With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR:		55843
Reviewed by:	ru
Approved by:	ru
MFC after:	30 days
2003-09-23 07:41:55 +00:00
Paul Saab
4036f9e297 revert to version 1.25 and use va_copy to obtain another copy of the
variable arguments. version 1.26 incorrectly truncated the message if
the buffer was too long.

Requested by:	bde
2003-09-21 22:14:49 +00:00
Poul-Henning Kamp
076cb6a8c9 Document the -x and -y options. 2003-09-21 19:05:35 +00:00
Paul Saab
926074e580 Fix improper use of varargs.
Reviewed by:	peter
2003-09-20 23:35:37 +00:00
Sam Leffler
60ef637e8d o add support for setting 128-bit WEP keys
o use IEEE80211_KEYBUF_SIZE instead of magic numbers
o distinguish between 40-, 104-, and 128-bit WEP keys when printing status
2003-09-17 19:27:43 +00:00
Ceri Davies
2918f54c0a Remove an unneccessary comma. 2003-09-14 20:35:22 +00:00
Ruslan Ermilov
959d6c24f6 Get rid of duplicates. 2003-09-14 13:41:59 +00:00
Ruslan Ermilov
743d5d518c mdoc(7): Properly mark C headers. 2003-09-10 19:24:35 +00:00
Ruslan Ermilov
8236257c6f mdoc(7): There cannot be a subsection inside a list.
Reported by:	naddy
2003-09-10 08:24:33 +00:00
Peter Pentchev
94679655fd Document the alternate way of matching MAC addresses: by a bitmask.
PR:		56021
Submitted by:	Glen Gibb <grg@ridley.unimelb.edu.au>
MFC after:	1 month
2003-09-10 06:41:16 +00:00
Ruslan Ermilov
fe08efe680 mdoc(7): Use the new feature of the .In macro. 2003-09-08 19:57:22 +00:00
Philippe Charnier
4b8487d130 Replace a reference to non existant mount_ffs(8) by a reference to mount(8). 2003-09-07 14:11:02 +00:00
Thomas Moestl
884be75cce Apply a bandaid to get this working on sparc64 again; the introduction
of do_cmd() broke things, because this function assumes that a socklen_t
is large enough to hold a pointer.
A real solution to this problem would be a rewrite of do_cmd() to
treat the optlen parameter consistently and not use it to carry
a pointer or integer dependent on the context.
2003-09-04 15:57:37 +00:00
Doug Barton
628d16a388 Add a flag that reports the existence of a dump, and does nothing else.
The immediate purpose for this option is to use it in rc.d so that we
can make savecore behavior conditional.

Tremendous assistance with ideas and sanity checking provided by tjr
and b@etek.chalmers.se.
2003-09-04 10:07:01 +00:00
Maxim Konovalov
1c56ad9b8e Check an arguments count before proceed in sysctl_handler().
PR:		bin/56298
Submitted by:	Kang Liu <liukang@bjpu.edu.cn>
MFC after:	2 weeks

# We need a regression test suit for ipfw(2)/ipfw(8) badly.
2003-09-02 10:36:40 +00:00
Christian Brueffer
8f75df5506 Backout Rev. 1.24
English lessons provided by:	jhb
2003-08-30 07:49:42 +00:00
Christian Brueffer
9980a8d86a Grammar fix 2003-08-29 20:12:21 +00:00
Poul-Henning Kamp
3bc2f9a897 Introduce more knobs to slim down FreeBSD userland
NO_TOOLCHAIN	skips Compilers and Binutils
NO_USB		skips USB stuff
NO_VINUM	skips Vinum stuff
NO_ACPI		skips ACPI stuff
2003-08-29 10:35:01 +00:00
Poul-Henning Kamp
d440887943 When we initialize a disk with a virgin label, create also an 'a'
partition which starts after the bootstrap area and fills the entire
disk.
2003-08-27 22:34:57 +00:00
Poul-Henning Kamp
a28dde9abd Make build of atm, ip6fw and ping6 depend on existing NOATM and
NOINET6 conditionals.
2003-08-27 19:58:40 +00:00
Søren Schmidt
e0b4a710b6 Adjust to the new sys/ata.h layout 2003-08-24 09:23:54 +00:00
Hajimu UMEMOTO
9c6c20e632 use arc4random.
MFC after:	3 days
2003-08-22 18:59:55 +00:00
Warner Losh
3c33210ce8 Fix alignment of the trailing \ 2003-08-22 01:56:17 +00:00
Hartmut Brandt
70b6366edd Get rid of a __DECONST by strdup'ing the string in question. When
called this way the program just prints its help intro, so the
memory leak is not a problem.

