Make Ethernet rules more similar to the usual layer 3 rules by also
allowing ridentifier and labels to be set on them.
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
In the early days of gbde, it linked against libmd. Shortly after
conception, phk replaced ARC4 with SHA-512, but libmd did not have SHA2
at the time thus he built a copy of sha2.c for gbde.
Fast forward 3 years, cperciva adds SHA2 to libmd -- this makes gbde's
build of sha2.c redundant, but it's (understandably) overlooked. Let's
simplify the gbde build now and just assume that libmd includes the most
optimal implementation.
Reported by: koobs (weird lto errors?)
Differential Revision: https://reviews.freebsd.org/D34668
Independent of all of the commands, bectl itself takes an `-r` flag that
specifies the BE root to use. This was originally added to facilitate
testing, but it was later discovered to be incredibly useful in other
scenarios; e.g., trying to recover some boot environments in rescue
media.
The "BE root" described here is the parent dataset that holds boot
environments, but I've no idea if that's an accepted definition for that
dataset.
Reviewed by: gallatin, imp, Pau Amma
MFC after: 1 week
Differential Review: https://reviews.freebsd.org/D39710
Packet Mark is an analogue to ipfw tags with O(1) lookup from mbuf while
regular tags require a single-linked list traversal.
Mark is a 32-bit number that can be looked up in a table
[with 'number' table-type], matched or compared with a number with optional
mask applied before comparison.
Having generic nature, Mark can be used in a variety of needs.
For example, it could be used as a security group: mark will hold a security
group id and represent a group of packet flows that shares same access
control policy.
Reviewed By: pauamma_gundo.com
Differential Revision: https://reviews.freebsd.org/D39555
MFC after: 1 month
The manual describes "if*" form only while kernel uses fnmatch(3)
and allows use for more versatile shell-like patterns.
Note that explicitly and provide an example.
MFC after: 3 days
Pass 1 of fsck_ffs checks the integrity of all the cylinder groups.
If any are found to have been corrupted it offers to rebuild them.
Pass 5 then makes a second pass over the cylinder groups to validate
their block and inode maps. Pass 5 assumes that the cylinder groups
are not corrupted and can segment fault if they are corrupted. Rather
than rerunning the corruption checks a second time in pass 5, this
fix keeps track whether any corrupt cylinder groups were found but not
fixed in pass 1 either due to running with the -n flag or by explicitly
answering `no' when asked whether to fix a corrupted cylinder group.
If any corrupted cylinder groups remain after pass 1, fsck_ffs will
decline to run pass 5. Instead it marks the filesystem as unclean
so that fsck_ffs will need to be run again before the filesystem can
be mounted.
This patch cleans up and documents the return value from check_cgmagic().
It also renames the variable / parameter "rebuildcg" to "rebuiltcg".
This parameter describes whether the cylinder group has been rebuilt
rather than whether it should be rebuilt.
Reported by: Chuck Silvers
Reviewed by: Chuck Silvers
MFC after: 1 week
Increment a reference count when returning a zero'ed out buffer
after a failed read.
Zero out a structure before using it.
Only dirty a buffer that has been modified.
Submitted by: Chuck Silvers
Sponsored by: Netflix
MFC after: 1 week
Add the ability to set direct blocks numbers in inodes so that manual
corrections can be made. No checking of the values is attempted so
accidental or deliberate bad values can be set.
Submitted by: Chuck Silvers
MFC after: 1 week
getopt(3) returns int type not char. Using char triggers the
-Wtautological-constant-out-of-range-compare warning with clang.
Change the type of the variable used for holding the return value
of getopt(3) to int to match the prototype and eliminate the warning.
MFC after: 1 week
Introduce the OpenBSD syntax of "scrub" option for "match" and "pass"
rules and the "set reassemble" flag. The patch is backward-compatible,
pf.conf can be still written in FreeBSD-style.
Obtained from: OpenBSD
MFC after: never
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D38025
Commit 896516e54a added a new NFS mount option
used for Kerberized NFSv4.1/4.2 mounts. It specifies that
AUTH_SYS be used for state maintenance (also called system)
operations. This allows the mount to be done without the
"gssname" option or a valid Kerberos TGT being held by the
user doing the mount (so it can be specified in fstab(5) for
example).
Reviewed by: gbe (manpages), karels
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D39469
A machine might exist on multiple networks, all of which offer, say, default
routes or name servers. There's no easy way to indicate in the config
that those options are only valid for a single interface.
Now, we can write:
interface "lan0" {
request routers;
require routers;
}
interface "lan1" {
ignore routers;
}
And only take action on default routes offered on lan0.
Tested by: Jose Luis Duran <jlduran at gmail dot com>
MFC after: 2 months
Reviewed by: allanjude, imp
Sponsored by: Zenith Electronics LLC
Sponsored by: Klara, Inc.
Pull Request: #693
For clone create and rename operations, the interface name get back can be
different from the one passed to ioctl(). Use the interface name we get back
so that ifconfig will not return unexpected ENXIO.
PR: 270618
Reviewed by: kp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D39396
route.c uses newroute() to handle the "route get" command. The logic
inside newroute() adds RTF_GATEWAY flag if "-interface" flag is not
specified. That results in the inconsistent RTM_GET message with
RTF_GATEWAY set but no RTAX_GATEWAY provided. Address this in the
translation code by checking if the gateway is actually provided.
