WARNS=6. I don't change the WARNS level in the Makefile because I
didn't tested this on other archs.
The fs.h fix was suggested by: marcel
Reviewed by: md5(1)
- Use the %jd format and a cast to intmax_t to print an int64_t.
- The return type of getopt() is an int, not a char.
This fixes some warnings but there's still much more work to do here.
MAC support on the file system, if supported, which causes MAC to treat
each object as having its own label, rather than using a single label
for all objects on the file system. This doesn't have to be used in
combination with the tunefs/newfs flags -- it's an alternative.
length, and flags fields at the end of the SRM boot sector so that SRM can
find the bootstrap code. This fixes bsdlabel -m alpha to generate bootable
disklabels.
Reviewed by: phk
/sbin to /usr/sbin. A symlink from /sbin/nologin -> /usr/sbin/nologin
is created for compatibility purposes.
This will probably not cause any problems, but anyone who is doing
anything particularly unusual with nologin(8) or shells in general might
be well advised to check that everything still works.
Bikesheds on: cvs-all, current
On vnode backed md(4) devices over a certain, currently undetermined
size relative to the buffer cache our "lemming-syncer" can provoke
a buffer starvation which puts the md thread to sleep on wdrain.
This generally tends to grind the entire system to a stop because the
event that is supposed to wake up the thread will not happen until a fair
bit of the piled up I/O requests in the system finish, and since a lot
of those are on a md(4) vnode backed device which is currently waiting
on wdrain until a fair amount of the piled up ... you get the picture.
The cure is to issue all VOP_WRITES on the vnode backing the device
with IO_SYNC.
In addition to more closely emulating a real disk device with a
non-lying write-cache, this makes the writes exempt from rate-limited
(there to avoid starving the buffer cache) and consequently prevents
the deadlock.
Unfortunately performance takes a hit.
Add "async" option to give people who know what they are doing the
old behaviour.
- Add DECL wrappers to libgeom.h.
- Rename structure members in libgeom.h to use a lg_ prefix for member
names. This is required because a few structures had members named
'class' which made g++ very unhappy.
- Catch gstat(8) and gconcat(8) up to these API changes.
Reviewed by: phk
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.
Approved by: bms(mentor)
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).
There are places where (void *) pointers are not valid, such as for
function pointers, but in the special case of (void *)0, agreement
settles on it being OK.
Most of the fixes were NULL where an integer zero was needed; many
of the fixes were NULL where ascii <nul> ('\0') was needed, and a
few were just "other".
Tested on: i386 sparc64
- bzero the CCB header in getdevtree() and set the path properly, to
avoid having random garbage in the CCB header.
- if the lun isn't specified in a device specifier, it should default to
0, not whatever random data happens to be in the lun variable.
- move the prototype for getdevtree() out from under #ifndef MINIMALISTIC,
since it is used in both cases.
Submitted by: Marius Strobl <marius@alchemy.franken.de> (mostly)
MFC After: 2 weeks
libexec/ftp-proxy - ftp proxy for pf
sbin/pfctl - equivalent to sbin/ipf
sbin/pflogd - deamon logging packets via if_pflog in pcap format
usr.sbin/authpf - authentification shell to modify pf rulesets
Bring along some altq headers used to satisfy pfctl/authpf compile. This
helps to keep the diff down and will make it easy to have a altq-patchset
use the full powers of pf.
Also make sure that the pf headers are installed.
This does not link anything to the build. There will be a NO_PF switch for
make.conf once pf userland is linked.
Approved by: bms(mentor)
like tun are naming their modules using the 'if_; prefix and previous version of
the code failed to detect their presence in the kernel, resulting in the same
module being loaded twice.
created with the multilabel flag from inception. This simply
passes the "-l" flag on to newfs(8).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
permits users of newfs to set the multilabel flag on UFS1 and UFS2
file systems from inception without using tunefs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
nologin(8), this causes a considerable (100K) increase in the binary size,
so I've added a NO_LOGIN_LOG option which disables this.
While I'm here, s/sizeof(MESSAGE)/sizeof(MESSAGE) - 1/, in order to
avoid writing the string-terminating zero byte.
No complaints from: -current
Approved by: rwatson (mentor)
the corresponding manpage has been committed.
The rest of "vlan" words, which are refering
to the technology itself, should be capitalized.