Pointed out by: bde
2003-08-20 08:25:36 +00:00
David E. O'Brien
7ac81ce4b8 style.Makefile(5) 2003-08-18 15:35:18 +00:00
David E. O'Brien
8d0486e2f4 Restore vendor ID's.
Requested by:	bde
2003-08-18 15:32:16 +00:00
Gordon Tetlow
9a4e73fe5e At imp's request, force devd to be statically compiled. This avoids the
need for libstdc++ in /lib, and the generated binary is actually smaller
statically linked than dynamically + sizeof(libstdc++). Additionally,
devd doesn't use get*by*() which is one of the main motivations for
dynamically linking your root partition anyway.
2003-08-17 08:40:49 +00:00
Gordon Tetlow
442afd046f Stage 4 of dynamically linked root support. Add a big knob,
WITH_DYNAMICROOT, which will toggle the generation of dynamically-linked
binaries for installation in /bin and /sbin. It is currently off,
meaning that /bin and /sbin are still statically linked by default.

If something goes wrong (which I hope doesn't), this is what /rescue is
all about. Please do not try to use WITH_DYNAMICROOT and NO_RESCUE to
save space or some other equally silly reason. If you do and end up
having problems, you have been warned.
2003-08-17 08:37:47 +00:00
Robert Watson
455e535da1 Hook up ffsinfo(8). 2003-08-14 18:55:57 +00:00
Robert Watson
942d2e0205 Commit 1 of 2 to fix ffsinfo(8) for UFS2.
Update ffsinfo(8) to use new UFS2 support in the growfs(8) debugging
functions.  Largely consists of renaming fields and types to be aware
of the UFS1/UFS2 distinction, relying on libufs(3) to open and sanity
check the device/file/label accessed.

Since libufs(3) now handles label/UFS interactions, remove -L argument.

Note: when submitted, this patch had substantial style changes.  I've
attempted to remove the restyling from the patch to separate the
functional and style changes.

Submitted by:	Lukas Ertl <l.ertl@univie.ac.at>
PR:		bin/53517
2003-08-14 18:55:31 +00:00
Hajimu UMEMOTO
5c706347d5 support poll(2).
Obtained from:	KAME
MFC after:	1 week
2003-08-14 18:43:57 +00:00
Robert Watson
0b22953b4c Commit 1 of 2 to fix ffsinfo(8) for UFS2.
Add support for UFS2 to the UFS debugging routines in growfs; required
to update ffsinfo(8) for UFS2.  A variety of types and fs variables are
renamed to reflect UFS1/2 structures.  Also, the print routines for
inodes are now split into separate UFS1 and UFS2 versions.  We now
define dbg_dump_csum_total(), but lose the printing of rotational
information since that's not present in UFS2.  In the future, we may
want to re-add this functionality to print it solely for UFS1.

Submitted by:	Lukas Ertl <l.ertl@univie.ac.at>
PR:		bin/53517
2003-08-14 18:40:59 +00:00
Ruslan Ermilov
5105f9919f - Clarify the port range syntax in -redirect_port.
PR:	docs/46286

- "IP number" -> "IP address", for consistency.
2003-08-13 15:13:33 +00:00
Ruslan Ermilov
b79840a6db Added an option to specify an alternate PID file.
PR:		bin/37159
Submitted by:	"Aleksandr A. Babaylov" <.@babolo.ru>
2003-08-13 13:16:19 +00:00
Tom Rhodes
c98a31cad3 Add a '-M mask' option so that users can have different
masks for files and directories.  This should make some
of the Midnight Commander users happy.

Remove an extra ')' in the manual page.