Notable upstream pull request merges:
#12194 Fix short-lived txg caused by autotrim
#13368 ZFS_IOC_COUNT_FILLED does unnecessary txg_wait_synced()
#13392 Implementation of block cloning for ZFS
#13741 SHA2 reworking and API for iterating over multiple implementations
#14282 Sync thread should avoid holding the spa config write lock
when possible
#14283 txg_sync should handle write errors in ZIL
#14359 More adaptive ARC eviction
#14469 Fix NULL pointer dereference in zio_ready()
#14479 zfs redact fails when dnodesize=auto
#14496 improve error message of zfs redact
#14500 Skip memory allocation when compressing holes
#14501 FreeBSD: don't verify recycled vnode for zfs control directory
#14502 partially revert PR 14304 (eee9362a7)
#14509 Fix per-jail zfs.mount_snapshot setting
#14514 Fix data race between zil_commit() and zil_suspend()
#14516 System-wide speculative prefetch limit
#14517 Use rw_tryupgrade() in dmu_bonus_hold_by_dnode()
#14519 Do not hold spa_config in ZIL while blocked on IO
#14523 Move dmu_buf_rele() after dsl_dataset_sync_done()
#14524 Ignore too large stack in case of dsl_deadlist_merge
#14526 Use .section .rodata instead of .rodata on FreeBSD
#14528 ICP: AES-GCM: Refactor gcm_clear_ctx()
#14529 ICP: AES-GCM: Unify gcm_init_ctx() and gmac_init_ctx()
#14532 Handle unexpected errors in zil_lwb_commit() without ASSERT()
#14544 icp: Prevent compilers from optimizing away memset()
in gcm_clear_ctx()
#14546 Revert zfeature_active() to static
#14556 Remove bad kmem_free() oversight from previous zfsdev_state_list
patch
#14563 Optimize the is_l2cacheable functions
#14565 FreeBSD: zfs_znode_alloc: lock the vnode earlier
#14566 FreeBSD: fix false assert in cache_vop_rmdir when replaying ZIL
#14567 spl: Add cmn_err_once() to log a message only on the first call
#14568 Fix incremental receive silently failing for recursive sends
#14569 Restore ASMABI and other Unify work
#14576 Fix detection of IBM Power8 machines (ISA 2.07)
#14577 Better handling for future crypto parameters
#14600 zcommon: Refactor FPU state handling in fletcher4
#14603 Fix prefetching of indirect blocks while destroying
#14633 Fixes in persistent error log
#14639 FreeBSD: Remove extra arc_reduce_target_size() call
#14641 Additional limits on hole reporting
#14649 Drop lying to the compiler in the fletcher4 code
#14652 panic loop when removing slog device
#14653 Update vdev state for spare vdev
#14655 Fix cloning into already dirty dbufs
#14678 Revert "Do not hold spa_config in ZIL while blocked on IO"
Obtained from: OpenZFS
OpenZFS commit: 431083f75b
VLAN identifier 0xFFF is reserved. It must not be configured or
transmitted.
Also validate during parsing to prevent potential integer overflow.
Reviewed by: #network, melifaro
Fixes: c7cffd65c5 Add support for stacked VLANs (IEEE 802.1ad, AKA Q-in-Q)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39282
When recovering a system that is unbootable due to some
problem with the active BE, it is likely you'll be booted
from a rescue image running UFS. In this case, bectl
needs help finding the zpool root that you want to operate
on. In this case, improve the error message to suggest
specifying a root, rather than just emitting a generic
error message that might imply, to the naive user, that
there is a ZFS compatibility issue between the rescue
image and the on-disk ZFS pool.
Reviewed by: imp, kevans
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D39346
The algorithm for laying out new directories was devised in the 1980s
and markedly improved the performance of the filesystem. In those days
large disks had at most 100 cylinder groups and often as few as 10-20.
Modern multi-terrabyte disks have thousands of cylinder groups. The
original algorithm does not handle these large sizes well. This change
attempts to expand the scope of the original algorithm to work well
with these much larger disks while still retaining the properties
of the original algorithm for small disks.
The filesystem implementation is divided into policy routines and
implementation routines. The policy routines can be changed in any
way desired without risk of corrupting the filesystem. The policy
requests are handled by the implementation layer. If the policy
asks for an available resource, it is granted. But if it asks for
an already in-use resource, then the implementation will provide
an available one nearby the request. Thus it is impossible for a
policy to double allocate. This change is limited to the policy
implementation.
This change updates the ffs_dirpref() routine which is responsible
for selecting the cylinder group into which a new directory should
be placed. If we are near the root of the filesystem we aim to
spread them out as much as possible. As we descend deeper from the
root we cluster them closer together around their parent as we
expect them to be more closely interactive. Higher-level directories
like usr/src/sys and usr/src/bin should be separated while the
directories in these areas are more likely to be accessed together
so should be closer. And directories within commands or kernel
subsystems should be closer still.
We pick a range of cylinder groups around the cylinder group of the
directory in which we are being created. The size of the range for
our search is based on our depth from the root of our filesystem.
We then probe that range based on how many directories are already
present. The first new directory is at 1/2 (middle) of the range;
the second is in the first 1/4 of the range, then at 3/4, 1/8, 3/8,
5/8, 7/8, 1/16, 3/16, 5/16, etc.
It is desirable to store the depth of a directory in its on-disk
inode so that it is available when we need it. We add a new field
di_dirdepth to track the depth of each directory. Because there are
few spare fields left in the inode, we choose to share an existing
field in the inode rather than having one of our own. Specifically
we create a union with the di_freelink field. The di_freelink field
is used to track inodes that have been unlinked but remain referenced.
