Commit Graph

9674 Commits

Author SHA1 Message Date
Kristof Provost
53714a5861 pfctl: Start using DIOCCLRSTATESNV
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30053
2021-05-07 22:13:30 +02:00
Kristof Provost
cc948296e6 pfctl: Optionally show gateway information for states
When showing the states, in very verbose mode, also display the gateway
(i.e. the target for route-to/reply-to).

Submitted by:	Steven Brown
Reviewed by:	donner
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30051
2021-05-07 22:13:30 +02:00
Ceri Davies
1a212abd54 devd.conf: Remove support for coldsync
The coldsync port was removed in 2012.  The last stable release of
coldsync was issued in 2002.  Let's get rid of it.

PR:		255051
Reviewed by:	imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D30100
2021-05-07 14:31:08 -04:00
Ceri Davies
6a8ed85f48 devd.conf: Typo
PR:		255051
MFC after:	3 days
2021-05-07 14:31:02 -04:00
Edward Tomasz Napierala
95a74ab4fb nvmecontrol: fix typo (s/Managment/Management/)
Reported By:	pstef
2021-05-07 13:12:30 +01:00
Warner Losh
6d6cca3633 nvmecontrol: update copyright on passthru command
I wrote this code, not Intel, so put my copyright on this. I mistakenly
copied it for the initial commit.

Sponsored by:		Netflix
2021-05-06 16:09:31 -06:00
Warner Losh
510a3da147 nvmecontrol: Report status from passthru commands
Report status from dword0 for passthru commands. Many commands report
some status or information here, so reporting it can help know what's
going on.

Sponsored by:		Netflix
2021-05-06 16:09:31 -06:00
Warner Losh
36be84b966 ttys: diff reduction
Back in the day, we used to have a number of entries that were either
'on' or 'off' directly, rather than conditionally on 'onifexists'
etc. Back then, we tried to line up the 'secure' columns by using the
construct 'on secure' or 'off secure' (one space or two). Now that these
have all moved to a conditional construct, remove the second space on
the ttys that still have it. This reduces diffs between the different
ttys and is no functional change. i386 and amd64 did this a long time
ago, and those are the only ones that affected external users (who used
to sed 's/on /off /' the entires as part of the automation).

MFC After:		3 days
Sponsored by:		Netflix
2021-05-04 14:06:31 -06:00
Jose Luis Duran
0ea8a7f36d ifconfig: Minor documentation fix
Fix what appears to have been a small copy/paste typo in ifconfig(8)'s
documentation (man page and header file).

Not that it matters anymore.

Reference: Table I-2 in IEEE Std 802.1Q-2014.

PR:	255557
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
MFC after:	1 week
2021-05-03 14:38:52 +03:00
Lutz Donnerhacke
bf7cc0f9cb sbin/ipfw: Fix null pointer deference when printing counters
ipfw -[tT] prints statistics of the last access. If the rule was never
used, the counter might be not exist.  This happens unconditionally on
inserting a new rule.  Avoid printing statistics in this case.

PR:	255491
Reported by:	Haisheng Zhouz
Reviewed by:	ae
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D30046
2021-05-02 21:28:46 +02:00
Andrew Turner
f1957db43d Fix building sysctl(8) after c78ad20
In sysctl we parse an efi header on amd64. Fix this after changing the
virtual memory type from a void * to a uint64_t in c78ad20.
2021-05-01 11:10:03 +00:00
Kristof Provost
d5b08e13dd pfctl: Revert "pfctl: Another set skip <group> fix"
This reverts commit 0c156a3c32.
This fix broke using '<ifgroup>:network' in tables.

MFC after:	1 week
2021-04-27 09:05:14 +02:00
Kirk McKusick
689724cb23 Clean up fsck_ffs error message output.
When fsck_ffs is creating a lost+found directory it must allocate
an inode and a filesystem block. If it encounters a cylinder group
with a bad check hash, it complains twice: once for the inode and
again for the filesystem block.

This change suppresses the second complaint.

Reported by:  Chuck Silvers
Tested by:    Chuck Silvers
MFC after:    1 week
Sponsored by: Netflix
2021-04-26 18:43:51 -07:00
Kirk McKusick
84a0e3f957 Make fsck_ffs more persistent in creating a lost+found directory.
When fsck_ffs is running in interactive mode and finds unlinked files,
it offers to either unlink them or place them in a lost+found directory.
If the lost+found directory option is requested and no lost+found
directory exists, fsck_ffs offers to create one. When creating one,
it must allocate an inode and a filesystem block. It attempts to
allocate them from the first cylinder group. If the first cylinder
group has a bad check hash, it gives up.

This change expands the search into later cylinder groups when the
first one fails with a bad check hash.

Reported by:  Chuck Silvers
Tested by:    Chuck Silvers
MFC after:    1 week
Sponsored by: Netflix
2021-04-26 16:48:30 -07:00
Kristof Provost
5f5bf88949 pfsync: Expose PFSYNCF_OK flag to userspace
Add 'syncok' field to ifconfig's pfsync interface output. This allows
userspace to figure out when pfsync has completed the initial bulk
import.