MFC after: 1 week
"makedev" command for backwards compatibility, but just print out an
informational message (this was the current behaviour, anyway) and remove
it from the documentation.
Approved by: grog (mentor)
that ext2fs in the kernel supports async mounts. ext2fs used to
effectively force the -async flag on. -async for ext2fs only gives
async (more precisely, delayed) writes for inode updates, so it is
barely worth using even when it is safe.
This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.
Sponsored by: sentex.net
These files had tags after the copyright notice,
inside the comment block (incorrect, removed),
and outside the comment block (correct).
Approved by: rwatson (mentor)
- Ensure that the buffer ends with "\n\0" to avoid special cases
and allow the use of strtol().
- Use strvisx() on each complete line instead of character by
character.
Submitted by: bde
MFC after: 1 week
lookup on an IP address from the packet (such as the IP that sent
a TTL exceeded error). If the DNS lookup takes a long time, ^C will
appear to be ineffective since the SIGINT handler just sets a flag
and returns. Work around this by exiting immediately on receipt of
a second SIGINT when DNS lookups are enabled.
PR: bin/4696
MFC after: 1 week
full, since that line is almost always incomplete. Make the parsing
of <%d> lines more strict.
Also simplify the logic a little:
- Start off by making the buffer linear so that we don't have to
deal with it wrapping around (suggested by bde).
- Process line by line rather than byte at a time.
has now has no effect except in combination with -p, and plain fsck
checks all file systems instead of skipping clean ones for msdosfs
only.
Renamed the force flag to skipclean and inverted its logic as in
fsck_ffs.
combined with the the signature check in a wrong way (basically
(dirty:= signature_recognised() && !clean) instead of
(mightbedirty:= !signature_recognized || !clean), so file systems
with unrecognized signatures were considered clean. Many of the
don't-care and reserved bits were not ignored, so some file systems
with valid signatures were unrecognized. One of my FAT32 file systems
has a signature of f8,ff,ff,ff,ff,ff,ff,f7 when dirty, but only
f8,ff,ff,0f,ff,ff,ff,07 was recognised as dirty for FAT32, so the
fail-unsafeness made my file system always considered clean.
Check the i/o non-error bit in checkdirty(). Its absence would give
an unrecognized signature in code that is unaware of it, but we now
mask it out of the signature so we have to check it explicitly. This
combines naturally with the check of the clean bit.
Reviewed by: rnordier (except for final details)
better. There is a related I/O error flag which we don't support in
the kernel but must support here. (Support for bits that we don't
understand here is mostly automatic by fail-safeness, but checkdirty()
has fail-unsafeness.) There are some reserved and don't-care bits
that weren't fully documented and aren't always masked properly. The
comment about the bits in readfat() will be removed when the masking
is fixed.
Submitted by: rnordier
reorganize the printing of the interface name when using wildcard
cloning so it is not printed if it we either immediately rename or
destroy the interface.
Reviewed by: ru
in those cases:
1. File system was mounted by an unprivileged user.
2. File system was mounted by an unprivileged root user.
3. File system was mounted by a privileged non-root user.
Point 1 is when file system was mounted by unprivileged user
(sysctl vfs.usermount was equal to 1 then).
Point 2 is when file system was mounted by root, while sysctl
security.bsd.suser_enabled is set to 0 and sysctl vfs.usermount
is set to 1.
Point 3 is because we want to be ready for capabilities.
Reviewed by: rwatson
Approved by: scottl (mentor)
from the sdl because strlcpy requires that the source string be
NUL-terminated unlike strncpy.
Submitted by: Peter Jeremy <PeterJeremy at optushome dot com dot au>
name.
Prevent the kernel from potentially overflowing the interface name
variable. The size argument of strlcpy is complex because the name is
not null-terminated in sdl_data.
return for getopt() and comparing to -1, ditto with fgetc() and EOF,
and using the kg_nice value from <sys/user.h>
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
Reviewed by: obrien, bde (a while back)
Tested lightly on: ppc, i386, make universe
- Unify the conditional assignments section so that architectural
exclusions come first, then options and !options, sorted by the
option name, also in directory order, then architecture specific
sections, sorted by the architecture name, with i386 being a
traditional exception.