It is not needed until a rmdir(2) operation has been done on a
directory. At that point, the directory has no contents and even
if it is kept active as a current directory is no longer able to
have any new directories or files created in it. Thus the use of
di_dirdepth and di_freelink will never coincide.
Reported by: Timo Voelker
Reviewed by: kib
Tested by: Peter Holm
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39246
- passing I/O commands through nda requires nsid field to be set (it was
unused when going through nvme_ns_ioctl())
- ccb's status can be OR'ed with the flags, use CAM_STATUS_MASK
Reviewed by: imp (cam)
Differential Revision: https://reviews.freebsd.org/D37696
Test regression fixed in 4630a3252a. Add two tests that do not
use the verbose flag, so the code path in question can be reached:
1. Respond with a proper ICMP destination host unreachable packet.
2. Respond with a doctored ICMP destination host unreachable packet,
that has the ICMP Identifier field modified (+1 bit).
Reviewed by: cy
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39244
This change converts all kernel rtsock interactions in route(8)
to Netlink.
Based on the WITHOUT_NETLINK_SUPPORT src.conf(5) variable, route(8)
now fully operates either via Netlink or via rtsock/sysctl.
The default (compile-time) is Netlink.
The output for route delete/add/get/flush is targeted to be exactly
the same (apart from some error handling cases).
The output for the route monitor has been changed to improve
readability and support netlink models.
Other behaviour changes:
* exact prefix lookup (route -n get a.b.c.d/e) is not yet supported.
* route monitor does not show the change originator yet.
Differential Revision: https://reviews.freebsd.org/D39007
The variable oicmp, which holds the original ("quoted packet") ICMP
packet in a structured way, did not have a copy of the original ICMP
packet obtained from the raw data.
The code was accidentally removed in 20b4130314. Bring it back.
Reported by: Coverity Scan, cy
Reviewed by: cy
CID: 1506960 (UNINIT)
Fixes: 20b4130314
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39233
In certain setups (e.g., autonomous APs) it is extremly helpful to have
a way to map the BSSIDs to names for both normal status output as well
as the scan list. This often allows a quicker overview than remembering
(or manually looking up) BSSIDs.
Call ether_ntohost() on the bssid and consult /etc/ethers
and print "(name)" after the bssid for the status output and "(name)"
at the end of the line after the IE list.
MFC after: 10 days
Reviewed by: adrian, cy
Differential Revision: https://reviews.freebsd.org/D39192
Allow users to configure the address to send carp messages to. This
allows carp to be used in unicast mode, which is useful in certain
virtual configurations (e.g. AWS, VMWare ESXi, ...)
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D38940
Allow carp configuration information to be supplied and retrieved via
netlink.
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39048
The function pr_pack() prints out a packet, if the IP packet contains
options, these are printed as well.
Test the functionality fixed in
70960bb86a.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38470
Ping used to provide some sort of packet sniffing capabilities, this was
in an era where hubs were used and tcpdump wasn't invented.
pr_iph() is a function that prints the IP header of the packet.
pr_retip() is essentially a wrapper function to pr_iph(), that also
displays the source and destination ports of a TCP or UDP packet.
After ef9e6dc7ee some of this
functionality was almost removed, to only display packets sent by us
(26+ years ago).
At this point, reaching this code path was only possible by doctoring
the original packet.
After 46d7b45a26 this code path can never
be reached.
Remove the code.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38475
When an ICMP packet contains an IP packet in its payload, and that
original IP packet contains options, these options were not displayed
accordingly in pr_iph().
pr_iph() is a function that prints the original "quoted packet" IP
header, with only an IP struct as an argument. The IP struct does not
contain IP options, and it is not guaranteed that the options will be
contiguous in memory to the IP struct after
d9cacf605e.
Pass the raw ICMP data along with the IP struct, in order to print the
options, if any.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38469
The sizeof(struct ip) is 20.
The sizeof(struct in_addr) is 4.
No functional change intended.
Reviewed by: asomers, markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39125
In the IP header, Flags + Fragment Offset is a 16-bit field.
Use ntohs() instead of ntohl(), otherwise the Flags/Fragment Offset
values may not display correctly.
Before (DF set)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 0001 0 0000 40 01 b6a4 192.0.2.1 192.0.2.2
After (DF set)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 0001 2 0000 40 01 b6a4 192.0.2.1 192.0.2.2
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38479
It is better to mention the externel command for showing
the routing table as using an explicit command.
PR: 231579
Suggested by: karels
Reviewed by: karles, gbe
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D39075
Instead of passing 0xff's for all unset parameters, prefer reasonable
defaults. It is much easier to use it this was without specs in hand.
MFC after: 1 week
If a directory entry has an illegal inode number (less than zero
or greater than the last inode in the filesystem) the entry is removed.
If a directory '.' or '..' entry had an illegal inode number they
were being removed. Since fsck_ffs knows what the correct value is
for these two entries fix them rather deleting them.
Add much more extensive cylinder group checks and use them to be
more careful about rebuilding a cylinder group.
Check for out-of-range block numbers before trying to free them.
When a directory is deleted also remove its cache entry created
in pass1 so that later passes do not try to operate on a deleted
directory.
Check for ctime(3) returning NULL before trying to use its return.
When freeing a directory inode, do not try to interpret it as a
directory.
Reserve space in the inostatlist to have room to allocate a
lost+found directory.
If an invalid block number is found past the end of an inode simply
remove it rather than clearing and removing the inode.
Modernize the inoinfo structure to use queue(3) LIST rather than a
handrolled linked list implementation.