Reviewed by:	donner
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29948
2021-04-26 14:31:17 +02:00
Kristof Provost
6fcc8e042a pf: Allow multiple labels to be set on a rule
Allow up to 5 labels to be set on each rule.
This offers more flexibility in using labels. For example, it replaces
the customer 'schedule' keyword used by pfSense to terminate states
according to a schedule.

Reviewed by:	glebius
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29936
2021-04-26 14:14:21 +02:00
Kristof Provost
42ec75f83a pf: Optionally attempt to preserve rule counter values across ruleset updates
Usually rule counters are reset to zero on every update of the ruleset.
With keepcounters set pf will attempt to find matching rules between old
and new rulesets and preserve the rule counters.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29780
2021-04-19 14:31:47 +02:00
Mateusz Piotrowski
5b9b65e92f Explain the newfs naming convention
It might be unclear why newfs and newfs_msdos should cross-reference
each other. Add a note explaining it.

This is a follow-up to 74bd207697.

Reported by:	kib
Reviewed by:    imp, kib, rpokala
MFC after:	3 days
2021-04-17 23:16:17 +02:00
Ryan Moeller
407fb44c92 ifconfig: Reuse media state in ifmedia_getstate
This restores behavior lost in code cleanup, fixing a regression after
2803fa471e where changing media options
only applies some of the changes, not all.

Reported by:	np
Reviewed by:	donner
MFC after:	immediately
Differential Revision:	https://reviews.freebsd.org/D29741
2021-04-15 22:32:25 -04:00
Kristof Provost
4eabfe468b pfctl: Fix clearing rules counters
After the migration to libpfctl for rule retrieval we accidentally lost
support for clearing the rules counters.

Introduce a get_clear variant of pfctl_get_rule() which allows rules
counters to be cleared.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29727
2021-04-14 13:33:02 +02:00
Kurosawa Takahiro
2aa21096c7 pf: Implement the NAT source port selection of MAP-E Customer Edge
MAP-E (RFC 7597) requires special care for selecting source ports
in NAT operation on the Customer Edge because a part of bits of the port
numbers are used by the Border Relay to distinguish another side of the
IPv4-over-IPv6 tunnel.

PR:		254577
Reviewed by:	kp
Differential Revision:	https://reviews.freebsd.org/D29468
2021-04-13 10:53:18 +02:00
Gordon Bergling
bc54f5f1cd route(8): Add an example how to print the routing tables
The manual page currently doesn't show an example how to print
the routing table, so add one and .Xr netstat while here.

PR:		231579
Reported by:	Pekka Järvinen <pekka dot jarvinen at gmail dot com>
Reviewed by:	debdrup
MFC after:	5 days
Differential Revision:	https://reviews.freebsd.org/D29702
2021-04-13 06:45:22 +02:00
Kurosawa Takahiro
600bd6ce06 pfctl, libpfctl: introduce pfctl_pool
Introduce pfctl_pool to be able to extend the pool part of the pf rule
without breaking the ABI.

Reviewed by:	kp
MFC after:	4 weeks
Differential Revision:	https://reviews.freebsd.org/D29721
2021-04-12 18:30:29 +02:00
Kristof Provost
ab5707a5cf libpfctl: Fix u_* counters
struct pf_rule had a few counter_u64_t counters. Those couldn't be
usefully comminicated with userspace, so the fields were doubled up in
uint64_t u_* versions.

Now that we use struct pfctl_rule (i.e. a fully userspace version) we
can safely change the structure and remove this wart.

Reviewed by:	glebius
MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29645
2021-04-10 11:16:03 +02:00
Kristof Provost
e9eb09414a libpfctl: Switch to pfctl_rule
Stop using the kernel's struct pf_rule, switch to libpfctl's pfctl_rule.
Now that we use nvlists to communicate with the kernel these structures
can be fully decoupled.

Reviewed by:	glebius
MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29644
2021-04-10 11:16:02 +02:00
Kristof Provost
a9b338b260 pf: Move prototypes for userspace functions to userspace header
These functions no longer exist in the kernel, so there's no reason to
keep the prototypes in a kernel header. Move them to pfctl where they're
actually implemented.

Reviewed by:	glebius
MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29643
2021-04-10 11:16:02 +02:00
Kristof Provost
0d71f9f36e pfctl: Move ioctl abstraction functions into libpfctl
Introduce a library to wrap the pf ioctl interface.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29562
2021-04-10 11:16:02 +02:00
Kristof Provost
0d6c8174ef pfctl: Use the new DIOCGETRULENV ioctl
Create wrapper functions to handle the parsing of the nvlist and move
that code into pfctl_ioctl.c.
At some point this should be moved into a libpfctl.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29560
2021-04-10 11:16:01 +02:00
Kristof Provost
5c11c5a365 pfctl: Move to DIOCADDRULENV
Start using the new nvlist based ioctl to add rules.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29558
2021-04-10 11:16:01 +02:00
Edward Tomasz Napierala
28b475b018 Cross-reference camcontrol(8) and zonectl(8) man pages. 2021-04-10 10:13:29 +01:00
Roman Bogorodskiy
066a576c5f ipfw: update man page example for nat show log
In d6164b77f8 the ability to show
ranges of nat log entries was removed.