Prodded by: bde
this program. Gnu indentation is used for these. Redo the fix for
the large expression at the end of the previous commit to give gnu
indentation. The original version was gnuish but had 9 bogus extra
characters of indentation in its continuation lines, perfect tab
lossage on every line, and other bugs.
The previous commit log should have claimed to fix style bugs in the
previous-1 commit (1.5), not the forced null previous commit (1.6).
Declare perror(). We define and use a home made version of perror(3)
that can't simply be removed (although it has the same interface as
perror(3)) since it is very different (it prints on stdout, doesn't
always print the program name, and sometimes exits). Declare it to
get a reminder of this brokenness when WARNS is increased enough.
became garbage when block devices were axed and were removed a few
months later, but they came back (with hotroot renamed to hot + hotroot())
when the NetBSD fsck was mismerged.
- Don't use errexit() to (mis)implement usage(). Using errexit() just
gave the bogus exit code 8.
- Fixed 3 other style bugs in usage().
fsck/fsutil.[ch]:
- Garbage-collected errexit(). It is essentially just one of NetBSD's
fsck_ext2fs error printing functions, but we don't have fsck_ext2fs
and the function is unsuitable for use there too (since pfatal() is
also used and it printf to a different stream).
add one if the SYN flag was set in the original packet. This seems to make
ip6fw reset work correctly for new and in-progress connections. Update
the man page to reflect the fact it now seems to work.
Glanced at by: ume
MFC after: 2 weeks
rule, thus omitting the entire body.
This makes the output a lot more readable for complex rulesets
(provided, of course, you have annotated your ruleset appropriately!)
MFC after: 3 days
is all zeros. The kernel now consistently zeroes FSIDs for non-root
users, so there's no point in printing these.
Also fix a number of compiler warnings, including two real bugs:
- a bracket placement bug caused `mount -t ufs localhost:/foo /mnt'
to override the `-t ufs' specification and use mount_nfs.
- an unitialised variable was used instead of _PATH_SYSPATH when
warning that the mount_* program cound not be found.
Submitted by: Rudolf Cejka <cejkar@fit.vutbr.cz> (FSID part)
Approved by: re (scottl)
is all zeros. The kernel now consistently zeroes FSIDs for non-root
users, so there's no point in printing these. Also fix a misspelling
in a comment.
Submitted by: Rudolf Cejka <cejkar@fit.vutbr.cz>
Approved by: re (scottl)
in /etc/ttys. Before this fix, once the count of active services
reaches 0, one could never restart any more without a reboot.
Steve Passe did the leg work on this patch. After he found the fix,
we discovered that an identical fix had been made to NetBSD.
Approved by: re@ <scottl>
Approval tool: peril sensitive sunglasses
The sconfig utility supports more than just cx boards, and those drivers
will make their way into FreeBSD shortly (maybe before 5.2).
Confirmed that this doesn't break the build.
Submitted by: Roman Kurakin <rik@cronyx.ru>
Approved by: re@ <scottl>
+ Patch is not my friend, but an evil toad
Remove redunant copy of each of these files that patch appended to them.
# Still not connected to the build.
Approved by: re@ <scottl>
This is the new cronyx serial control program.
# A future commit will remove the old driver/userland pieces and connect things
# to the build.
Submitted by: Roamn Kurakin <rik@cronyx.ru>
code is compiled in to support the O_IPSEC operator. Previously no
support was included and ipsec rules were always matching. Note that
we do not return an error when an ipsec rule is added and the kernel
does not have IPsec support compiled in; this is done intentionally
but we may want to revisit this (document this in the man page).
PR: 58899
Submitted by: Bjoern A. Zeeb
Approved by: re (rwatson)
parameter checking introduced in vfs_mount.c r1.113 rejects them
otherwise.
Submitted by: R. Imura <imura at ryu16 dot org>
Approved by: re (scottl,rwatson)
to gcc have not been made for ia64, which means that executables still
have /usr/libexec/ld-elf.so.1 as the dynamic linker. This simply does
not work if /usr is a seperate filesystem not mounted when the kernel
tries to execute init(8).
Note that this is a temporary fix until a new gcc has been imported
that does have the required changes.
Approved: re@
in the .snap directory in the root of the filesystem being dumped.