Reported by: Bob Prohaska, John-Mark Gurney, and Mark Millard
Tested by: Peter Holm
Reviewed by: Peter Holm
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38668
It is impossible to compile pfctl with OPT_DEBUG due to integer width mismatch:
/usr/home/kajetan.staszkiewicz/freebsd.git/sbin/pfctl/pfctl_optimize.c:1479:9: error: format specifies type 'unsigned int' but the argument has type 'unsigned long' [-Werror,-Wformat]
i - pf_rule_desc[closest].prf_off--- pfctl_optimize.o ---
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/home/kajetan.staszkiewicz/freebsd.git/sbin/pfctl/pfctl_optimize.c:52:44: note: expanded from macro 'DEBUG'
printf("%s: " str "\n", __FUNCTION__ , ## v)
~~~ ^
1 error generated.
Reviewed by: kp
Obtained from: OpenBSD (pfctl_optimize.c 1.15)
Differential Revision: https://reviews.freebsd.org/D38918
This update provides a more detailed description of FFS/UFS snapshots
and adds links to useful man pages.
Requested by: Graham Perrin
Submitted by: darius-dons.net.au
Reviewed by: Ravi Pokala
PR: 266358
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D38817
The function that sets test case metadata is actually named ${tc}_head
rather than ${tc}, so add the suffix.
While we're here, hook the tests up to the infrastructure so that they
do get run.
Sponsored by: Klara, Inc.
- skipping end of block that is not open: Oc
- no blank before trailing delimiter
- remove useless TN macros
- remove commented out reference for esis(4)
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D38783
Since the kernel options ROUTE_MPATH and FIB_ALGO are enabled
per default for a while, it's good to have some user facing
documetation about the general functionality of multipath
routing and fib lookup algorithms.
Reviewed by: pauamma, Jose Luis Duran <jlduran at gmail dot com>
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D38783
ping -R (F_RROUTE) will loop at ping.c:1381 until it segfaults or
the unsigned int hlen happens to be less than the size of an IP header:
slippy$ ping -R 192.168.0.101
PING 192.168.0.101 (192.168.0.101): 56 data bytes
64 bytes from 192.168.0.101: icmp_seq=0 ttl=63 time=1.081 ms
RR: 192.168.0.1
192.168.0.101
192.168.0.101
10.1.1.254
10.1.1.91
unknown option bb
unknown option 32
unknown option 6
...
unknown option 96
unknown option 2d
Segmentation fault
The reason for this is while looping through loose source routing (LSRR)
and strict source routing (SSRR), hlen will become smaller than the IP
header. It may even become negative. This should terminate the loop.
However, when hlen is unsigned, an integer underflow occurs becoming a
large number causing the loop to continue virtually forever until hlen
is either by chance smaller than the lenghth of an IP header or it
segfaults.
Reviewed by: asomers
Fixes: 46d7b45a26
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38744
When building WITH_BEARSSL=1 veriexec(4) failes to compile.
So update the function prototype so that veriexec(4)
compiles again.
Reported by: gbe
Reviewed by: mjg, gbe
Approved by: mjg
Pull Request: https://github.com/freebsd/freebsd-src/pull/657
ping(8) is an old utility, which has received many changes and updates through the years.
Some of these changes may have introduced small bugs, in part due to the lack of tests.
Attempt to remedy the current situation by introducing a way to easily add tests.
Differential Revision: https://reviews.freebsd.org/D38053
ping(8) is an old utility, which has received many changes and updates through the years.
Some of these changes may have introduced small bugs, in part due to the lack of tests.
Attempt to remedy the current situation by introducing a way to easily add tests.
Differential Revision: https://reviews.freebsd.org/D38053
Use it instead of defining IN_RTLD by base sources that want P_OSREL_
defines in userspace, but are not rtld.
This allows to remove abuse of IN_RTLD from userspace.
Reviewed by: dchagin, markj, imp
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D38585
If we fail to open one of the files in the file listing, we still need
to advance `rec` along with `argv` so that the checksum we're checking
against lines up with the file we're hashing.
Tests added both for the -c flag, as well as the -b and -t modes of
the *sum programs.
PR: 267722
Reviewed by: emaste (earlier version)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D37374
And put in it:
- kbdcontrol
- vidcontrol
- moused
- kbdmap
Those aren't useful in a jail or for a modern desktop.
While here, split the devd.conf part into some new files.
Reviewed by: bapt
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38321
And make it part of the FreeBSD-acpi package.
This avoid calling service power_profile on an installation without it
installed.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38324
And make it part of the FreeBSD-bluetooth package.
This avoid calling service bluetooth on an installation without it
installed.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38323
And make it part of the FreeBSD-dhclient package.
This avoid calling dhclient on an installation without dhclient
installed.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38322
The testloop function is called with various parameters, but those
were ignored in the coreutils-c-test script. This was an oversight
and is fixed by passing the option to all invocations of the hash
functions in this test script.
Reported by: des
MFC after: 3 days
While there, remove .Tn from man pages.
Also remove an obsolete comment about the 80386.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans, allanjude
Differential Revision: https://reviews.freebsd.org/D38373
Only attempt to add /dev/ to f_mntfromname names that result in a
valid character device.
MFC after: 1 week
Reported by: Bjoern A. Zeeb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37907
Several important base system components are written in C++, and the
WITHOUT_CXX option produced a system that was not fully functional.
Just accept this, and remove the option to build without C++ support.
This reverts commit adc3c128c6.
Reviewed by: brooks, kevans, jhb (earlier)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33108
It was renamed during review of D1776 but this entry slipped through.
PR: 243284
Reported by: pprocacci@gmail.com
Obtained from: Chad Jacob Milios <milios@ccsys.com>
This reverts commit 2c24ad3377.