PR:	254192
Reviewed by:	allanjude
2021-04-07 15:37:46 +00:00
John-Mark Gurney
b8028f9d3c add Xr to the rc.d script... 2021-04-06 16:32:57 -07:00
Ed Maste
a64096aa63 ffsinfo: Update example to avoid to-be-deprecated vinum
Reviewed by:	mckusick
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29478
2021-04-03 16:29:14 -04:00
Kirk McKusick
fc56fd262d Ensure that all allocated data structures in fsck_ffs are freed.
Several large data structures are allocated by fsck_ffs to track
resource usage. Most but not all were deallocated at the end of
checking each filesystem. This commit consolidates the freeing
of all data structures in one place and adds one that had previously
been missing.

It is important to clean up these data structures as they can be
large. If the previous allocations have not been freed, fsck_ffs
can run out of address space when many large filesystems are being
checked. An alternative would be to fork a new instance of fsck_ffs
for each filesystem to be checked, but we choose to free the small
set of large structures to save the fork overhead.

Reported by:  Chuck Silvers
Tested by:    Chuck Silvers
MFC after:    7 days
Sponsored by: Netflix
2021-04-02 11:58:49 -07:00
Ed Maste
b218441ac0 gvinum: add deprecation notice
Vinum is a Logical Volume Manager that was introduced in FreeBSD 3.0,
and for FreeBSD 5 was ported to geom(4) as gvinum. gvinum has had no
specific development at least as far back as 2010, and has a number of
known bugs which are unlikely to be resolved.

Add a deprecation notice to raise awareness but state that vinum "may
not be" available in FreeBSD 14.  Either it will be removed and the
notice will be updated to "is not" available, or someone will step up
to fix issues and maintain it and we will remove the notice.

Reviewed by:	imp (earlier version)
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29424
2021-03-28 14:45:05 -04:00
Kirk McKusick
7848b25edd Fix fsck_ffs -R finds unfixed duplicate block errors when rerunning.
This fixes a long-standing but very obscure bug in fsck_ffs when
it is run with the -R (rerun after unexpected errors).  It only
occurs if fsck_ffs finds duplicate blocks and they are all contained
in inodes that reside in the first block of inodes (typically among
the first 128 inodes).

Rather than use the usual ginode() interface to walk through the
inodes in pass1, there is a special optimized `getnextinode()'
routine for walking through all the inodes. It has its own private
buffer for reading the inode blocks. If pass 1 finds duplicate
blocks it runs pass 1b to find all the inodes that contain these
duplicate blocks. Pass 1b also uses the `getnextinode()' to search
for the inodes with duplicate blocks. Pass 1b stops when all the
duplicate blocks have been found. If all the duplicate blocks are
found in the first block of inodes, then the getnextinode cache
holds this block of bad inodes. The subsequent cleanup of the inodes
in passes 2-5 is done using ginode() which uses the regular fsck_ffs
cache.

When fsck_ffs restarts, pass1() calls setinodebuf() to point at the
first block of inodes. When it calls getnextinode() to get inode
2, getnextino() sees that its private cache already has the first
set of inodes loaded and starts using them. They are of course the
trashed inodes left over from the previous run of pass1b().

The fix is to always invalidate the getnextinode cache when calling
setinodebuf().

Reported by:  Chuck Silvers
Tested by:    Chuck Silvers
MFC after:    3 days
Sponsored by: Netflix
2021-03-24 17:24:41 -07:00
Kirk McKusick
bc444e2ec6 Fix fsck_ffs Pass 1b error exit "bad inode number 2 to nextinode".
Pass 1b of fsck_ffs runs only when Pass 1 has found duplicate blocks.
When starting up, Pass 1b failed to properly skip over the two unused
inodes at the beginning of the filesystem resulting in the above error
message when it tried to read the filesystem root inode.

Reported by:  Chuck Silvers
Tested by:    Chuck Silvers
MFC after:    3 days
Sponsored by: Netflix
2021-03-24 16:53:28 -07:00
Bjoern A. Zeeb
5ba4c8de15 ifconfig: 80211, add line break after key info
Beauty correction for verbose mode or in case we print multiple key
information to not continue with the next options directly after
as we did so far, e.g.:
	AES-CCM 2:128-bit
	AES-CCM 3:128-bit powersavemode ...

Sponsored-by:	The FreeBSD Foundation
MFC-after:	2 weeks
Reviewed-by:	adrian
Differential Revision:	https://reviews.freebsd.org/D29393
2021-03-24 22:26:39 +00:00
Gleb Smirnoff
d76f6b8e73 pfilctl: improve formatting of "hooks" and "heads" command output.
In "heads" output just improve the header to describe all of the columns.
In "hooks" print filter name and hook name delimited with colon, so that
it matches "heads" output and also can be copy-and-pasted straight into
the command line for future "link" command.
2021-03-19 11:18:05 -07:00
Kyle Evans
f187d6dfbf base: remove if_wg(4) and associated utilities, manpage
After length decisions, we've decided that the if_wg(4) driver and
related work is not yet ready to live in the tree.  This driver has
larger security implications than many, and thus will be held to
more scrutiny than other drivers.