PR:		35699
Submitted by:	Eugene Grosbein <eugen@grosbein.pp.ru> (original version)
Tested by:	simon
2003-08-12 20:06:56 +00:00
Ceri Davies
22088599d2 Correct a grammatical error. 2003-08-12 20:01:10 +00:00
Hartmut Brandt
791a6fe762 Add a program for configuration of the ATM drivers and the IP over ATM
stuff. This utility allows inspection of the ATM characteristics,
the PHY layer, including statistics of both, the retrival of the
list of currently open channels and also allows access to utopia(4).
2003-08-12 14:25:57 +00:00
Hartmut Brandt
342c29936d Add the new arguments for the add pvc command to the help information.
Correct a comment.

Submitted by:	Vincent Jardin <vjardin@wanadoo.fr>
MFC after:	3 days
2003-08-11 07:14:10 +00:00
Martin Blapp
35dfd13e0b Turn the annoying and long error message off. It was so
long that it was even hard to find the real error cause.

Requested by:	rwatson
2003-08-09 20:36:06 +00:00
Bruce M Simpson
b6b3bf12bb PR: docs/53688
Submitted by:	bms
Approved by:	jake (mentor)
2003-08-09 04:07:42 +00:00
Johan Karlsson
2f92fd9bf7 Make this WARNS=6 clean by prototyping 'usage'.
Tested by:	make universe
2003-08-08 19:51:01 +00:00
Johan Karlsson
7f1740e82a Make this WARNS=6 clean by renaming the variable 'err' to 'error'
in order not to shadow err(3).

Tested by:	make universe
2003-08-07 19:10:35 +00:00
Warner Losh
534734ed17 Prefer PATH_MAX to MAXPATHLEN. Both contain the trailing NUL, so
remove the unneeded +1.
2003-08-07 05:38:56 +00:00
Warner Losh
834a93de56 No need to define optind as an extern. stdlib.h does that for us. 2003-08-07 04:53:48 +00:00
Warner Losh
68dd1ff405 Prefer PATH_MAX to MAXPATHLEN. PATH_MAX has the trailing NUL. 2003-08-07 04:51:41 +00:00
Warner Losh
4a3d43936e MAXPATHLEN includes the trailing NUL, so no need to add 1 here. 2003-08-07 04:50:29 +00:00
Andrey A. Chernov
0407880f4b Localize 'ls' output
Don't set 8bit in quote processing
2003-08-06 08:46:21 +00:00
Yaroslav Tykhiy
ce03e3a7bd Don't reinvent the wheel: Use setmode(3) to interpret
a file mode specification from the command line.  This
approach is more flexible and less error-prone than using
a mere strtoul(3).
2003-08-05 15:04:39 +00:00
Yaroslav Tykhiy
244fca1ffa Exit with a non-zero status upon a block allocation failure.
The old way of just returning could result in a file system
extremely likely to panic the kernel.  The warning printed
wouldn't help much since tools invoking newfs(8), e.g., mdmfs(8),
couldn't detect the error.

PR:		bin/55078
MFC after:	1 week
2003-08-05 13:35:17 +00:00
Johan Karlsson
398676131f Make this WARNS=6 clean by:
1: add 'const' to char * where needed;
 2: mark unused variables with __unused;
 3: remove double prototypes for mode_edit and mode_list.
 4: moves the global variables 'bus', 'target', and 'lun' into
        the main function and protect them with #ifndef MINIMALISTIC,
 5: renames 3 variable in order not to shadow other things
        index -> indx -- in modepage_dump since index is a function
		from <strings.h.>
        arglist -> arglst -- in the function parse_btl since arglist
                is also a global variable
        convertend -> convertend2 -- in the function editentry_set
                since that name is used two times within the function.
 6: cast 0xffffffff in the macro RESOLUTION_MAX(size) to (int)
        since it is unsigned otherwise.