This change causes some commands to fail, for example when working with
renamed interfaces or when trying to list a nonexistent interface by
name.
PR: 269042
Reported by: dbaio, Michael Paepcke <bugs.fbsd@paepcke.de>
MFC with: 2c24ad3377
The mntopts(3) functions support operations associated with a mount
point. The main purpose of this commit is to document the mntopts(3)
functions that now appear in 18 utilities in the base system. See
mntopts(3) for the documentation details.
The getmntopts() function appeared in 4.4BSD. The build_iovec(),
build_iovec_argf(), free_iovec(), checkpath(), and rmslashes()
functions were added with nmount(8) in FreeBSD 5.0. The getmntpoint()
and chkdoreload() functions are being added in this commit.
These functions should be in a library but for historic reasons are
in a file in the sources for the mount(8) program. Thus, to access
them the following lines need to be added to the Makefile of the
program wanting to use them:
SRCS+= getmntopts.c
MOUNT= ${SRCTOP}/sbin/mount
CFLAGS+= -I${MOUNT}
.PATH: ${MOUNT}
Once these changes have been MFC'ed to 13 they may be made into
a library.
Reviewed by: kib, gbe
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37907
If "ifconfig create" tries to load a kernel module, and the module
exists but can't be loaded, fail the command with a useful error
message. This is helpful, for example, when trying to create a cloned
interface in a vnet jail. But ignore ENOENT, because sometimes ifconfig
can't correctly guess the name of the required kernel module.
MFC after: 2 weeks
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D37873
* Appease mandoc -T lint and igor
* Use example.com for documentation
* Update the IPv4 TTL section.
Update the IPv4 TTL section specifically for FreeBSD.
FreeBSD changed the default TTL to 64 in
5639e86bdd. NetBSD and OpenBSD still
use 255. Remove some references of extinct operating systems.
Reviewed by: gbe (manpages), asomers
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd-src/pull/630
Also add a test to ensure that it is working correctly.
Submitted by: ota_j.email.ne.jp
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D34012
My main use-case for this is to support mounting config files and secrets
into OCI containers. My current workaround copies the files into the
container which is messy and risks secrets leaking into container images
if the cleanup fails.
Reviewed by: mjg, kib
Tested by: pho
Differential Revision: https://reviews.freebsd.org/D37478
And the related sconfig utility. Sync serial (e.g. E1/T1) interfaces
are obsolete, and nobody responded to several inquires on the mailing
lists about use of these drivers.
Relnotes: Yes
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23928
And note that it is deprecated.
PR: 236569
Reported by: bcran
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37678
Changing the mode bits on a file with an NFS4 ACL results in the
NFS4 ACL being replaced by one matching the new mode bits being set,
so when restoring a file with an NFS4 ACL, set the owner/group/mode first
and then set the NFS4 ACL, so that setting the mode does not throw away
the ACL that we just set.
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D37618
One year ago, I deprecated 'kern' in favor of 'kernel' for the system
name for some power events. I'm about to remove it from the kernel, but
realized there's been no warning generated for users. Preserve POLA by
converting on the fly here and issuing a warning for 14.x, and an fatal
error after we branch 15. Make compiling it an error on 16 to remove
the gross hack after we branch.
Sponsored by: Netflix
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D37584
The new "kernel" system name is the one that's documented and has
been generated for a year now. Remove the old one now that 14.0
is getting close.
Sponsored by: Netflix
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D37582
Ping reads raw IP packets to parse ICMP responses. When reading the
IP Header Len (IHL) ping was was taking the value from the provided
packet without any validation. This could lead to remotely triggerable
stack corruption.
Validate the IHL against expected and recieved data sizes when reading
from the received packet and when reading any quoted packets from within
the ICMP response.
Approved by: so
Reviewed by: markj, asomers
Security: FreeBSD-SA-22:15.ping
Security: CVE-2022-23093
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
X-NetApp-PR: #77
Differential Revision: https://reviews.freebsd.org/D37195
We removed the code for these modes back in 2015, but converted such
configurations to 'scrub fragment reassemble'. It's been long enough,
drop the backwards compatibility glue too.
Reviewed by: mjg
MFC after: never
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D37460
scrub rules have defaulted to handling fragments for a long time, but
since we removed "fragment crop" and "fragment drop-ovl" in 64b3b4d611
this has become less obvious and more expensive ("reassemble" being the
more expensive option, even if it's the one the vast majority of users
should be using).
Extend the 'scrub' syntax to allow fragment reassembly to be disabled,
while retaining the other scrub behaviour (e.g. TTL changes, random-id,
..) using 'scrub fragment no reassemble'.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D37459
Running "dnctl" vs "/sbin/dnctl" gave different results, because we
looked at the entire argv[0] string, rather than the basename.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D37431
Commit 5e6a2d6eb2 moved libc++ from /usr/lib to /lib, so we no longer
have an interval during boot when it is not available (before /usr is
mounted). We no longer need to force devd to be statically linked.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37409
Current sequence of IEEE OUI Identifier output is wrong.
For Intel, current output is e4 d2 5c, specification is 5CD2E4h
For Samsung, current output is 38 25 00, specification is 002538h
also check with Linux nvme-cli.
Reviewed by: imp, chuck
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D33856
The Number of Firmware Slots should never be zero. So, a Firmware Slot 1
should always exist. For that reason, always print the Number of
Firmware Slots and the Firmware Slot 1 Read-Only value.
Reviewed by: imp
Approved by: manu (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34700
Else out-of-bound reads and undefined behaviour may happen.