Document that if the .snap directory is missing that it must be
created manually and that it should be owned by user root and
group operator and set to mode 770 before a live dump can be run.
be used on devices with a block size other than DEV_BSIZE (512),
which specifically includes being unable to run on a swap-backed
md device. Swap-backed md devices use a 4k block size.
a non-fsid unmount if the file system ID is all zeros. This is a
temporary workaround for warnings that occur in the vfs.usermount=1
case because non-root users get a zeroed filesystem ID. I have a
more complete fix in the works, but I won't get it done for 5.2.
of trying to directly create the snapshot itself. This change allows
users logged into the system as operator to run live dumps.
Note that dump no longer tries to create the snapshot in the root of
the filesystem, but rather in a .snap directory in the root of the
filesystem. The reason is that the operator is usually not permitted
to write into the root of the filesystem. The newfs command and
background fsck have both been modified to create a .snap directory
in the root of the filesystem, but if neither of these have been run,
then the .snap directory must be created manually by the superuser
before a live dump can be run. The .snap directory should be owned
by user root and group operator and set to mode 770.
of newfs, to signify the newfs operation has not yet completed. Re-
write the superblock with the correct magic number once all of the
cylinder groups have been created to show the operation has finished.
Sponsored by: St. Bernard Software
dynamically linked. This has been a long time coming with the move of
critical libraries from /usr/lib to /lib. If you don't feel comfortable
with dynamically linked binaries in your root partition, now is the
time to define NO_DYNAMICROOT in your make.conf.
Approved by: re
- using (intmax_t) and %j
- giving a non-empty format string to msg()
Include <stdint.h> directly instead of depending on <inttypes.h>
to do it.
Tested by: make universe
- #include <timeconv.h> for _time_to_time32 et al
- use (uintmax_t) and %j
- remove unused variable 'j' (from PR 39866)
PR: 39866
Submitted by: Dan Lukes <dan@obluda.cz>
Tested by: make universe
- declaring 'mode2str' as returning a 'const char *'
- prototyping all function
- rename the argument 'version' to 'ver', not to shadow
the now prototyped function 'version'.
Also mark it as WARNS?= 6 clean to try to keep it clean.
Tested by: make universe (including amd64)
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
is specified.
- changed the syntax how to define a policy of a ICMPv6 type and/or a
code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none;
- random cleanup in parser.
- use yyfatal, or return -1 after yyerror.
- deal with strdup() failure.
- permit scope notation in policy string (-P
esp/tunnel/foo%scope-bar%scope/use)
- simplify /prefix and [port].
- g/c some unused symbols.
Obtained from: KAME
has been called, since it points to a shared inode buffer that may
be overwritten. The two cases where `dp' was used incorrectly appear
to have been overlooked when "nodump" inheritance was first added
in revision 1.12.
This is reported to correct propagation of the nodump flag on
directories that are larger than one block in size.
PR: bin/58912
Submitted by: Volker Paepcke <vpaepcke@incore.de>
MFC after: 1 week
a new filesystem. Dump and fsck will create snapshots in this
directory rather than in the root for two reasons:
1) For terabyte-sized filesystems, the snapshot may require many
minutes to build. Although the filesystem will not be suspended
during most of the snapshot build, the snapshot file itself is
locked during the entire snapshot build period. Thus, if it is
accessed during the period that it is being built, the process
trying to access it will block holding its containing directory
locked. If the snapshot is in the root, the root will lock and
the system will come to a halt until the snapshot finishes. By
putting the snapshot in a subdirectory, it is out of the likely
path of any process traversing through the root and hence much
less likely to cause a lock race to the root.
2) The dump program is usually run by a non-root user running with
operator group privilege. Such a user is typically not permitted
to create files in the root of a filesystem. By having a directory
in group operator with group write access available, such a user
will be able to create a snapshot there. Having the dump program
create its snapshot in a subdirectory below the root will benefit
from point (1) as well.
Sponsored by: DARPA & NAI Labs.
remove a snapshot file from the directory in which they have requested
to have it made. If they do not have write permission in the directory
or the directory is sticky and not owned by the user, then they
will not be able to remove the snapshot when they are done with it.
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.
This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.
Approved By: re (in principle)
Reviewed By: njl, imp
Tested On: i386, amd64, sparc64
Obtained From: NetBSD (if_xname)
is returned from the card to the driver. Add a counter that shows
how many times this allocation has failed. Note, that we could even
further delay the allocation of the mbuf until we know, that we need it
(there are no receive errors and the connection is open). This will be done
in a later commit.