Please also see the related message sent to the freebsd-hackers@
and freebsd-arch@ lists by Kyle Evans <kevans@FreeBSD.org> on
2021/03/16, with the subject line "Removing WireGuard Support From Base"
for additional context.
2021-03-17 09:14:48 -05:00
Kyle Evans
74ae3f3e33 if_wg: import latest fixup work from the wireguard-freebsd project
This is the culmination of about a week of work from three developers to
fix a number of functional and security issues.  This patch consists of
work done by the following folks:

- Jason A. Donenfeld <Jason@zx2c4.com>
- Matt Dunwoodie <ncon@noconroy.net>
- Kyle Evans <kevans@FreeBSD.org>

Notable changes include:
- Packets are now correctly staged for processing once the handshake has
  completed, resulting in less packet loss in the interim.
- Various race conditions have been resolved, particularly w.r.t. socket
  and packet lifetime (panics)
- Various tests have been added to assure correct functionality and
  tooling conformance
- Many security issues have been addressed
- if_wg now maintains jail-friendly semantics: sockets are created in
  the interface's home vnet so that it can act as the sole network
  connection for a jail
- if_wg no longer fails to remove peer allowed-ips of 0.0.0.0/0
- if_wg now exports via ioctl a format that is future proof and
  complete.  It is additionally supported by the upstream
  wireguard-tools (which we plan to merge in to base soon)
- if_wg now conforms to the WireGuard protocol and is more closely
  aligned with security auditing guidelines

Note that the driver has been rebased away from using iflib.  iflib
poses a number of challenges for a cloned device trying to operate in a
vnet that are non-trivial to solve and adds complexity to the
implementation for little gain.

The crypto implementation that was previously added to the tree was a
super complex integration of what previously appeared in an old out of
tree Linux module, which has been reduced to crypto.c containing simple
boring reference implementations.  This is part of a near-to-mid term
goal to work with FreeBSD kernel crypto folks and take advantage of or
improve accelerated crypto already offered elsewhere.

There's additional test suite effort underway out-of-tree taking
advantage of the aforementioned jail-friendly semantics to test a number
of real-world topologies, based on netns.sh.

Also note that this is still a work in progress; work going further will
be much smaller in nature.

MFC after:	1 month (maybe)
2021-03-14 23:52:04 -05:00
Kirk McKusick
6385cabd5b Do not complain about incorrect cylinder group check-hashes when
asked to add them to a filesystem.

MFC after:    3 days
Sponsored by: Netflix
2021-03-11 22:46:15 -08:00
Kyle Evans
b3dac3913d ifconfig: allow displaying/setting persistent-keepalive
The kernel-side already accepted a persistent-keepalive-interval, so
just add a verb to ifconfig(8) for it and start exporting it so that
ifconfig(8) can view it.

PR:		253790
MFC after:	3 days
Discussed with:	decke
2021-03-09 05:16:42 -06:00
Kyle Evans
172a8241c9 ifconfig: wg: stop requiring peer endpoints
The way that wireguard is designed does not actually require all peers
to have endpoints. In an architecture that might mimic a traditional
VPN server <-> client, the wg interface on a server would have a number
of peers without set endpoints -- the expectation is that the "clients"
will connect to the "server" peer, which will authenticate the
connection as a known peer and learn the endpoint from there.

MFC after:	3 days
Discussed with:	decke, grehan (independently)
2021-03-09 05:16:42 -06:00
Mark Johnston
af06ff5553 dumpon.8: Ask DDB to call doadump() rather than calling it directly
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2021-03-08 12:39:05 -05:00
Eric van Gyzen
0424d9ebeb decryptcore: do not include sys/sysctl.h
It's not needed.  Removing it is a small improvement in portability.

Sponsored by:	Dell EMC Isilon
2021-03-07 17:29:03 -06:00
Eric van Gyzen
576313b983 dumpon: do not print errno for resolver failure
When the netdump host name fails to resolve, don't print errno, since
it's irrelevant.  We might as well use a different exit status, too.

Sponsored by:	Dell EMC Isilon
2021-03-07 17:23:04 -06:00
Kristof Provost
b4e3f3c2de pfctl: Add missing 'va' code point name
Add the 'va' (voice-admit, RFC5865) symbolic name.

Reviewed by:	rgrimes, gbe (man page)
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29069
2021-03-06 10:07:55 +01:00
Ryan Moeller
88832d59de sbin/ifconfig: Minor housekeeping
Coalesce adjacent lint ifdefs.
Fix spelling of nitems.

Reviewed by:	kp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D29022
2021-03-05 04:15:55 -05:00
Ryan Moeller
2803fa471e sbin/ifconfig: Get media status with libifconfig
Code deduplication.

Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D29030
2021-03-05 04:15:55 -05:00
Ed Maste
0dcde5cc12 growfs: allow operation on RW-mounted filesystems
growfs supports growing mounted filesystems (writes are temporarily
suspended while the grow happens).  Drop the check for fs_clean == 0
to restore this case.  Leave fs_flags check for FS_UNCLEAN or
FS_NEEDSFSCK which represent the state of the filesystem when it was
mounted, and fsck should be run first if they are set.

PR:		253754
Reviewed by:	mckusick
MFC after:	3 days
Fixes:		6eb925f845 ("Filesystem utilities that modify the...")
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29021
2021-03-03 18:35:21 -05:00
Kyle Evans
852f70b240 init: use explicit_bzero() for clearing passwords
This is a nop in practice, because it cannot be proven that this
particular bzero() is not significant.  Make it explicit anyways, rather
than relying on an implementation detail of how the password is
collected.