The current code only checked for the presence of the first of four bytes.
Make sure the fields in question have the minium size required.
No functional change intended.
Reviewed by: rrs@
MFC after: 1 week
Sponsored by: NVIDIA Networking
All the needed infrastructure updates have been made to allow
snapshots to be taken on UFS/FFS filesystems that are using journaled
soft updates. The most immediate benefit is the ability to use a
snapshot to take a consistent filesystem dump on a live filesystem
using the -L option to dump(8).
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36491
Although intel's specification did not tell which unit for Temperature
Statistics (Log Identifier C5h), I believe it is based on Celsius
instead of Kelvin.
here is my P3700 SSDs result(before):
Intel Temperature Log
=====================
Current: 30 K, -243.15 C, -405.67 F
Overtemp Last Flags 0
Overtemp Lifetime Flags 0
Max Temperature 53 K, -220.15 C, -364.27 F
Min Temperature 17 K, -256.15 C, -429.07 F
Max Operating Temperature 63 K, -210.15 C, -346.27 F
Min Operating Temperature 0 K, -273.15 C, -459.67 F
Estimated Temperature Offset: 0 C/K
after apply the patch, result is
Intel Temperature Log
=====================
Current: 303.15 K, 30 C, 86.00 F
Overtemp Last Flags 0
Overtemp Lifetime Flags 0
Max Temperature 326.15 K, 53 C, 127.40 F
Min Temperature 290.15 K, 17 C, 62.60 F
Max Operating Temperature 336.15 K, 63 C, 145.40 F
Min Operating Temperature 273.15 K, 0 C, 32.00 F
Estimated Temperature Offset: 0 C/K
I also compare to smartctl's report. it match very well.
also tested on Intel P3600, it fixed the problem.
Signed-off-by: Wanpeng Qian <wanpengqian@gmail.com>
Reviewed by: imp (added tweak to samsung.c so it still compiles)
Differential Revision: https://reviews.freebsd.org/D32845
Work is ongoing to add support for pfsync over IPv6. This required some
changes to allow for differentiating between the two families in a more
generic way.
This patch converts the relevant ioctls to using nvlists, making future
extensions (such as supporting IPv6 addresses) easier.
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D36277
The kernel handles the managment of UFS/FFS snapshots. Since UFS/FFS
updates filesystem data (rather than always writing changes to new
locations like ZFS), the kernel must check every filesystem write
to see if the block being written is part of a snapshot. If it is
part of a snapshot, then the kernel must make a copy of the old
block value into a newly allocated block for the snapshot before
allowing the write to be done. Similarly, if a block is being freed,
the kernel must check to see if it is part of a snapshot and let
the snapshot claim the block rather than freeing it for future use.
When a snapshot is freed, its blocks need to be offered to older
snapshots and freed only if no older snapshots wish to claim them.
When snapshots were added to UFS/FFS they were integrated into soft
updates and just a small part of the management of snapshots needed
to be added to fsck_ffs(8) as soft updates minimized the set of
snapshot changes that might need correction. When journaling was
added to soft updates a much more complete knowledge of snapshots
needed to be added to fsck_ffs(8) for it to be able to properly
handle the filesystem changes that a journal rollback needs to do
(specifically the freeing and allocation of blocks). Since this
functionality was unavailable, the use of snapshots was disabled
when running with journaled soft updates.
This set of changes imports the kernel code for the management of
snapshots to fsck_ffs(8). With this code in place it will become
possible to enable snapshots when running with journalled soft
updates. The most immediate benefit will be the ability to use
snapshots to take consistent filesystem dumps on live filesystems.
Future work will be done to update fsck_ffs(8) to be able to use
snapshots to run in background on live filesystems running with
journaled soft updates.
Reviewed by: kib
Tested by: Peter Holm
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36491
In order to use the shutdown command, the user must
have root privileges or be a member of the operator group.
PR: 266525
Reported by: Zsolt Udvari <uzsolt at uzsolt hu>
Reviewed by: pauamma
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36688
If no IPv4-host, IPv4-mcast-group or IPv6-host is passed, it will
display the usage. The tests are passing because they are just checking
that the exit code is 1.
Fix the tests by checking the appropriate output message.
While here, change the description to match the output and add the
missing requirements.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37250
Allow pf (l2) to be used to redirect ethernet packets to a different
interface.
The intended use case is to send 802.1x challenges out to a side
interface, to enable AT&T links to function with pfSense as a gateway,
rather than the AT&T provided hardware.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D37193
There are known issues with unionfs, and the mount_unionfs man page has
a cautionary statement about its use. The caution had additional
"humourous" statements like "BEWARE OF DOG" but they served only to
confuse the situation. Remove them.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
When syncookies are in adaptive mode they may be active or inactive.
Expose this status to users.
Suggested by: Guido van Rooij
Sponsored by: Rubicon Communications, LLC ("Netgate")
devmatch is useful on standalone machine but not on jails.
Put devinfo(8) and libdevinfo there too.
Differential Revision: https://reviews.freebsd.org/D36229
It's not really useful in a jail or in a mdroot or even if a users
wants to do a full zfs machine.
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D36227
It is useful to have zfs utilities and lib in a separate package as
it allow users to create image that can support ZFS (i.e. not with
WITHOUT_ZFS in src.conf set) without bloating the default image with
all zfs tools (for example for jails).
Differential Revision: https://reviews.freebsd.org/D36225
For most users it's not needed to boot and they are also
available in the FreeBSD-rescue package in case an update
break and FreeBSD-geom package isn't updated correctly.
