ERR_load_crypto_strings() was deprecated in OpenSSL 1.1.0, and explicit
initialization is generally not reqiured. In the case of dumpon however
we initialize prior to entering capability mode, so replace with an
OPENSSL_init_crypto call.
Reviewed by: def, Pierre Pronchery
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40353
ERR_load_crypto_strings is deprecated in OpenSSL 1.1, and OpenSSL 1.1
generally does not require explicit initialization. However, we do need
to ensure that initialization is done before entering capability mode so
call OPENSSL_init_crypto instead. Also include header needed for
ERR_error_string.
Reviewed by: vangyzen
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40343
Make struct pfsync_state contents configurable by sending out new
versions of the structure in separate subheader actions. Both old and
new version of struct pfsync_state can be understood, so replication of
states from a system running an older kernel is possible. The version
being sent out is configured using ifconfig pfsync0 … version XXXX. The
version is an user-friendly string - 1301 stands for FreeBSD 13.1 (I
have checked synchronization against a host running 13.1), 1400 stands
for 14.0.
A host running an older kernel will just ignore the messages and count
them as "packets discarded for bad action".
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D39392
The previous change to CGSIZE had the unintended side-effect of allowing
newfs and makefs to create file systems that would fail validation when
examined by older commands and kernels, by allowing newfs/makefs to pack
slightly more blocks into a CG than those older binaries think is valid.
Fix this by having newfs/makefs artificially restrict the number of blocks
in a CG to the slightly smaller value that those older binaries will accept.
The validation code will continue to accept the slightly larger value
that the current newfs/makefs (before this change) could create.
Fixes: 0a6e34e950
Reviewed by: mckusick
MFC after: 3 days
Sponsored by: Netflix
When loading the root directory ensure that it is a directory
and has a size greater than the minimum directory size. If an
invalid root directory is found, fall back to full fsck.
Reported-by: Robert Morris
PR: 271414
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
When checking an inode ensure that it does not have a negative size.
Stop scaning a directory when an unallocated block is found.
Fully clear an inode when it is first allocated.
Ensure that an inode is marked dirty whenever it is updated and that
it has a correct check hash when it is released.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Check for valid block numbers while loading journal entries that
contain block numbers. If an invalid block number is found, fall
back to full fsck.
Reported-by: Robert Morris
PR: 271383
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Check for valid file size before processing journal entries for it.
Done by extracting the file size check from pass1.c into chkfilesize()
then using it in the journal code in suj.c
Reported-by: Robert Morris
PR: 271378
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
The last valid inode in the filesystem is maxino - 1, not maxino.
Thus validity checks should ino < maxino, not ino <= maxino.
Reported-by: Robert Morris
PR: 271312
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Always create a directory inode structure when a directory inode is
found in Pass 1 as it is not known whether it will be saved or removed
in later passes. If it is to be saved the directory inode structure
is needed to track its status and fsck_ffs(8) will segment fault if
it does not exist.
Reported-by: Robert Morris
PR: 271310
PR: 271354
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
This change modifies dumpon to print out the last error from OpenSSL
when `PEM_read_RSA_PUBKEY` fails. This allows end-users to diagnose why
reading in RSA pubkey files fails so they can adjust the usage to meet
the needs of the command.
MFC after: 1 week
Commit fe5e6e2 improved FFS directory placement when creating new
directories. It is done by keeping track of the depth of directories
in the filesystem and placing those lower in the tree closer together
while spreading out those higher in the tree.
Fsck_ffs(8) checks these depths and if incorrect adjusts them to
their correct value. When running in background fsck_ffs(8) needs
to be able to make an adjustment to the depth. This commit adds
the sysctl to make such an adjustment and adds the code to fsck_ffs(8)
to use the new sysctl.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Internally, inet and inet6 family handlers store state for
address addition and deletion separately, as, for example,
"ifconfig lo0 inet 127.0.0.2/32" triggers a) deletion of the
first interface address and b) addition of a new one.
