gramatical tweaks along w/ sorting the list, and adding that serial is
available for USB....
PR: 85097
Submitted by: Fredrik Lindberg
MFC after: 1 week
read requests to its consumer. It has been developed to address
the problem of a horrible read performance of a 64k blocksize FS
residing on a RAID3 array with 8 data components, where a single
disk component would only get 8k read requests, thus effectively
killing disk performance under high load. Documentation will be
provided later. I'd like to thank Vsevolod Lobko for his bright
ideas, and Pawel Jakub Dawidek for helping me fix the nasty bug.
address, to avoid confusing the users that a full address is
always required.
Submitted by: Josh Paetzel <josh@tcbug.org> (through freebsd-doc)
MFC after: 3 days
partition size. On 32-bit platforms sizeof(long) < sizeof(off_t)
and using strtol(3) would prevent partitions larger than 4G
sectors or beyond 4G blocks.
PR: bin/103991
MFC after: 3 days
- Print proper error message when argument is specified twice.
Before the change it was detected properly, because of how
G_OPT_DONE() macro worked.
- Use err(3) functions where appropriate.
- Add some assertions.
- Bump version number, because G_TYPE_BOOL addition breaks API and ABI.
Changes: 98721,98722,98723,101360,106985
With the first part of my previous Summer of Code work, we get:
-made libalias modular:
-support for 'particular' protocols (like ftp/irc/etcetc) is no more
hardcoded inside libalias, but it's available through external
modules loadable at runtime
-modules are available both in kernel (/boot/kernel/alias_*.ko) and
user land (/lib/libalias_*)
-protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
skinny and smedia
-added logging support for kernel side
-cleanup
After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.
During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.
User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.
The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).
General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.
NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.
Approved by: glebius
Reviewed by: glebius, ru
length != BPF_WORDALIGN(length)
This meeans that it is possible for this to be true:
interface->rbuf_offset > interface->rbuf_len
Handle this case in the test for running out of packets. While
OpenBSD's solution of setting interface->rbuf_len to
BPF_WORDALIGN(length) is safe due to the size of the buffer, I think
this solution results in less hidden assumptions.
This should fix the problem of dhclient running away and consuming 100%
CPU.
PR: bin/102226
Submitted by: Joost Bekkers <joost at jodocus.org>
MFC after: 3 days
- after killing all attached providers, all providers are then detached
and operation is repeated for those who were attached,
- we don't want to remove keys for read-only attached providers, we only
want to detach them.
MFC after: 1 week
otherwise this command
ipfw add allow ipv6-icmp from any to 2002::1 icmp6types 1,2,128,129
turns into icmp6types 1,2,32,33,34,...94,95,128,129
PR: 102422 (part 1)
Submitted by: Andrey V. Elsukov <bu7cher at yandex.ru>
MFC after: 5 days
'ifconfig em0 tso' and 'ifconfig em0 -tso'. TSO for IPv4 and IPv6 is always
enabled or disabled together. The driver may enable only one if it doesn't
support both.
Document 'tso' and '-tso' in the ifconfig(8) man pages.
Sponsored by: TCP/IP Optimization Fundraise 2005
the BUGS section of the alloca(3) manpage. In particular, when
the number of TCP sockets is several tens of thousand, trying to
"sysctl -a" would SIGSEGV on the net.inet.tcp.pcblist entry (it
would exceed the stacksize ulimit, in an undetectable manner).
Reported by: Igor Sysoev
o Restore owner/group/mode/atime/mtime of symbolic links, rev. 1.30.
o Extract file flags of symbolic link, rev. 1.42.
o Call getfile() before altering file attributes.
Open file with mode 0600 instead of 0666 so that file won't remain
group or world readable/writable even if getfile() terminated.
Move skipfile() before altering file attributes in IF{CHR,BLK} and
IFIFO case for symmetry, rev. 1.32.
o Use file mode 0600 when creating special file or fifo, revs. 1.33, 1.34.
o Remove redundant -N check.
PR: bin/101660
Submitted by: Andrey V. Elsukov
Obtained from: NetBSD, enami@netbsd
MFC after: 6 weeks
REPORT LUNS command to a device.
camcontrol.[c8]: Implement reportluns. This tries to print the LUNs
out in a reasonable format. Only the periph
addressing method has been tested, since very little
hardware that I know of supports the other methods.
scsi_all.[ch]: Revamp the report luns CDB structure and helper
functions. This constitutes a little bit of an API
change, but since the old CDB length was 10 bytes,
and the REPORT LUNS CDB length is actually 12 bytes,
it's clear that no one was using this API in the
first place.
MFC After: 1 week
having trouble with the "me6" keyword. Also, we were using inet_pton on
the wrong variable in one place.
