rule, thus omitting the entire body.
This makes the output a lot more readable for complex rulesets
(provided, of course, you have annotated your ruleset appropriately!)
MFC after: 3 days
is all zeros. The kernel now consistently zeroes FSIDs for non-root
users, so there's no point in printing these.
Also fix a number of compiler warnings, including two real bugs:
- a bracket placement bug caused `mount -t ufs localhost:/foo /mnt'
to override the `-t ufs' specification and use mount_nfs.
- an unitialised variable was used instead of _PATH_SYSPATH when
warning that the mount_* program cound not be found.
Submitted by: Rudolf Cejka <cejkar@fit.vutbr.cz> (FSID part)
Approved by: re (scottl)
is all zeros. The kernel now consistently zeroes FSIDs for non-root
users, so there's no point in printing these. Also fix a misspelling
in a comment.
Submitted by: Rudolf Cejka <cejkar@fit.vutbr.cz>
Approved by: re (scottl)
in /etc/ttys. Before this fix, once the count of active services
reaches 0, one could never restart any more without a reboot.
Steve Passe did the leg work on this patch. After he found the fix,
we discovered that an identical fix had been made to NetBSD.
Approved by: re@ <scottl>
Approval tool: peril sensitive sunglasses
The sconfig utility supports more than just cx boards, and those drivers
will make their way into FreeBSD shortly (maybe before 5.2).
Confirmed that this doesn't break the build.
Submitted by: Roman Kurakin <rik@cronyx.ru>
Approved by: re@ <scottl>
+ Patch is not my friend, but an evil toad
Remove redunant copy of each of these files that patch appended to them.
# Still not connected to the build.
Approved by: re@ <scottl>
This is the new cronyx serial control program.
# A future commit will remove the old driver/userland pieces and connect things
# to the build.
Submitted by: Roamn Kurakin <rik@cronyx.ru>
code is compiled in to support the O_IPSEC operator. Previously no
support was included and ipsec rules were always matching. Note that
we do not return an error when an ipsec rule is added and the kernel
does not have IPsec support compiled in; this is done intentionally
but we may want to revisit this (document this in the man page).
PR: 58899
Submitted by: Bjoern A. Zeeb
Approved by: re (rwatson)
parameter checking introduced in vfs_mount.c r1.113 rejects them
otherwise.
Submitted by: R. Imura <imura at ryu16 dot org>
Approved by: re (scottl,rwatson)
to gcc have not been made for ia64, which means that executables still
have /usr/libexec/ld-elf.so.1 as the dynamic linker. This simply does
not work if /usr is a seperate filesystem not mounted when the kernel
tries to execute init(8).
Note that this is a temporary fix until a new gcc has been imported
that does have the required changes.
Approved: re@
in the .snap directory in the root of the filesystem being dumped.
Document that if the .snap directory is missing that it must be
created manually and that it should be owned by user root and
group operator and set to mode 770 before a live dump can be run.
be used on devices with a block size other than DEV_BSIZE (512),
which specifically includes being unable to run on a swap-backed
md device. Swap-backed md devices use a 4k block size.
a non-fsid unmount if the file system ID is all zeros. This is a
temporary workaround for warnings that occur in the vfs.usermount=1
case because non-root users get a zeroed filesystem ID. I have a
more complete fix in the works, but I won't get it done for 5.2.
of trying to directly create the snapshot itself. This change allows
users logged into the system as operator to run live dumps.
Note that dump no longer tries to create the snapshot in the root of
the filesystem, but rather in a .snap directory in the root of the
filesystem. The reason is that the operator is usually not permitted
to write into the root of the filesystem. The newfs command and
background fsck have both been modified to create a .snap directory
in the root of the filesystem, but if neither of these have been run,
then the .snap directory must be created manually by the superuser
before a live dump can be run. The .snap directory should be owned
by user root and group operator and set to mode 770.
of newfs, to signify the newfs operation has not yet completed. Re-
write the superblock with the correct magic number once all of the
cylinder groups have been created to show the operation has finished.
Sponsored by: St. Bernard Software
dynamically linked. This has been a long time coming with the move of
critical libraries from /usr/lib to /lib. If you don't feel comfortable
with dynamically linked binaries in your root partition, now is the
time to define NO_DYNAMICROOT in your make.conf.
Approved by: re
- using (intmax_t) and %j
- giving a non-empty format string to msg()
Include <stdint.h> directly instead of depending on <inttypes.h>
to do it.
Tested by: make universe
- #include <timeconv.h> for _time_to_time32 et al
- use (uintmax_t) and %j
- remove unused variable 'j' (from PR 39866)
PR: 39866
Submitted by: Dan Lukes <dan@obluda.cz>
Tested by: make universe
- declaring 'mode2str' as returning a 'const char *'
- prototyping all function
- rename the argument 'version' to 'ver', not to shadow
the now prototyped function 'version'.
Also mark it as WARNS?= 6 clean to try to keep it clean.
Tested by: make universe (including amd64)
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
is specified.
- changed the syntax how to define a policy of a ICMPv6 type and/or a
code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none;
- random cleanup in parser.
- use yyfatal, or return -1 after yyerror.
- deal with strdup() failure.