Tested by:	make universe
Approved by:	ken
2003-08-05 09:19:07 +00:00
Andrey A. Chernov
90862ca23d LANG->LC_ALL
Pointed by:     ru
2003-08-04 21:31:53 +00:00
Andrey A. Chernov
b13fdf9999 Fix problem differently, use 
LANG=C tr 'a-z' 'A-Z'                                                         
for hypotetical case that script may generate non-ascii characters
2003-08-04 15:25:39 +00:00
Andrey A. Chernov
7f0ea49c84 Use tr '[:lower:]' '[:upper:]' to work with any locale 2003-08-04 14:32:56 +00:00
David E. O'Brien
fecc076451 style.Makefile(5)'ize 2003-08-03 15:17:28 +00:00
Ruslan Ermilov
e4e0776408 Spell "file system" correctly. 2003-08-01 11:31:19 +00:00
Hartmut Brandt
fac5c31769 Make firmware version 4.1.12 the default for download to PCA-200E adapters.
The old firmware (3.0.1) can still be used by specifying the '-3' option
to fore_dnld.

Document the -r option that resets the adapter prior to the download.

Ther newer firmware version allows traffic shaping.
2003-07-31 14:26:07 +00:00
Hartmut Brandt
16a81ac7aa Fix the code with respect to the assumption that sizeof(long) == 4. 2003-07-30 16:15:49 +00:00
Hartmut Brandt
82817dd82d Fix what was a common idiom in PDP-11 days: declare a local int and
use the address of that int for read(2). While this happens to work on
LE, it surely is wrong on BE.
2003-07-30 16:02:50 +00:00
Hartmut Brandt
9ecbee467c Make this compile with WARNS=6. 2003-07-30 15:58:08 +00:00
Hartmut Brandt
81681144c2 Fix warnings: a variable that was unused, a variable that
was unused unless sun was defined and printing of u_longs
with %x.

PR:		bin/39818
Submitted by:	dan@obluda.cz
MFC after:	1 week
2003-07-30 14:56:25 +00:00
Hartmut Brandt
c7185249d7 Use size_t for buffer sizes. Improve error handling in some places.
Remove a __DECONST() that was needed before this interface cleanup.
2003-07-29 13:37:04 +00:00
Hartmut Brandt
239a15f305 Add support for CBR and VBR PVCs. Enhance the error handling for
the 'add pvc' command.

Submitted by:	Vincent Jardin <vjardin@wanadoo.fr>
MFC after:	2 weeks
2003-07-28 15:27:12 +00:00
Martin Blapp
636a538d15 Enable dhclient to poll the interface state and send only
requests if the interface has an active link. This is a
great benefit if you often change networks with your laptop
and you do not like to kill/restart dhclient all the time.
Changes are automatically detected and the link is refreshed.

The change allows us to start dhclient in background mode
Enable dhclient to poll the interface state and send only
requests if the interface has an active link. This is a
great benefit if you often change networks with your laptop
and you do not like to kill/restart dhclient all the time.
Changes are automatically detected and the link is refreshed.

The change allows us to start dhclient in background mode
while the network cable is not plugged in.

To control the polling interval, the option -i has been
introduced. It takes seconds as parameter, the minimum is
one second, the default is five seconds.

Polling is done in seconds, not microseconds, because dhclient
does internally work with timeouts in seconds.

This change will be part of the next major ISC-dhcpd release.

Tested by:	bms, imp, and many many others.
Reviewed by:	murray, eivind, dhclient folks
2003-07-28 08:30:11 +00:00
Hartmut Brandt
24dd3413f5 Make atm WARNS=6 clean. The changes are mostly:
- remove some instances of __P()
 - use real prototypes and un-K&R function headers
 - constify where necessary (mostly strings and structures containing
   strings)
 - make functions and variables static that need not to be global
 - tag unused function parameters as __unused

Testing:	a fresh universe
2003-07-28 08:14:27 +00:00
Maxim Konovalov
fc60875325 o Fix usage(): remove '-l', add missed '-f', sort. 2003-07-26 15:29:10 +00:00
Simon L. B. Nielsen
4a52a070f8 Remove references to the '-l' option in synopsis. The rest of the
description of this option was removed in v. 1.22.