Reviewed by: mlaier (previous version of patch)
Obtained from: Sascha Blank (inet_pton change)
MFC after: 1 week
for example:
fwd tablearg ip from any to table(1)
where table 1 has entries of the form:
1.1.1.0/24 10.2.3.4
208.23.2.0/24 router2
This allows trivial implementation of a secondary routing table implemented
in the firewall layer.
I expect more work (under discussion with Glebius) to follow this to clean
up some of the messy parts of ipfw related to tables.
Reviewed by: Glebius
MFC after: 1 month
despite the interface link status.
Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface). These can be used to give
interface specific flags to dhclient.
Reviewed by: brooks@
buildworld breakage.
Exclude loglevel.c from the build. It does not appear to be used by
anything in the tree and buildworld succeeds just fine without it.
unlinked as soon as the dump starts (and removed when the dump is
completed, and the dump process exits). Previous wording was confusing
because users might expect the snapshot to be visible in the .snap
subdirectory while dump is running.
MFC after: 1 week
output to setproctitle(3) in order to get rid of the ugly two-character
escape sequence "\n" in the ps(1) output of a dump(8) process:
<< [...] finished in 0:00 at Sat Aug 5 14:44:39 2006\n (dump)
>> [...] finished in 0:00 at Sat Aug 5 14:44:39 2006 (dump)
init(8), to avoid losing a race to them and dying before being able
to call reboot(2).
PR: bin/64664
Submitted by: maxim
Obtained from: NetBSD
MFC after: 30 days
code independent of the macro. This utility is just omitted
from the build as a whole by ../Makefile if MK_INET6 is set to false.
Pointed out by: ume
Tested with: cmp(1)
not be mounted unless the -l flag was specified.
Add an rc script, mountlate, which basically runs 'mount -a -l'. It runs
after DAEMON but before LOGIN.
This is useful for things like loopback mounts, because mountcritremote
runs before mountd / nfsd (since /usr might be a remote file system), so
an attempt to mount a loopback network file system in mountcritremote will
fail.
Also add a progress message to mountcritlocal, for the sake of symmetry
with similar messages in mountcritremote and mountlate.
Reviewed by: freebsd-rc
MFC after: 3 weeks
mechanism
o change vlan cloning to use callback and pass all vlan parameters
on create using the new SIOCREATE2 ioctl
o update vlan set logic to match existing practice
with NACK if I don't set it. Setting 'option dhcp-client-identifier' is
alternative but it is inconvenient because I have to keep the list of
all MAC addresses. As bin/94743 pointed out, it is always sent from
Windows clients and I found Mac OS X does the same.
OK'd by: brooks
order to - for example - apply firewall rules to a whole group of
interfaces. This is required for importing pf from OpenBSD 3.9
Obtained from: OpenBSD (with changes)
Discussed on: -net (back in April)
sector size, instead of later failing with an error about /boot/mbr
not being a multiple of the sector size (since we end up with an
assumed sector size of MAX_SEC_SIZE * 2).
- We query the sector size via an IOCTL anyway, so if that succeeds
use that instead of probing for it via read(2) calls. This fixes
the problem with fdisk failing to operate on at least graid3 and
md(4) devices on kernels with src/sys/geom/geom_dev.c before
rev. 1.90, due to fdisk failing to detect the sector size.
- When detecting the root device allow "/" characters in it, which
happens with e.g. gmirror devices.
Reviewed by: cperciva
MFC after: 1 week
- 'tag' & 'untag' action parameters.
- 'tagged' & 'limit' rule options.
Rule examples:
pipe 1 tag tablearg ip from table(1) to any
allow ip from any to table(2) tagged tablearg
allow tcp from table(3) to any 25 setup limit src-addr tablearg
sbin/ipfw/ipfw2.c:
1) new macros
GET_UINT_ARG - support of 'tablearg' keyword, argument range checking.
PRINT_UINT_ARG - support of 'tablearg' keyword.
2) strtoport(): do not silently truncate/accept invalid port list expressions
like: '1,2-abc' or '1,2-3-4' or '1,2-3x4'. style(9) cleanup.
Approved by: glebius (mentor)
MFC after: 1 month
keeping a flag to check whether we actually wanted to mount the filesystem
readonly, setup the options list so that we start off by assuming rw is what's
desired and let later flags change that.
to the init. This prevents zombies from being accumulated.
PR: bin/64198
Tested by: Eugene Grosbein <eugen at www svzserv kemerovo su>
Approved by: kan (mentor)
MFC after: 1 month
Now, encryption algorithm is given using '-e' option, not '-a'.
The '-a' option is now used to specify authentication algorithm.
Supported by: Wheel Sp. z o.o. (http://www.wheel.pl)
- remove call to getmntopts(), and just pass -o options to
nmount(). This removes some confusion as to what options
msdosfs can parse, by pushing the responsibility of option parsing
to the VFS and FS specific code in the kernel.
msdosfs_vfsops.c:
- add "force" and "sync" to msdosfs_opts. They used to be specified
in mount_msdosfs.c, so move them here. It's not clear whethere these
options should be placed into global_opts in vfs_mount.c or not.