Discussed with:	Andrew Gierth <andrew tao146 riddles org uk>
2021-03-02 21:55:41 -06:00
Ryan Moeller
8b22242550 sbin/ifconfig: Use a global libifconfig handle
This should eventually replace the socket passed to the various
handlers. In the meantime, making it global avoids repeatedly opening
and closing handles.

Reported by:	kp
Reviewed by:	kp (earlier version)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D28990
2021-03-02 21:15:40 -05:00
Alan Somers
d977417d74 [skip ci] fix a typo in a comment in mdconfig.c
Sponsored by:	Axcient
Reviewed by:    mav, imp
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D28968
2021-03-02 18:33:45 -07:00
Ryan Moeller
64bacab177 sbin/ifconfig: Get groups with libifconfig
Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D28965
2021-02-28 15:38:50 -05:00
Ryan Moeller
6f497e47e9 sbin/ifconfig: Get bridge status with libifconfig
Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D28954
2021-02-28 15:29:23 -05:00
Ryan Moeller
9995455218 sbin/ifconfig: Drop local name var in sfp_status
There is already a globally defined name variable.

MFC after:	1 week
2021-02-27 21:20:38 -05:00
Ryan Moeller
a0ebb91504 sbin/ifconfig: Get lagg status with libifconfig
Also trimmed an unused block of code that never prints out LAGG_PROTOS.
Reviewed by:	kp (earlier version)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D28961
2021-02-27 21:20:38 -05:00
Ryan Moeller
da393346ac sbin/ifconfig: Get carp status with libifconfig
A trivial change now that ifconfig is already using libifconfig.
Reviewed by:	kp (earlier version)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D28955
2021-02-27 21:20:38 -05:00
Edward Tomasz Napierala
22267215d6 camcontrol(8): remove unnecessary CCB zeroing
After 3e404b8c53, cam_getccb(3) clears the returned CCB, making
a number of calls to CCB_CLEAR_ALL_EXCEPT_HDR(3) unnecessary.

Reviewed By:	imp
Sponsored by:	NetApp, Inc.
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D27812
2021-02-25 18:45:21 +00:00
Edward Tomasz Napierala
f848d08e45 camcontrol: stop pretending cam_cmd is a bitmask
Cleanup only, no functional changes.

Reviewed By:	imp
Sponsored By:	NetApp, Inc.
Sponsored By:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D27813
2021-02-25 18:40:07 +00:00
Andrey V. Elsukov
13ad237a19 ipfw: make algo name argument optional for some table types
Most of table types currently supported by ipfw have only one
algorithm implementation. When user creates such tables, allow
to omit algo name in arguments. E.g. now it is possible:
	ipfw table T1 create type number
	ipfw table T2 create type iface
	ipfw table T3 create type flow

PR:		233072
MFC after:	1 week
Sponsored by:	Yandex LLC
2021-02-25 16:57:47 +03:00
Warner Losh
6b7580f7b1 camcontrol: change hueristic for I/O-less devtype
Some SATA drives have 'config' set to 0 in the identify block. Rather than rely
on it, use the strings windows uses to display the drive since they are supposed
to be space padded and will always be non-zero.
2021-02-23 12:56:15 -07:00
Konstantin Belousov
d485c77f20 Remove #define _KERNEL hacks from libprocstat
Make sys/buf.h, sys/pipe.h, sys/fs/devfs/devfs*.h headers usable in
userspace, assuming that the consumer has an idea what it is for.
Unhide more material from sys/mount.h and sys/ufs/ufs/inode.h,
sys/ufs/ufs/ufsmount.h for consumption of userspace tools, with the
same caveat.

Remove unacceptable hack from usr.sbin/makefs which relied on sys/buf.h
being unusable in userspace, where it override struct buf with its own
definition.  Instead, provide struct m_buf and struct m_vnode and adapt
code to use local variants.

Reviewed by:	mckusick
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D28679
2021-02-21 11:38:21 +02:00
Michael Chiu
be2003ccfa ifconfig: fix incorrect wg allowed-ips netmask
Currently when peer information is displayed with `ifconfig wgN peer ..`
or `ifconfig wgN peer-list`, the netmask of the first `allowed-ips` will
be used as the netmask of all CIDR in `allowed-ips`.  For example, if
the list is `192.168.1.0/24, 172.16.0.0/16`, it will display as
`192.168.1.0/24, 172.16.0.0/24`. While this does not affect the actual
functionality, it is very confusing.

Submitted by:   Michael Chiu <nyan -at- myuji.xyz>
Reviewed by:	grehan
Differential Revision: https://reviews.freebsd.org/D28655
MFC after:	1 day
2021-02-15 02:39:05 +00:00
Alan Somers
f540cb27a2 mount_nullfs: rename a local variable
The "source" variable was introduced in r26072, probably as the
traditional counterpart to "target".  But the "source"/"target" names
suggest the opposite of their actual meaning.  With ln, for example, the
source is the real file and the target is the newly created link.  In
mount_nullfs the meaning is the opposite: the target is the existing
file system and the source is the newly created mountpoint.  Better to
use "target"/"mountpoint" terminology, which matches the man page.