Differential Revision: https://reviews.freebsd.org/D36224
It doesn't really make sense to have it in runtime and let's not
bloat utilities more.
Reviewed by: emaste, imp
Differential Revision: https://reviews.freebsd.org/D36222
It doesn't really make sense to have it in runtime and let's not
bloat utilities more.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D36221
The size of the journaled soft-updates journal should be big enough
to hold two minutes of filesystem metadata-update activity. The
maximum size of the soft updates journal was set in the 1990s. At
the time it was assummed that disk arrays would top out at 16 drives
and disk writes per drive would top out at 500 per second. Today's
I/O subsystems are considerably bigger and faster than those limits.
Thus this delta removes the hard upper limit and lets tunefs(8) and
newfs(8) set the upper bound based on the size of the filesystem and
its cylinder groups.
Sponsored by: The FreeBSD Foundation
Add a descrition to the newfs(8) -j (journal enablement) flag
that explains what soft updates journaling does, the tradeoffs
to using it, and the limitations that it imposes. Copied from
the description in tunefs(8).
PR: 261944
Sponsored by: The FreeBSD Foundation
On systems where mac_veriexec is enforced, init should run its scripts in verified mode.
This relies on the verify shell option introduced by D30464. init will detect if the shell
is /bin/sh, and in which case, add the verify option to the argument vector.
The verify option propagates to all files sourced by the shell, ensuring a better
protection than if the script was tested against an open(O_VERIFY) before running it.
This security can be bypassed with the kenv which overloads the shell to use.
However we feel confident that on systems running with mac_veriexec, this kenv will be blocked somehow.
Also, the verify option has no effect on systems where mac_veriexec is not loaded nor enforced.
Differential revision: https://reviews.freebsd.org/D34622
Reviewed by: sjg, wma
Use uintmax_t cast to print the size of the device for the non-humanize
case to avoid issues with 32-bit longs.
Fixes: 9c1bec9c21
Sponsored by: Netflix
Add an option of -h --human to output human readable size unit instead
of the fixed unit (MB).
Signed-off-by: Wanpeng Qian <wanpengqian@gmail.com>
Reviewed by: imp, bcr
Differential Revision: https://reviews.freebsd.org/D32957
Fix:
--- all_subdir_sbin ---
/opt/src/git-src/sbin/nvmecontrol/modules/samsung/samsung.c:149:64:
error: format specifies type 'unsigned long' but the argument has type
'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat]
printf(" Read Reclaim Count : %lu\n",
le64dec(&temp->rrc));
~~~
^~~~~~~~~~~~~~~~~~~
%llu
/opt/src/git-src/sbin/nvmecontrol/modules/samsung/samsung.c:150:64:
error: forma t specifies type 'unsigned long' but the argument has type
'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat]
printf(" Lifetime Uncorrectable ECC Count : %lu\n",
le64dec(&temp->lueccc));
~~~
^~~~~~~~~~~~~~~~~~~~~~
%llu
2 errors generated.
Fixes: 84e8678870
Samsung PM983 SSD has a 0xca logpage. It has more information compared
to Intel's this patch tested on PM983 M2 SSD and works as expected.
Reviewed by: imp@
Approved by: kp@
Event: Aberdeen Hackathon 2022
Differential revision: https://reviews.freebsd.org/D33749
Use time_t rather than uint32_t to represent the timestamps. That means
we have 64 bits rather than 32 on all platforms except i386, avoiding
the Y2K38 issues on most platforms.
Reviewed by: Zhenlei Huang
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D36837
On certain cloud platforms (Google Cloud, Packet.net and others) the
DHCP server offers a /32 address. This makes adding the default route
fail since it is not reachable via any interface. Linux's
dhclient-script seem to usually have a special case for that and
explicitly adds an interface route to the router's address.
FreeBSD's dhclient-script already has a special case for when the router
address is the same as the leased address. Now also add one for when
it's a different address that doesn't fall in the interface's subnet.
PR: 241792
Event: Aberdeen hackathon 2022
Submitted by: sigsys@gmail.com
Reviewed by: dch, kp, bz (+1 on the idea, not reviewed), thj
MFC after: 1 week
wdc_get_dui_log_size allocates a buffer and then advances the
returned pointer. Passing this advanced pointer to free() is UB,
so save the original pointer to pass to free() instead.
Reviewed by: imp
Reported by: GCC 12 -Wfree-nonheap-object
Differential Revision: https://reviews.freebsd.org/D36827
The RFC for this finally got published and, therefore,
now has a number. This patch puts this RFC number
in the man page.
This is a content change.
MFC after: 1 week
Fixes: eec02418d8 Remove support for FDDI and token ring media types in userland utilities.
Reviewed by: brooks, gjb, imp
Approved by: brooks (src), gjb (mentor, src), imp (src)
Differential Revision: https://reviews.freebsd.org/D36668
MFC after: 3 days
When an internal or other error occurs during the listing of a pool,
return an error code when extiting ippool(8). Printing an error to
stderr without returning an error code is useless in shell scripts.
MFC after: 2 weeks
Add an ippool(8) option to dump a copy of the inm-memory ippool tables
in an ippool(5) format so that it can be reloaded using ippool -f.
MFC after: 2 weeks
Be more precise in the definition of policy directions
and policy levels.
PR: 250177
Reported by: Bram Ton <bram at cbbg dot nl>
Reviewed by: gbe, ae
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D26719
Commit 33721eb991 enabled use of "nolockd" for
NFSv4 mounts. This was done primarily to allow its
use with the "intr" mount option.
This patch updates the man page for this.