Print the new statistics field in atmconfig.
and to make sure that we catch oversized arguments rather than silently
truncate them. I dont know if sscanf will reject an integer if it will
not fit in the short return variable or not, but this way it should be
detected.
a generalized notification mechanism for subsystems wishing to report
events.
Revieded by: njl
# The kernel side seems like it might be causing panics for me, but should
# be forthcoming shortly.
(aka RFC2292bis). Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.
Obtained from: KAME
o WARNS should be WARNS?= (broke in rev 1.21).
o Includes should be sorted.
o Move "mntopt.h" out of the standard includes section.
o Rewrite usage() to match the manual page and make it < 80 characters.
o Remove extra .El call on line 187. It is unused and causes mdoc(7) warnings.
Discussed with: bde
original intention of the less restrictive permissions was to allow
users to move or delete recovered files that they own. However, it
is better to not create world-writable directories by default; the
administrator can always pre-create lost+found if different permissions
are desired.
Reviewed by: mckusick
the stack to the heap to work around a problem on ia64. Now, roughly
16 months and two compiler updates later, it isn't an issue anymore
in the sense that putting a 1M buffer on the stack just works and we
don't actually need to work around anything anymore.
However, since there's no advantage or need to put the buffer on the
stack (again), this change merely removes the XXX comment describing
that there's an explicit reason for the heap allocation. Hence, this
change is a functional no-op.
PR: ia64/38677
filesystem that is checked in background. Create the snapshot in this
directory rather than in the root. There are two benefits:
1) For terabyte-sized filesystems, the snapshot may require many
minutes to build. Although the filesystem will not be suspended
during most of the snapshot build, the snapshot file itself is
locked during the entire snapshot build period. Thus, if it is
accessed during the period that it is being built, the process
trying to access it will block holding its containing directory
locked. If the snapshot is in the root, the root will lock and
the system will come to a halt until the snapshot finishes. By
putting the snapshot in a subdirectory, it is out of the likely
path of any process traversing through the root and hence much
less likely to cause a lock race to the root.
2) The dump program is usually run by a non-root user running with
operator group privilege. Such a user is typically not permitted
to create files in the root of a filesystem. By having a directory
in group operator with group write access available, such a user
will be able to create a snapshot there. Having the dump program
create its snapshot in a subdirectory below the root will benefit
from point (1) as well.
Sponsored by: DARPA & NAI Labs.
and the logic for setting them according to the partition size.
Instead, unspecified filesystem values are left at 0 so that newfs
will use its own defaults. It just caused confusion to have the
defaults duplicated in two different places.
Reviewed by: phk
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers. With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.
Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.
PR: 55843
Reviewed by: ru
Approved by: ru
MFC after: 30 days
of do_cmd() broke things, because this function assumes that a socklen_t
is large enough to hold a pointer.
A real solution to this problem would be a rewrite of do_cmd() to
treat the optlen parameter consistently and not use it to carry
a pointer or integer dependent on the context.
The immediate purpose for this option is to use it in rc.d so that we
can make savecore behavior conditional.
Tremendous assistance with ideas and sanity checking provided by tjr
and b@etek.chalmers.se.
need for libstdc++ in /lib, and the generated binary is actually smaller
statically linked than dynamically + sizeof(libstdc++). Additionally,
devd doesn't use get*by*() which is one of the main motivations for
dynamically linking your root partition anyway.
WITH_DYNAMICROOT, which will toggle the generation of dynamically-linked
binaries for installation in /bin and /sbin. It is currently off,
meaning that /bin and /sbin are still statically linked by default.
If something goes wrong (which I hope doesn't), this is what /rescue is
all about. Please do not try to use WITH_DYNAMICROOT and NO_RESCUE to
save space or some other equally silly reason. If you do and end up
having problems, you have been warned.
Update ffsinfo(8) to use new UFS2 support in the growfs(8) debugging
functions. Largely consists of renaming fields and types to be aware
of the UFS1/UFS2 distinction, relying on libufs(3) to open and sanity
check the device/file/label accessed.
Since libufs(3) now handles label/UFS interactions, remove -L argument.
Note: when submitted, this patch had substantial style changes. I've
attempted to remove the restyling from the patch to separate the
functional and style changes.