PR:		docs/54880
Submitted by:	Lukas Ertl <l.ertl@univie.ac.at>
Approved by:	ceri (mentor)
2003-07-26 12:57:56 +00:00
Simon L. B. Nielsen
d54277a793 Minor mdoc(7) cleanup, based on the PR below.
PR:		docs/54826
Submitted by:	Lukas Ertl <l.ertl@univie.ac.at>
Reviewed by:	ru
Approved by:	ceri (mentor)
2003-07-26 12:41:44 +00:00
Hartmut Brandt
ec6d8361cd When deciding whether to download the microcode or not look at the API rather
than at the vendor. We have three different Fore cards and only the PCA200
need the microcode. Look also at the RAM address and load the code only if
it is not zero. A zero RAM address means either a bug in the driver or
this is a interface created by harp(4) in which case fatm(4) handles the
microcode issue.
2003-07-25 12:40:03 +00:00
Hartmut Brandt
ec3770a91a Due to a gcc bug, it doesn't like local variables with names like 'sin'.
Rename this for the moment. Also fix a sparc64 alignment warning.
2003-07-25 08:15:09 +00:00
Hartmut Brandt
bf6da6238b Make ilmid WARNS=6 clean. The problem were a couple of unused function
arguments and missing consts.
2003-07-25 08:09:18 +00:00
Peter Wemm
f8bb2e0ffd Build /sbin/gpt on amd64 for good luck as well. 2003-07-24 01:42:49 +00:00
Warner Losh
fc3a3ee720 Simplistic C comment re is wrong, use more correct one 2003-07-23 23:50:25 +00:00
Warner Losh
f30595058e Remove old workaround 2003-07-23 23:50:00 +00:00
Luigi Rizzo
a0e26ba089 Add a note that net.inet.ip.fw.autoinc_step is ipfw2-specific 2003-07-22 07:41:24 +00:00
Maxim Konovalov
3111be41c2 Quote from a Problem Report:
The output format specifier for the round-trip time in ping6 should be
changed to %.3f instead of %g since %g doesn't accurately represent the
precision of the number being output. In particular, %g truncates trailing
zeroes. 0.01 ms does not mean the same thing as 0.010 ms. Although they
are numerically identical, they do not have the same precision.

PR:		bin/52324, bin/52750
Submitted by:	dg
MFC after:	1 week
2003-07-21 11:06:47 +00:00
Maxim Konovalov
6fa74f7d88 o Initialize do_pipe before command parsing.
PR:		bin/54649
Submitted by:	Andy Gilligan <andy@evo6.org>
MFC after:	3 days
2003-07-21 09:56:05 +00:00
Ian Dowse
eddb48052a Take advantage of the use of file system IDs to simplify umount(8)
and make it work more reliably in a number of cases that have
traditionally been troublesome. The new behaviour is:
 1) If the filesystem can be determined by the fsid or device,
    or uniquely identified by the mountpoint, then just go ahead
    and call unmount(2) using the file system ID.
 2) Otherwise use fstatfs(2) to resolve the path into a file system
    ID (checking with stat(2) that it is a filesystem root directory).

Case 2 can potentially block if an NFS server is down, but it can
always be avoided by using an unambiguous specification. It handles
all the hard cases such as symlinks and mismatches between the mount
list and reality. For example, if a filesystem was mounted as /mnt
inside a chroot, it will show up in the mount list as /mnt, but now
you can unmount it from outside the chroot with "umount /chroot_path/mnt".
2003-07-20 00:11:27 +00:00
Ian Dowse
38f102c2f6 When mount(8) is invoked with the `-v' flag, display the filesystem
ID for each file system in addition to the normal information.

In umount(8), accept filesystem IDs as well as the usual device and
path names. This makes it possible to unambiguously specify which
file system is to be unmounted even when two or more file systems
share the same device and mountpoint names (e.g. NFS mounts from
the same export into different chroots).

Suggested by:	Dan Nelson <dnelson@allantgroup.com>
2003-07-18 17:43:13 +00:00
Hartmut Brandt
a0f1a723a2 Don't call print_pdu() when we are not debugging. This would result
in calling fprintf() with a NULL fp. Strange enough this didn't result
in cores in stable, but results in cores now.