The current logic behind handling "-alias" being the last argument
is to copy the address from "addition" state to the "deletion"
state. It is done by the generic ifconfig code, which explicitly
typecasts opaque handler state pointers to "struct ifreq", which
doesn't work in the Netlink case.
Fix this by introducing family-specific "af_copyaddr" handler,
which removes the peeking & typecasting logic from the generic code.
Reported by: otis
Tested by: otis
The default location for home directories is moving from /usr/home
to /home, including the default zfs datasets. Update accordingly.
Add zroot/usr/src as replacement example of nested datasets.
While here, mark zroot/var as "canmount off" as per current setup.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D40206
The default location for home directories is moving from /usr/home
to /home. Update the examples accordingly.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D40205
The structure consists of all current context - arguments,
open sockets, current family and so on.
Pass this structure as a first argument to most of the af_ menthods.
This allows to propagate and update shared data without using
global variables.
The diff is pretty large, but de-facto mechanical. All changes
except the structure setup in ifconfig[_netlink].c are one-line
mechanical changes.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D40239
MFC after: 2 weeks
Cleanup compiler warnings in preparation to set Wextra and remove WARNS?=2
Differential Revision: https://reviews.freebsd.org/D40238
MFC after: 2 weeks
Add -j <jail> flag to ifconfig to allow ifconfig to attach and run inside a
jail. This allow parent to configure network interfaces of its children
even if ifconfig is not available in child's tree (e.g. Linux Jails)
Reviewed by: emaste, khng, melifaro
Event: Kitchener-Waterloo Hackathon 202305
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D40213
Currently carp implementation peeks into the opaque 'afp->af_addreq'
buffer, assumes it knows the af-specific layout and assigns vhid
directly.
Simplify the code and remove abstraction leak by introducing per-afp
callback for setting vhid.
This change is a pre-requisite to set addresses via Netlink,
as Netlink implementiation uses different structure layout.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D40160
MFC after: 2 weeks
getaddrinfo() returns 0 if it succeeded, but it's not guaranteed to
return 1 on error. Check for success rather than for one specific error.
Without this fix commands such as `ifconfig bnxt1 inet6 add vhid 1 peer6
2001:db8::1/64` would segfault ifconfig.
Sponsored by: Rubicon Communications, LLC ("Netgate")
When trying to auto-load a module, we trim the interface number off
the end. Currently we stop at the first digit. For interfaces which
have numbers in the driver name this does not work well.
In the current example ifconfig ath10k0 would load ath(4) instead of
ath10k(4). For module/interface names like rtw88[0] we never guess
correctly.
To improve for the case we can, start trimming off digits from the
end rather than the front.
Sponsored by: The FreeBSD Foundation
Reported by: thierry
MFC after: 20 days
Reviewed by: melifaro, thierry
Differential Revision: https://reviews.freebsd.org/D40137
The cylinder group header structure ended with `u_int8_t cg_space[1]'
representing the beginning of the inode bitmap array. Some architectures
like the i386 rounded this up to a 4-byte boundry while other
architectures like the amd64 rounded it up to an 8-byte boundry.
Thus sizeof(struct cg) was four bytes bigger on an amd64 machine
than on an i386 machine. If a filesystem created on an i386 machine
was moved to an amd64 machine, the size of the cylinder group
calculated by the CGSIZE macro would appear to grow by four bytes.
Filesystems whose cylinder groups were exactly equal to the block
size on an i386 machine would appear to have a cylinder group that
was four bytes too big when moved to an amd64 machine. Note that
although the structure appears to be too big, it in fact is fine.
It is just the calaculation of its size that is in error.
The fix is to remove the cg_space element from the cylinder-group
structure so that the calculated size of the structure is the same
size on all architectures.
Reported by: Tijl Coosemans
Tested by: Tijl Coosemans and Peter Holm
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
This change is a prerequisite for netlink conversion.
No functional changes intended.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D40033
MFC after: 2 weeks
The SPDX folks have obsoleted the BSD-2-Clause-NetBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