Submitted by: Lukas Ertl <l.ertl@univie.ac.at>
PR: bin/53517
Add support for UFS2 to the UFS debugging routines in growfs; required
to update ffsinfo(8) for UFS2. A variety of types and fs variables are
renamed to reflect UFS1/2 structures. Also, the print routines for
inodes are now split into separate UFS1 and UFS2 versions. We now
define dbg_dump_csum_total(), but lose the printing of rotational
information since that's not present in UFS2. In the future, we may
want to re-add this functionality to print it solely for UFS1.
Submitted by: Lukas Ertl <l.ertl@univie.ac.at>
PR: bin/53517
masks for files and directories. This should make some
of the Midnight Commander users happy.
Remove an extra ')' in the manual page.
PR: 35699
Submitted by: Eugene Grosbein <eugen@grosbein.pp.ru> (original version)
Tested by: simon
stuff. This utility allows inspection of the ATM characteristics,
the PHY layer, including statistics of both, the retrival of the
list of currently open channels and also allows access to utopia(4).
The old way of just returning could result in a file system
extremely likely to panic the kernel. The warning printed
wouldn't help much since tools invoking newfs(8), e.g., mdmfs(8),
couldn't detect the error.
PR: bin/55078
MFC after: 1 week
1: add 'const' to char * where needed;
2: mark unused variables with __unused;
3: remove double prototypes for mode_edit and mode_list.
4: moves the global variables 'bus', 'target', and 'lun' into
the main function and protect them with #ifndef MINIMALISTIC,
5: renames 3 variable in order not to shadow other things
index -> indx -- in modepage_dump since index is a function
from <strings.h.>
arglist -> arglst -- in the function parse_btl since arglist
is also a global variable
convertend -> convertend2 -- in the function editentry_set
since that name is used two times within the function.
6: cast 0xffffffff in the macro RESOLUTION_MAX(size) to (int)
since it is unsigned otherwise.
Tested by: make universe
Approved by: ken
The old firmware (3.0.1) can still be used by specifying the '-3' option
to fore_dnld.
Document the -r option that resets the adapter prior to the download.
Ther newer firmware version allows traffic shaping.
requests if the interface has an active link. This is a
great benefit if you often change networks with your laptop
and you do not like to kill/restart dhclient all the time.
Changes are automatically detected and the link is refreshed.
The change allows us to start dhclient in background mode
Enable dhclient to poll the interface state and send only
requests if the interface has an active link. This is a
great benefit if you often change networks with your laptop
and you do not like to kill/restart dhclient all the time.
Changes are automatically detected and the link is refreshed.
The change allows us to start dhclient in background mode
while the network cable is not plugged in.
To control the polling interval, the option -i has been
introduced. It takes seconds as parameter, the minimum is
one second, the default is five seconds.
Polling is done in seconds, not microseconds, because dhclient
does internally work with timeouts in seconds.
This change will be part of the next major ISC-dhcpd release.
Tested by: bms, imp, and many many others.
Reviewed by: murray, eivind, dhclient folks
- remove some instances of __P()
- use real prototypes and un-K&R function headers
- constify where necessary (mostly strings and structures containing
strings)
- make functions and variables static that need not to be global
- tag unused function parameters as __unused
Testing: a fresh universe
than at the vendor. We have three different Fore cards and only the PCA200
need the microcode. Look also at the RAM address and load the code only if
it is not zero. A zero RAM address means either a bug in the driver or
this is a interface created by harp(4) in which case fatm(4) handles the
microcode issue.
The output format specifier for the round-trip time in ping6 should be
changed to %.3f instead of %g since %g doesn't accurately represent the
precision of the number being output. In particular, %g truncates trailing
zeroes. 0.01 ms does not mean the same thing as 0.010 ms. Although they
are numerically identical, they do not have the same precision.
PR: bin/52324, bin/52750
Submitted by: dg
MFC after: 1 week
and make it work more reliably in a number of cases that have
traditionally been troublesome. The new behaviour is:
1) If the filesystem can be determined by the fsid or device,
or uniquely identified by the mountpoint, then just go ahead
and call unmount(2) using the file system ID.
2) Otherwise use fstatfs(2) to resolve the path into a file system
ID (checking with stat(2) that it is a filesystem root directory).