MFC after:	2 weeks
2003-07-18 11:17:04 +00:00
Ian Dowse
1add162c97 Since checkmntlist() and getmntentry() return a struct statfs that
includes the filesystem type name, remove the "type" output parameter.
2003-07-18 08:01:10 +00:00
Ian Dowse
f73d495f68 When the file system to unmount is specified by device name instead
of by mount point, umount had to take care not to unmount the wrong
file system if another file system was covering the requested one.
Now that the file system to unmount is specified to the kernel using
the filesystem ID, this confusion cannot occur, so remove the code
that checked for it.
2003-07-18 01:10:16 +00:00
Luigi Rizzo
3004afca6e Userland side of:
Allow set 31 to be used for rules other than 65535.
Set 31 is still special because rules belonging to it are not deleted
by the "ipfw flush" command, but must be deleted explicitly with
"ipfw delete set 31" or by individual rule numbers.

This implement a flexible form of "persistent rules" which you might
want to have available even after an "ipfw flush".
Note that this change does not violate POLA, because you could not
use set 31 in a ruleset before this change.

Suggested by: Paul Richards
2003-07-15 23:08:44 +00:00
Luigi Rizzo
bbc39c8391 Make sure that comments are printed at the end of a rule.
Reported by:  Patrick Tracanelli <eksffa@freebsdbrasil.com.br>
2003-07-15 10:23:43 +00:00
Luigi Rizzo
f3a126d3d8 Fix one typo in help() string, remove whitespace at end of line and
other minor whitespace changes.

Replace u_char with uint8_t in a few places.
2003-07-14 18:57:41 +00:00
Maxim Konovalov
007fe4e38a o Rename local variables, do not shadow global declarations. 2003-07-14 12:43:48 +00:00
Maxim Konovalov
0fe0c0cc20 o Kill MINICMPLEN, there is ICMP_MINLEN already. 2003-07-14 12:42:47 +00:00
Maxim Konovalov
e88178dd90 o Be ready to get a reply with length up to IP_MAXPACKET.
o Warn when recieved packet length is not equal to length of the
packet we sent out. Idea from NetBSD.
o Fit the dump of packet with wrong data to 80 columns (from NetBSD).

Comments from:	bde
2003-07-14 12:37:03 +00:00
Luigi Rizzo
26bf4d78c2 ccept of empty lines when reading from a file (this fixes a bug
introduced in the latest commits).

Also:

* update the 'ipfw -h' output;

* allow rules of the form "100 add allow ..." i.e. with the index first.
  (requested by Paul Richards). This was an undocumented ipfw1 behaviour,
  and it is left undocumented.

and minor code cleanups.
2003-07-14 08:39:49 +00:00
Greg Lehey
17fe3d1d42 Remove reference to max block size. dump no longer limits the block size. 2003-07-14 02:22:55 +00:00
Luigi Rizzo
1b43a426de Add a '-T' flag to print the timestamp as numeric value instead
of converting it with ctime(). This is a lot more convenient for
postprocessing.

Submitted by: "Jacob S. Barrett" <jbarrett@amduat.net>
2003-07-12 08:35:25 +00:00
Luigi Rizzo
7d3f835703 Document the existence of comments in ipfw rules,
the new flags handled when reading from a file,
and clarify that only numeric values are allowed for icmptypes.

MFC after: 3 days
2003-07-12 07:01:48 +00:00
Luigi Rizzo
62ff38ae06 In random order:
* make the code compile with WARNS=5 (at least on i386), mostly
  by adding 'const' specifier and replacing "void *" with "char *"
  in places where pointer arithmetic was used.
  This also spotted a few places where invalid tests (e.g. uint < 0)
  were used.

* support ranges in "list" and "show" commands. Now you can say

        ipfw show 100-1000 4000-8000

  which is very convenient when you have large rulesets.

* implement comments in ipfw commands. These are implemented in the
  kernel as O_NOP commands (which always match) whose body contains
  the comment string. In userland, a comment is a C++-style comment:

        ipfw add allow ip from me to any // i can talk to everybody

  The choice of '//' versus '#' is somewhat arbitrary, but because
  the preprocessor/readfile part of ipfw used to strip away '#',
  I did not want to change this behaviour.

  If a rule only contains a comment

        ipfw add 1000 // this rule is just a comment

  then it is stored as a 'count' rule (this is also to remind
  the user that scanning through a rule is expensive).