MFC after:	6 weeks
Sponsored by:	Axcient
2021-02-12 11:30:52 -07:00
Daniel Ebdrup Jensen
2a7d4d9545 kldload(8): Improve phrasing
Mountroot isn't documented in the extant manual pages - so this
phrasing, while less absolute and concise, still conveys which
modules are recommended to be handled via loader.conf(5), and it also
does a better job of elucidating that the modules can include filesystem
drivers.

Submitted by:	kevans (earlier version)
Reported by:	imp, kevans, eugen
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D28542
2021-02-11 06:03:53 +01:00
Alexander V. Chernikov
924d1c9a05 Revert "SO_RERROR indicates that receive buffer overflows should be handled as errors."
Wrong version of the change was pushed inadvertenly.

This reverts commit 4a01b854ca.
2021-02-08 22:32:32 +00:00
Alexander V. Chernikov
4a01b854ca SO_RERROR indicates that receive buffer overflows should be handled as errors.
Historically receive buffer overflows have been ignored and programs
could not tell if they missed messages or messages had been truncated
because of overflows. Since programs historically do not expect to get
receive overflow errors, this behavior is not the default.

This is really really important for programs that use route(4) to keep in sync
with the system. If we loose a message then we need to reload the full system
state, otherwise the behaviour from that point is undefined and can lead
to chasing bogus bug reports.
2021-02-08 21:42:20 +00:00
Daniel Ebdrup Jensen
866c8b8d5d kldload(8): Add note about using kld_list in rc.conf(5)
While here, also recommend that loader.conf(5) should only be used in
order to get to mountroot, as rc(8) is less fragile, faster, and is
easier to fix by booting to single-user mode instead of having to
blacklist modules in the loader.

MFH:		2 weeks
2021-02-08 07:57:36 +01:00
Alex Richardson
58de61b996 sbin/pfctl: fix tests after recent output changes
The output now contains http-alt instead of 8080 and personal-agent
instead of 5555.
This was probably caused by 228e2087a3.

Reviewed By:	kp
Differential Revision: https://reviews.freebsd.org/D28481
2021-02-04 17:56:26 +00:00
Alex Richardson
d6f4e1a897 sbin/bectl: Skip tests if sparse files are not supported
The tests create a 1GB test file and this causes the tests to fail in the
CheriBSD CI setup where we run tests with a tmpfs mount on /tmp. Tmpfs
does not support sparse files and it appears that tmpfs default to creating
a 1GB mount, so there is not enough space to run these tests.

Instead of checking for at least 1GB of free space, this commit skips the
tests on file systems that do not support sparse files.

Reviewed By:	kevans
Differential Revision: https://reviews.freebsd.org/D28463
2021-02-03 09:31:32 +00:00
Neel Chauhan
a08cdb6cfb Allow setting alias port ranges in libalias and ipfw. This will allow a system
to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user,
subnet) can have their own dedicated port aliasing ranges.

Reviewed by:		donner, kp
Approved by:		0mp (mentor), donner, kp
Differential Revision:	https://reviews.freebsd.org/D23450
2021-02-02 13:24:17 -08:00
Poul-Henning Kamp
d21ce74dcc Register the bad read before bailing on terminal errors.
This way running recoverdisk in a loop will not get stuck on a bad
block which causes the disk or SD card detach.
2021-02-02 12:01:38 +00:00
Evgeniy Khramtsov
682c31db4e ipfw(8) crashes when ext6hdr option is omitted
Verify that the option is passed, error out if it's not.
The problem can be trivially triggered with `ipfw add allow ext6hdr`.

PR:		253169
Reviewed by:	kp@
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D28447
2021-02-01 21:25:11 +01:00
Gleb Smirnoff
3f43ada98c Catch up with 6edfd179c8: mechanically rename IFCAP_NOMAP to IFCAP_MEXTPG.
Originally IFCAP_NOMAP meant that the mbuf has external storage pointer
that points to unmapped address.  Then, this was extended to array of
such pointers.  Then, such mbufs were augmented with header/trailer.
Basically, extended mbufs are extended, and set of features is subject
to change.  The new name should be generic enough to avoid further
renaming.
2021-01-29 11:46:24 -08:00
Ryan Moeller
65efb73fbd sbin/sysctl: Fix CTLFLAG_SKIP for adjacent nodes
The OID is saved when we encounter CTLFLAG_SKIP so that descendants can
be skipped as well. We then must not update the skip OID until we are
out of the node. This was achieved by resetting the skip OID once the
prefix no longer matches, but the case where the OID we reset on has
CTLFLAG_SKIP was not accounted for.

Reported by:	mav
Reviewed by:	mav
MFC after:	2 days
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D28364
2021-01-27 14:27:46 -05:00
Kirk McKusick
8c22cf9b09 Fix fsck_ffs incorrectly reporting "CANNOT READ BLK: NNNN" errors.
A long-standing bug in Pass 1 of fsck_ffs in which it is reading in
blocks of inodes to check their block pointers. It failed to round
up the size of the read to a disk block size. When disks would
accept 512-byte aligned reads, the bug rarely manifested itself.
But many recent disks will no longer accept 512-byte aligned reads
but require 4096-byte aligned reads, so the failure to properly
round-up read sizes to multiples of 4096 bytes makes the error
much more likely to occur.