Case 2 can potentially block if an NFS server is down, but it can
always be avoided by using an unambiguous specification. It handles
all the hard cases such as symlinks and mismatches between the mount
list and reality. For example, if a filesystem was mounted as /mnt
inside a chroot, it will show up in the mount list as /mnt, but now
you can unmount it from outside the chroot with "umount /chroot_path/mnt".
ID for each file system in addition to the normal information.
In umount(8), accept filesystem IDs as well as the usual device and
path names. This makes it possible to unambiguously specify which
file system is to be unmounted even when two or more file systems
share the same device and mountpoint names (e.g. NFS mounts from
the same export into different chroots).
Suggested by: Dan Nelson <dnelson@allantgroup.com>
of by mount point, umount had to take care not to unmount the wrong
file system if another file system was covering the requested one.
Now that the file system to unmount is specified to the kernel using
the filesystem ID, this confusion cannot occur, so remove the code
that checked for it.
Allow set 31 to be used for rules other than 65535.
Set 31 is still special because rules belonging to it are not deleted
by the "ipfw flush" command, but must be deleted explicitly with
"ipfw delete set 31" or by individual rule numbers.
This implement a flexible form of "persistent rules" which you might
want to have available even after an "ipfw flush".
Note that this change does not violate POLA, because you could not
use set 31 in a ruleset before this change.
Suggested by: Paul Richards
o Warn when recieved packet length is not equal to length of the
packet we sent out. Idea from NetBSD.
o Fit the dump of packet with wrong data to 80 columns (from NetBSD).
Comments from: bde
introduced in the latest commits).
Also:
* update the 'ipfw -h' output;
* allow rules of the form "100 add allow ..." i.e. with the index first.
(requested by Paul Richards). This was an undocumented ipfw1 behaviour,
and it is left undocumented.
and minor code cleanups.
* make the code compile with WARNS=5 (at least on i386), mostly
by adding 'const' specifier and replacing "void *" with "char *"
in places where pointer arithmetic was used.
This also spotted a few places where invalid tests (e.g. uint < 0)
were used.
* support ranges in "list" and "show" commands. Now you can say
ipfw show 100-1000 4000-8000
which is very convenient when you have large rulesets.
* implement comments in ipfw commands. These are implemented in the
kernel as O_NOP commands (which always match) whose body contains
the comment string. In userland, a comment is a C++-style comment:
ipfw add allow ip from me to any // i can talk to everybody
The choice of '//' versus '#' is somewhat arbitrary, but because
the preprocessor/readfile part of ipfw used to strip away '#',
I did not want to change this behaviour.
If a rule only contains a comment
ipfw add 1000 // this rule is just a comment
then it is stored as a 'count' rule (this is also to remind
the user that scanning through a rule is expensive).
* improve handling of flags (still to be completed).
ipfw_main() was written thinking of 'one rule per ipfw invocation',
and so flags are set and never cleared. With readfile/preprocessor
support, this changes and certain flags should be reset on each
line. For the time being, only fix handling of '-a' which
differentiates the "list" and "show" commands.
* rework the preprocessor support -- ipfw_main() already had most
of the parsing code, so i have moved in there the only missing
bit (stripping away '#' and comments) and removed the parsing
from ipfw_readfile().
Also, add some more options (such as -c, -N, -S) to the readfile
section.
MFC after: 3 days
spaces and comma-separated lists of arguments;
* reword the description of address specifications, to include
previous and current changes for address sets and lists;
* document the new '-n' flag.
* update the section on differences between ipfw1 and ipfw2
(this is becoming boring!)
MFC after: 3 days
* Make the addr-set size optional (defaults to /24)
You can now write 1.2.3.0/24{56-80} or 1.2.3.0{56-80}
Also make the parser more strict.
* Support a new format for the list of addresses:
1.2.3.4,5.6.7.8/30,9.10.11.12/22,12.12.12.13, ...
which exploits the new capabilities of O_IP_SRC_MASK/O_IP_DST_MASK
* Allow spaces after commas to make lists of addresses more readable.
1.2.3.4, 5.6.7.8/30, 9.10.11.12/22, 12.12.12.13, ...
* ipfw will now accept full commands as a single argument and strip
extra leading/trailing whitespace as below:
ipfw "-q add allow ip from 1.2.3.4 to 5.6.7.8, 9.10.11.23 "
This should help in moving the body of ipfw into a library
that user programs can invoke.