* improve handling of flags (still to be completed).
  ipfw_main() was written thinking of 'one rule per ipfw invocation',
  and so flags are set and never cleared. With readfile/preprocessor
  support, this changes and certain flags should be reset on each
  line. For the time being, only fix handling of '-a' which
  differentiates the "list" and "show" commands.

* rework the preprocessor support -- ipfw_main() already had most
  of the parsing code, so i have moved in there the only missing
  bit (stripping away '#' and comments) and removed the parsing
  from ipfw_readfile().
  Also, add some more options (such as -c, -N, -S) to the readfile
  section.

MFC after: 3 days
2003-07-12 06:53:16 +00:00
Alexander Kabaev
8a50130bbb Do not compare unsigned int values with ULONG_MAX. The comparison is
always false on 64bit platforms and GCC 3.3.1 issues warning there.
2003-07-11 05:47:05 +00:00
Daniel Harris
a10c9747dc Correct to match reality regarding interface names.
PR:		51006
Submitted by:	"Dmitry Pryanishnikov" <dmitry@atlantis.dp.ua>
mdoc clue by:	"Simon L. Nielsen" <simon@nitro.dk>
MFC after:	10 days
2003-07-08 13:24:42 +00:00
Luigi Rizzo
4d233f6b0d * introduce a section on SYNTAX to document the handling
spaces and comma-separated lists of arguments;

* reword the description of address specifications, to include
  previous and current changes for address sets and lists;

* document the new '-n' flag.

* update the section on differences between ipfw1 and ipfw2
  (this is becoming boring!)

MFC after: 3 days
2003-07-08 08:07:03 +00:00
Luigi Rizzo
571f8c1b7a A bunch of changes (mostly syntactic sugar, all backward compatible):
* Make the addr-set size optional (defaults to /24)
    You can now write 1.2.3.0/24{56-80} or  1.2.3.0{56-80}
    Also make the parser more strict.

  * Support a new format for the list of addresses:
        1.2.3.4,5.6.7.8/30,9.10.11.12/22,12.12.12.13, ...
    which exploits the new capabilities of O_IP_SRC_MASK/O_IP_DST_MASK

  * Allow spaces after commas to make lists of addresses more readable.
        1.2.3.4, 5.6.7.8/30, 9.10.11.12/22, 12.12.12.13, ...

  * ipfw will now accept full commands as a single argument and strip
    extra leading/trailing whitespace as below:
        ipfw "-q add allow ip from 1.2.3.4 to 5.6.7.8, 9.10.11.23 "
    This should help in moving the body of ipfw into a library
    that user programs can invoke.

  * Cleanup some comments and data structures.

  * Do not print rule counters for dynamic rules with ipfw -d list
    (PR 51182)

  * Improve 'ipfw -h' output (PR 46785)

  * Add a '-n' flag to test the syntax of commands without actually
    calling [gs]etsockopt() (PR 44238)

  * Support the '-n' flag also with the preprocessors;

Manpage commit to follow.

MFC after: 3 days
2003-07-08 07:52:47 +00:00
Warner Losh
fd6a8f23ef Drop the pid file after we call the final daemon call. w/o -n would
give the wrong pid.

Submitted by: ru and Lukas Ertl
PR: 54113
2003-07-05 00:43:50 +00:00
Luigi Rizzo
c3e5b9f154 Implement the 'ipsec' option to match packets coming out of an ipsec tunnel.
Should work with both regular and fast ipsec (mutually exclusive).
See manpage for more details.

Submitted by: Ari Suutari (ari.suutari@syncrontech.com)
Revised by: sam
MFC after: 1 week
2003-07-04 21:42:32 +00:00
Gordon Tetlow
7bbe9e619f Remove smbfs, portalfs, and nwfs from sbin. The sources live in usr.sbin
now.
2003-07-02 16:22:43 +00:00
Gordon Tetlow
d928e581a9 Move mount_portalfs, mount_smbfs, and mount_nwfs from sbin to usr.sbin.
They don't have alot of reason to be in sbin and contribute to library
bloat in the dynamic case. If you are using any of these filesystem
type to hold your /usr, please seek professional help.

The actual code was repo-copied by joe.
2003-07-02 16:16:49 +00:00