Motivated by: marcus
Since tags are kept while packet resides in kernelspace, it's possible to
use other kernel facilities (like netgraph nodes) for altering those tags.
Submitted by: Andrey Elsukov <bu7cher at yandex dot ru>
Submitted by: Vadim Goncharov <vadimnuclight at tpu dot ru>
Approved by: glebius (mentor)
Idea from: OpenBSD PF
MFC after: 1 month
It is no longer needed, because "mount -t reiserfs" calls nmount(2)
directly to mount a ReiserFS file system without the use of
this external mount program.
Approved by: dumbbell
option if none is given in the config file. Also add #ifdefd out
support for sending a client ID based on our MAC address.
PR: bin/94743, bin/76401
Submitted by: Frank Behrens <frank at pinky dot sax dot de>
X-MFC after: 6.1-RELEASE
o Introduce -r and -w keys which allow to load and save a worklist.
o Replace README by man page.
PR: bin/96677
Submitted by: Ulrich Spoerlein
Approved by: phk
MFC after: 1 month
arguments so we do not coredump at "help foo", "back bar" and such.
o Be consistent and print argc - 1 as a command arguments number in
all cases.
PR: bin/37096
Submitted by: Joshua Goodall
MFC after: 1 month
Reset it to 1 for each devd config file so if the parser finds
a syntax error devd(8) will report a correct line number.
Submitted by: Niki Denev
MFC after: 2 weeks
to match the number of inodes on the disk. If we find a directory
entry with a crazy inode number in it, don't look beyond the end
of the bitmap to find that inode's state. Instead skip that directory
entry and print a warning.
Reviewed by: iedowse
MFC after: 3 weeks
wait time for a packet. This allows to:
- Count number of packets received before and after specified
time.
- Shorten time of execution of 'ping -c 1' scripts.
Submitted by: Lytochkin Boris <lytboris gmail.com>
device number at creation time with -u option. Together with XMLizing
mdconfig(8), I broke this functionality.
This change is temporary. Complete fix will be commited soon.
Approved by: cognet (mentor)
a problem with listing large number of md(4) devices. Either 'list' or
'query' mode uses XML.
Additionally, new functionality was introduced. It's possible to pass
multiple devices to -u:
# ./mdconfig -l -u md0,md1
Approved by: cognet (mentor)
- <netipx> headers [1]
- IPX library (libipx)
- IPX support in ifconfig(8)
- IPXrouted(8)
- new MK_NCP option
New MK_NCP build option controls:
- <netncp> and <fs/nwfs> headers
- NCP library (libncp)
- ncplist(1) and ncplogin(1)
- mount_nwfs(8)
- ncp and nwfs kernel modules
User knobs: WITHOUT_IPX, WITHOUT_IPX_SUPPORT, WITHOUT_NCP.
[1] <netsmb/netbios.h> unconditionally uses <netipx> headers
so they are still installed. This needs to be dealt with.
as both have been read from the command line. Still use the callback,
but this time only to verify that both vlan and vlandev have been
found on the command line.
This should allow for control over the relative order of processing
parameters, which is needed to satisfy some caveats of the if_vlan
driver. E.g., MTU cannot be changed on a vlan interface until it's
attached to its parent.
PR: bin/94028
Reviewed by: ru
MFC after: 3 days
As discussed on -current, there is no sensitive info in /sbin/init
to prevent reading it from non-privileged users, nor any reason to
remove the 'x' bit as the first thing the program does is check the
uid and exit if it is not run by root.
Instead (and this is why i make the change), mode 500 prevents
operation when exporting the partition without -maproot=0 to diskless
clients.
All previuos releases are affected by the same problem, so a merge
to RELENG_6 at least would be appropriate (after proper re@ approval
of course).
o multiple modules can be unloaded at once (specified either by id or be
module name)
o exit with EX_USAGE after usage() is called.
o remove unused variables, since we keep command line flags as bitmask,
in 'opt'.
o 'kldload -n ...' does nothing. Add comment to this options.
Additionally:
o Update manual page to conform new functionality.
o Increace WARNS to 6. Because we can.
Approved by: cognet (mentor)
MFC after: 1 week
in the buffer. This isn't exactly the patch that Stephen submitted, but
is based on one of his suggestions.