Reported by:  Peter Holm and others
Tested by:    Peter Holm and Rozhuk Ivan
MFC after:    3 days
Sponsored by: Netflix
2021-01-26 11:46:38 -08:00
Kristof Provost
dcd1e41f0c pfctl: FreeBSD now supports DIOCGIFSPEED
There's no need for a special case here to work around the lack of
DIOCGIFSPEED. That was introduced in FreeBSD in
c1aedfcbd9.

Reported by:	jmg@
Reviewed by:	donner@
Differential Revision:	https://reviews.freebsd.org/D28305
2021-01-25 19:58:22 +01:00
Alex Richardson
94ac312a71 ifconfig: fix UBSan signed shift error
Use 1u since UBSan complains about 1 << 31.
2021-01-25 15:09:50 +00:00
Kyle Evans
123ae3045d build: remove LIBPTHREAD/LIBTHR build options
WITHOUT_LIBTHR has been broken for a little over five years now, since the
xz 5.2.0 update introduced a hard liblzma dependency on libthr, and building
a useful system without threading support is becoming increasingly more
difficult.

Additionally, in the five plus years that it's been broken more reverse
dependencies have cropped up in libzstd, libsqlite3, and libcrypto (among
others) that make it more and more difficult to reconcile the effort needed
to fix these options.

Remove the broken options.

PR:		252760
Reviewed by:	brooks, emaste, kib
Differential Revision:	https://reviews.freebsd.org/D28263
2021-01-22 12:33:27 -06:00
Allan Jude
b84d0aaa4e ifconfig: add vlanproto "qiniq" as an alias for "802.1ad"
QinQ is better known by this name, so accept it as an alias

Reported-by:	Mike Geiger
Reviewed-by:	melifaro, hselasky, rpokala
MFC-with:	366917
Sponsored-by:	Klara Inc.
Differential-Revision:	https://reviews.freebsd.org/D28245
2021-01-20 15:50:45 +00:00
Rick Macklem
448de00de5 mount_nfs: update man page description for oneopenown
A recent email discussion indicated that a large
accumulation of NFSv4 Opens was occurring on
a mount. This appears to have been caused by a
shared library within the mount being used by
several processes, such that there is always at
least one of these processes running.
A new Open was created by each process and
were not closed, since all the Opens were never
closed. This is alleviated by using the
"oneopenown" mount option.

This man page update attempts to indicate the
use of "oneopenown" for this case.

This is a content change.

Reported by:	j.david.lists@gmail.com
Reviewed by:	0mp
MFC:	1 month
Differential Revision:	https://reviews.freebsd.org/D28215
2021-01-17 19:00:41 -08:00
Alexander V. Chernikov
d28210b2c2 Remove remnants of classful behavior in route(8).
Curently route(8) treats some addresses as network addresses:

 RTA_DST: inet 10.0.0.0; RTA_NETMASK: inet 255.0.0.0; RTA_IFP: link ;
 RTM_GET: Report Metrics: len 240, pid: 0, seq 1, errno 0, flags:<UP,GATEWAY,STATIC>
 locks:  inits:
 sockaddrs: <DST,NETMASK,IFP>
   10.0.0.0 255.0.0.0 link#0

Note added `RTA_NETMASK` in the request.

Host address from the same network is ok:

route -nv get 10.0.0.1
 RTA_DST: inet 10.0.0.1
 RTA_IFP: link
 RTM_GET: Report Metrics: len 224, pid: 0, seq 1, errno 0, flags:<UP,GATEWAY,HOST,STATIC>
...
   route to: 10.0.0.1
destination: 10.0.0.0
       mask: 255.255.255.0

This change eliminates network auto-guessing part AND reading network from /etc/networks.

Reviewed By: rgrimes

Differential Revision: https://reviews.freebsd.org/D24401
2021-01-16 23:45:30 +00:00
Kyle Evans
6dd869c22b bectl: remove spurious aok variable
This rode in with the OpenZFS import. It may have been necessary at some
point, but it is no longer and it breaks the WITHOUT_DYNAMICROOT build as
it collides with the definition in libspl.

Reported-by:	Michael Dexter
2021-01-16 00:07:50 -06:00
Kyle Evans
de661c9f86 bectl: tests: use -R <mount> instead of specifying altroot
-R is currently shorthand for cachefile=none, altroot=<mount>.  This is
functionally the same, but perhaps more resilient to future changes that
could be necessary that may be added when -R is specified.

MFC after:	 1 week
2021-01-16 00:07:50 -06:00
Charlie Root
292808246d ICMP checksum test: Fix for big endian
The in_cksum tests originally tried to simulate a BE environment by
swapping the byte order of the input.  But that's overcomplicated, and
didn't actually work on real BE hardware.  The correct testing strategy
is just to test on the native endianness, and run the tests in both BE
and LE environments.

Submitted by:		Renato Riolino <renato.riolino@eldorado.org.br>
Reviewed By:		asomers
MFC after:		2 weeks
Differential Revision:	https://reviews.freebsd.org/D23193
2021-01-11 19:03:46 -07:00
Kristof Provost
0c156a3c32 pfctl: Another set skip <group> fix
When retrieving the list of group members we cannot simply use
ifa_lookup(), because it expects the interface to have an IP (v4 or v6)
address. This means that interfaces with no address are not found.
This presents as interfacing being alternately marked as skip and not
whenever the rules are re-loaded.