This is a content change.
Reviewed by: gbe (manpages), karels
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D36462
When something was found wrong with an inode the error message
was always "UNKNOWN FILE TYPE". This error is now used only when
the file type field is wrong. Other errors have their own messages:
"BAD FILE SIZE", "NEGATIVE FILE SIZE", "BAD SPECIAL-FILE RDEV",
"INVALID DIRECT BLOCK", and "INVALID INDIRECT BLOCK".
More complete information about the inode is also provided.
Sponsored by: The FreeBSD Foundation
We have repeatedly gotten reports of unclassified SIOCIFCREATE2 errors
(usually "Device not configured"). This can happen if there is
configuration for interfaces in rc.conf which do not (yet) exist and
we try to configure. I can, e.g., provoke this by configuring wlan
interfaces with their physical interface not installed.
In order to cut support (guesswork) down print the name of the
interface to be configured with the error message.
Hopefully this will help us in the future to improve other configuration
or driver problems.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Similar to the preceding fix for layer three rules, ensure that we
recursively list wildcard anchors for ethernet rules.
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D36417
Fix a couple of problems with printing of anchors, in particular recursive
printing, both of inline anchors and when requested explicitly with a '*'
in the anchor.
- Correct recursive printing of wildcard anchors (recurse into child anchors
rather than rules, which don't exist)
- Print multi-part anchor paths correctly (pr6065)
- Fix comments and prevent users from specifying multi-component names for
inline anchors.
tested by phessler
ok henning
Also fix the relevant pfctl test case to reflect the new (and now
correct) behaviour).
MFC after: 3 weeks
Obtained from: OpenBSD (mcbride, f9a568a27c740528301ca3419316c85a9fc7f1de)
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D36416
Ensure that we pass the (base) anchorname to the kernel, not the '/*'
suffix.
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D36415
When calling shutdown, shutdown sends a signal to init and exits. This
causes a race condition for the waitpid function. If the signal wins the
race, wpid will be set to -1 and init calls death_single. If shutdown
wins the race, wpid will be set to the pid of the shutdown process and
the requested_transition will be ignored.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D36356
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
If the root directory exists but has a bad block number Pass1 will
accept it and setup an inoinfo structure for it. When Pass2 runs
and cannot read the root inode's content because of a bad (or
duplicate) block number, it removes the bad root inode and replaces
it. As part of creating the replacement root inode, it creates an
inoinfo entry for it. But Pass2 did delete the inoinfo entry that
Pass1 had set up for the root inode so ended up with two inoinfo
structures for it. The final step of Pass2 checks that all the ".."
entries are correct adding them if they are missing which resulted
in a second ".." entry being added to the root directory which
definitely did not go over well in the kernel name cache!
Reported by: Peter Holm
Sponsored by: The FreeBSD Foundation
Commit 603677334a added a sentence with a file path
in it. However, it did not use .Pa since it would leave
a space after it, where ('s) was supposed to go.
This patch rewords the sentence so that .Pa can
be used.
This is a content change.
Suggested by: mkarels
Recent problems related to NFSv4 mounts has been traced
to multiple NFSv4 clients using the same /etc/hostid
(or kern.hostuuid, if you prefer).
This patch adds a sentence to the man page noting that
clients must have unique /etc/hostid's.
This is a content change.
Reviewed by: gbe (manpages)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D36392
Like the detailed diagnostics produced when a bad superblock
is read, provide similar detailed diagnostics when bad
cylinder groups are read.
Reported by: Peter Holm
Tested by: Peter Holm
Sponsored by: The FreeBSD Foundation
The fsck_ffs(8) utility has two subsystems for reading and writing
inodes. The getnextinode() interface is used in Pass 1 (and Pass
1b if needed) to sequentially walk through all the inodes in the
filesystem. The ginode() interface is used to read and write
individual inodes. Pass 1 uses a mix of both interfaces. This
change ensures that ginode() returns a pointer to the inode in the
cache maintained by getnextinode() when that interface holds the
requested inode so that all modifications to the inode are made in
a single place and are all written to the disk together.
Reported by: Peter Holm
Tested by: Peter Holm
Sponsored by: The FreeBSD Foundation
Historically fsck_ffs(8) would only use alternate superblocks when
running in manual mode. When the standard superblock fails, it now
tries to find and use a backup superblocks even when running in `preen'
mode. If an alternate superblock is found and the filesystem is
successfully cleaned up using it, write the alternate superblock
back to the standard superblock so that the filesystem can be
subsequently mounted and used.
Reported by: Peter Holm
Tested by: Peter Holm
Sponsored by: The FreeBSD Foundation
The UFS filesystem expects to find '.' and '..' as the first two entries
in a directory. The kernel's UFS name cache can become quite confused
when these two entries are not present as the first two entries.
Prior to this change, when the fsck_ffs(8) utility detected that
'.' and/or '..' were missing, it would report them, but only offered
to replace them if the space at the beginning of the directory was
available. Otherwise it was left to the system administrator to
move the offending file(s) out of the way and then rerun fsck_ffs(8)
to create the '.' and '..' entries.
With this change, fsck_ffs(8) will always be able to create the '.'
and/or '..' entries. It moves any files in the way elsewhere in the
directory block. If there is no room in the directory block to which
to move them, they are placed in the lost+found directory.
Reported by: Peter Holm
Sponsored by: The FreeBSD Foundation
When either searching for backup UFS superblocks or when explicitly asked
to use one with the -b option, report the reason for failure if it cannot
be used.
Reported by: Peter Holm
Sponsored by: The FreeBSD Foundation