PR: 93841
Submitted by: Stephen Montgomery-Smith <stephen@math.missouri.edu>
MFC after: 2 weeks
o Also, fdisk_pc98 appears to support -i, so add it to the man page.
o Ditto -v
o Change the name from PC partition table maintenance program to NEC PC-98x1
partition table maintenance program, since it is possible to have a DOS MBR
formatted disk on FreeBSD/pc98 now (although we don't install any tools for
this).
o Merge the -I switch from i386 verison to initialize the partition table
to use the maximum amount possible for a single FreeBSD table.
o Improve warning when the geom method fails (which I think it
always will until geom_pc98 is updated to respond to this ctl message)
o when writing out the boot sector, we have to write out a minimum of
1024 bytes or the sector size. This is different than the i386 case where
we need to write out a minimum of 512 bytes (which is also the minimum
sector size). We already handle this difference on reading, but didn't
in writing, so attempting to write a new partition table would fail.
o Add MID to the -s output, since pc98 users are likely interested in
both of these parameters.
# I can now initialize disks on my pc98 machine either by -I or by
# manually entering the parameters. I don't know if fdisk -B works or not,
# since I'm not willing to risk my only working boot disk to test it..
additional -r (read-only) flag or or -w (read-write) flag,
then assume we want, mount -u -w.
When doing a mount update, this will implicitly pass a "noro" mount
option down to the VFS layer.
vfs_mergeopts() in vfs_mount.c will then remove the "ro" mount option
if it exists in the mount options for a mounted file system.
This means that "mount -u" works the same as "mount -u -w"
and will convert a read-only mount to read-write.
- mount(8) now calls the nmount(2) system call directly, not mount(2)
- specifying a filesystem type with -t will not automatically
invoke an external /sbin/mount_XXXX program....this only happens for
certain file system types. For all other file system types, nmount(2)
is called directly.
doesn't exist or add one that is already present, if the -q flag
is set. Useful for "ipfw -q /dev/stdin" when the command above is
invoked from something like python or TCL to feed commands
down the throat of ipfw.
MFC in: 1 week
supported for a moment.
- Don't allow to use -i when no passphrase is given. Now if iterations is
equal to -1 (not set), we know that we should not ask for the passphrase
on boot.
It still doesn't handle situation when one key is protected with
passphrase and the other is not. There is no quick fix for this.
The complete solution will be to make number of iterations a per-key
value. Because this need metadata format change and is only needed for
devices attached on boot, I'll leave it as it is for now.
MFC after: 3 days
makes it practical to use GBDE for "something you have plus something
you know" security together with a USB flash drive.
Reviewed by: phk
MFC after: 7 days
Presently, ifconfig callbacks are used for L2 configuration, media
and vlan, so actions associated with address assignment, like sending
out a gratuitous ARP, should go when L2 is running already.
This also should fix the problem with setting up vlan interfaces
from rc.conf, when both IP and vlan+vlandev parameters are passed
to ifconfig at once.
Future work: Consider introducing several ifconfig callback lists
to invoke callbacks orderly.
MFC after: 1 week
/tmp may not be writeable yet when dhclient is first run via
/etc/rc.d/netif so using it may not work. Also, writing to a
predictable file in /tmp as root is a really bad idea since a malicious
user may be able to win a race and insert a symlink which will allow
them to cause any file to be overwritten. To solve these problems,
create the tempory file in /var/run which will exist this early and is
writable only by root.
Security: Local risk if users can cause dhclient to run on demand
(such as by unplugging and replugging the network cable).
system is mounted. This prevevents duplicated mounts.
The change I made against the original patch is to fall back to the given
path on realpath(2) failure instead of exiting with an error.
Submitted by: Andreas Kohn <andreas@syndrom23.de>
PR: bin/89782
MFC after: 3 days
circumstances that include circular dependencies.
PR: bin/91789
PR submitted by: Frank Behrens <frank@pinky.sax.de>
Patch submitted by: Divacky Roman <xdivac02@stud.fit.vutbr.cz>
entries from the interface rather than using ifconfig's delete command.
This preserves non-dhclient configured addresses (though they are wiped
out when dhclient is restarted).
MFC after: 1 week
disk. Apparently some people want to use mdmfs as mount_* as a
shortcut for mounting existing file-based file systems.
Note that unlike in the patches from the submitters, this option is
not available in compat mode. Compat mode was supposed to support only
things that mount_mfs used to support. To use this option from fstab,
mdmfs should be called mount_md, not mount_mfs. This distinction has
not always upkept for new options, and those can't be fixed now
without breaking people's systems, but new options should not usually
be allowed in compat mode. (Not sure why -F is allowed there at all.)
PR: 57641
Submitted by: Ruben de Groot
Submitted independently by: Wojciech A. Koszek, for Urzad Miasta Czestochowa
autonumbering is requested, set the unit to 0 instead of -1. This
option is just for output, and "/dev/md-1" looks disconcerting.
Submitted by: Wojciech A. Koszek
kernel is in the order the devices were made, which is not useful to
the user. Also, remove the "%d more" test since the kernel does not
return the complete count in md_pad[0] (maybe it should?).
Submitted by: Wojciech A. Koszek