- permit scope notation in policy string (-P
esp/tunnel/foo%scope-bar%scope/use)
- simplify /prefix and [port].
- g/c some unused symbols.
Obtained from: KAME
has been called, since it points to a shared inode buffer that may
be overwritten. The two cases where `dp' was used incorrectly appear
to have been overlooked when "nodump" inheritance was first added
in revision 1.12.
This is reported to correct propagation of the nodump flag on
directories that are larger than one block in size.
PR: bin/58912
Submitted by: Volker Paepcke <vpaepcke@incore.de>
MFC after: 1 week
a new filesystem. Dump and fsck will create snapshots in this
directory rather than in the root for two reasons:
1) For terabyte-sized filesystems, the snapshot may require many
minutes to build. Although the filesystem will not be suspended
during most of the snapshot build, the snapshot file itself is
locked during the entire snapshot build period. Thus, if it is
accessed during the period that it is being built, the process
trying to access it will block holding its containing directory
locked. If the snapshot is in the root, the root will lock and
the system will come to a halt until the snapshot finishes. By
putting the snapshot in a subdirectory, it is out of the likely
path of any process traversing through the root and hence much
less likely to cause a lock race to the root.
2) The dump program is usually run by a non-root user running with
operator group privilege. Such a user is typically not permitted
to create files in the root of a filesystem. By having a directory
in group operator with group write access available, such a user
will be able to create a snapshot there. Having the dump program
create its snapshot in a subdirectory below the root will benefit
from point (1) as well.
Sponsored by: DARPA & NAI Labs.
remove a snapshot file from the directory in which they have requested
to have it made. If they do not have write permission in the directory
or the directory is sticky and not owned by the user, then they
will not be able to remove the snapshot when they are done with it.
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.
This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.
Approved By: re (in principle)
Reviewed By: njl, imp
Tested On: i386, amd64, sparc64
Obtained From: NetBSD (if_xname)
is returned from the card to the driver. Add a counter that shows
how many times this allocation has failed. Note, that we could even
further delay the allocation of the mbuf until we know, that we need it
(there are no receive errors and the connection is open). This will be done
in a later commit.
Print the new statistics field in atmconfig.
and to make sure that we catch oversized arguments rather than silently
truncate them. I dont know if sscanf will reject an integer if it will
not fit in the short return variable or not, but this way it should be
detected.
a generalized notification mechanism for subsystems wishing to report
events.
Revieded by: njl
# The kernel side seems like it might be causing panics for me, but should
# be forthcoming shortly.
(aka RFC2292bis). Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.
Obtained from: KAME
o WARNS should be WARNS?= (broke in rev 1.21).
o Includes should be sorted.
o Move "mntopt.h" out of the standard includes section.
o Rewrite usage() to match the manual page and make it < 80 characters.
o Remove extra .El call on line 187. It is unused and causes mdoc(7) warnings.
Discussed with: bde
original intention of the less restrictive permissions was to allow
users to move or delete recovered files that they own. However, it
is better to not create world-writable directories by default; the
administrator can always pre-create lost+found if different permissions
are desired.
Reviewed by: mckusick
the stack to the heap to work around a problem on ia64. Now, roughly
16 months and two compiler updates later, it isn't an issue anymore
in the sense that putting a 1M buffer on the stack just works and we
don't actually need to work around anything anymore.
However, since there's no advantage or need to put the buffer on the
stack (again), this change merely removes the XXX comment describing
that there's an explicit reason for the heap allocation. Hence, this
change is a functional no-op.
PR: ia64/38677
filesystem that is checked in background. Create the snapshot in this
directory rather than in the root. There are two benefits:
1) For terabyte-sized filesystems, the snapshot may require many
minutes to build. Although the filesystem will not be suspended
during most of the snapshot build, the snapshot file itself is
locked during the entire snapshot build period. Thus, if it is
accessed during the period that it is being built, the process
trying to access it will block holding its containing directory
locked. If the snapshot is in the root, the root will lock and
the system will come to a halt until the snapshot finishes. By
putting the snapshot in a subdirectory, it is out of the likely
path of any process traversing through the root and hence much
less likely to cause a lock race to the root.
2) The dump program is usually run by a non-root user running with
operator group privilege. Such a user is typically not permitted
to create files in the root of a filesystem. By having a directory
in group operator with group write access available, such a user
will be able to create a snapshot there. Having the dump program
create its snapshot in a subdirectory below the root will benefit
from point (1) as well.
Sponsored by: DARPA & NAI Labs.
and the logic for setting them according to the partition size.
Instead, unspecified filesystem values are left at 0 so that newfs
will use its own defaults. It just caused confusion to have the
defaults duplicated in two different places.
Reviewed by: phk
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers. With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.
Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.
PR: 55843
Reviewed by: ru
Approved by: ru
MFC after: 30 days
of do_cmd() broke things, because this function assumes that a socklen_t
is large enough to hold a pointer.
A real solution to this problem would be a rewrite of do_cmd() to
treat the optlen parameter consistently and not use it to carry
a pointer or integer dependent on the context.
The immediate purpose for this option is to use it in rc.d so that we
can make savecore behavior conditional.
Tremendous assistance with ideas and sanity checking provided by tjr
and b@etek.chalmers.se.