Happily we only need to fix ifa_grouplookup(). Teach it to also accept
AF_LINK (i.e. interface) node_hosts.

PR:     	250994
MFC after:	3 days
2021-01-11 22:30:44 +01:00
Dimitry Andric
a82f07fc2e Fix 32-bit build post 6733401935
The general style in sbin/nvmecontrol apppears to print uint64_t types
using %j, so I'm using that instead of the more general (but admittedly
ugly) PRIu64.
2021-01-08 23:38:30 +01:00
Cy Schubert
c6951fac78 Fix 32-bit build post 5cc52631b3. 2021-01-08 11:28:30 -08:00
Chuck Tuffli
6733401935 nvmecontrol: add device self-test op and log page
Add decoding of the Device Self-test log page and the ability to start
or abort a test.

Reviewed by:	imp, mav
Tested by:	Muhammad Ahmad <muhammad.ahmad@seagate.com>
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D27517
2021-01-08 09:27:56 -08:00
Kirk McKusick
5cc52631b3 Rewrite the disk I/O management system in fsck_ffs(8). Other than
making fsck_ffs(8) run faster, there should be no functional change.

The original fsck_ffs(8) had its own disk I/O management system.
When gjournal(8) was added to FreeBSD 7, code was added to fsck_ffs(8)
to do the necessary gjournal rollback. Rather than use the existing
fsck_ffs(8) disk I/O system, it wrote its own from scratch. Similarly
when journalled soft updates were added in FreeBSD 9, code was added
to fsck_ffs(8) to do the necessary journal rollback. And once again,
rather than using either of the existing fsck_ffs(8) disk I/O
systems, it wrote its own from scratch. Lastly the fsdb(8) utility
uses the fsck_ffs(8) disk I/O management system. In preparation for
making the changes necessary to enable snapshots to be taken when
using journalled soft updates, it was necessary to have a single
disk I/O system used by all the various subsystems in fsck_ffs(8).

This commit merges the functionality required by all the different
subsystems into a single disk I/O system that supports all of their
needs. In so doing it picks up optimizations from each of them
with the results that each of the subsystems does fewer reads and
writes than it did with its own customized I/O system. It also
greatly simplifies making changes to fsck_ffs(8) since everything
goes through a single place. For example the ginode() function
fetches an inode from the disk. When inode check hashes were added,
they previously had to be checked in the code implementing inode
fetch in each of the three different disk I/O systems. Now they
need only be checked in ginode().

Tested by:    Peter Holm
Sponsored by: Netflix
2021-01-07 15:03:15 -08:00
Mateusz Piotrowski
74bd207697 Reference newfs_msdos(8) from the newfs(8) manual
PR:		252484
Reported by:	Graham Perrin <grahamperrin@gmail.com>
MFC after:	3 days
2021-01-07 10:24:07 +01:00
Kirk McKusick
c8a7a3ffe1 Fix bug in expanding lost+found direct blocks.
Reported by:  Peter Holm
Sponsored by: Netflix
2021-01-06 16:35:01 -08:00
Robert Wing
b1ea63e2e3 bectl(8): sync man page and help text
Sync man page with behavior of bectl(8).

Sync help text with man page.

PR:             246697
Reported by:	olgeni
Submitted by:   olgeni (with changes)
Reviewed by:    kevans, olgeni
Approved by:    kevans (mentor)
MFC after:      1 week
Differential Revision:	https://reviews.freebsd.org/D27482
2021-01-06 10:38:25 -09:00
Kristof Provost
fda7daf063 pfctl: Stop sharing pf_ruleset.c with the kernel
Now that we've split up the datastructures used by the kernel and
userspace there's essentually no more overlap between the pf_ruleset.c
code used by userspace and kernelspace.

Copy the userspace bits to the pfctl directory and stop using the kernel
file.

Reviewed by:	philip
MFC after:	2 weeks
Sponsored by:	Orange Business Services
Differential Revision:	https://reviews.freebsd.org/D27764
2021-01-05 23:35:37 +01:00
Emmanuel Vadot
2d486ba15f pkgbase: Move bectl to the runtime package
runtime contain what is needed to boot in single user and repair a
system, bectl could be handy to have in this situation.

Differential Revision:	https://reviews.freebsd.org/D27708
2021-01-04 16:17:12 +01:00
Xin LI
fd340a1222 sbin/camcontrol: use calloc/strlcpy where appropriate.
MFC after:	2 weeks
2021-01-03 22:52:28 -08:00
Kirk McKusick
997f81af43 The fsck_ffs program had previously only been able to expand the size
of its lost+found directory by allocating direct block pointers. The
effect was that it was limited to about 19,000 files. One of Peter Holm's
tests produced a filesystem with about 23,000 lost files which meant
that fsck_ffs was unable to recover it. This update allows lost+found
to be expanded into a single indirect block which allows it to store
up to about 6,573,000 lost files.

Reported by:  Peter Holm
Sponsored by: Netflix
2021-01-02 22:31:55 -08:00
Alan Somers
b586c66baf ping: fix ping when the kernel was built without INET6
If the kernel was built without INET6, default to ICMP.  Or, if it was
built without INET, default to ICMPv6.

PR:		251725
Reported by:	jbeich
Reviewed by:	jbeich
Tested by:	jbeich
MFC with:	368045
2021-01-01 10:25:49 -07:00