* Cleanup some comments and data structures.
* Do not print rule counters for dynamic rules with ipfw -d list
(PR 51182)
* Improve 'ipfw -h' output (PR 46785)
* Add a '-n' flag to test the syntax of commands without actually
calling [gs]etsockopt() (PR 44238)
* Support the '-n' flag also with the preprocessors;
Manpage commit to follow.
MFC after: 3 days
Should work with both regular and fast ipsec (mutually exclusive).
See manpage for more details.
Submitted by: Ari Suutari (ari.suutari@syncrontech.com)
Revised by: sam
MFC after: 1 week
They don't have alot of reason to be in sbin and contribute to library
bloat in the dynamic case. If you are using any of these filesystem
type to hold your /usr, please seek professional help.
The actual code was repo-copied by joe.
system by specifying the file system ID instead of a path. Use this
by default in umount(8). This avoids the need to perform any vnode
operations to look up the mount point, so it makes it possible to
unmount a file system whose root vnode cannot be looked up (e.g.
due to a dead NFS server, or a file system that has become detached
from the hierarchy because an underlying file system was unmounted).
It also provides an unambiguous way to specify which file system is
to be unmunted.
Since the ability to unmount using a path name is retained only for
compatibility, that case now just uses a simple string comparison
of the supplied path against f_mntonname of each mounted file system.
Discussed on: freebsd-arch
mdoc help from: ru
1.2.3.4/24{5,6,7,10-20,60-90}
for set of ip addresses.
Previously you needed to specify every address in the range, which
was unconvenient and lead to very long lines.
Internally the set is still stored in the same way, just the
input and output routines are modified.
Manpage update still missing.
Perhaps a similar preprocessing step would be useful for port ranges.
MFC after: 3 days
"ipid" options. This feature has been requested by several users.
On passing, fix some minor bugs in the parser. This change is fully
backward compatible so if you have an old /sbin/ipfw and a new
kernel you are not in trouble (but you need to update /sbin/ipfw
if you want to use the new features).
Document the changes in the manpage.
Now you can write things like
ipfw add skipto 1000 iplen 0-500
which some people were asking to give preferential treatment to
short packets.
The 'MFC after' is just set as a reminder, because I still need
to merge the Alpha/Sparc64 fixes for ipfw2 (which unfortunately
change the size of certain kernel structures; not that it matters
a lot since ipfw2 is entirely optional and not the default...)
PR: bin/48015
MFC after: 1 week
with a new implementation that has a mostly reentrant "addchar"
routine, supports multiple message buffers in the kernel, and hides
the implementation details from callers.
The new code uses a kind of sequence number to represend the current
read and write positions in the buffer. This approach (suggested
mainly by bde) permits the read and write pointers to be maintained
separately, which reduces the number of atomic operations that are
required. The "mostly reentrant" above refers to the way that while
it is now always safe to have any number of concurrent writers,
readers could see the message buffer after a writer has advanced
the pointers but before it has witten the new character.
Discussed on: freebsd-arch
(1) Reject zero-length strings for CTLTYPE_INT, _UINT, _LONG,
_ULONG. Do not silently convert to 0.
(2) When converting CTLTYPE_INT, _UINT, _LONG, and _ULONG, check the
end pointer generated by strtol() and strtoul() rather than
discarding it. Reject the string if either none of the string
was useful for conversion to an integer, or if there was
trailing garbage.
I.e., we will not allow you to set a numeric sysctl to a value unless
we can completely convert the string argument to a numeric value.
I tripped over this when I put the following in /etc/sysctl.conf:
kern.maxfiles="4000"
Ouch.
and libdevstat, since the new way of doing things is to just list
maintainership in src/MAINTAINERS.
Also, remove duplicate entries in src/MAINTAINERS for those utilities. I
already had entries for them.
number X, rather than mdX, making it easier to script tests that
use md devices but don't want to make assumptions about any existing
md use (such as in diskless environments).
Change the list interface to simplify things.
Remove old list ioctls which bogusly exported the softc to userland.
Move the softc and associated structures from the public header to
the source file.
hinge on the "verb" parameter which the class gets to interpret as
it sees fit.
Move the entire request into the kernel and move changed parameters
back when done.
with UFS1, the UFS1 superblocks were not deleted. This allowed any
RELENG_4 (or other non-UFS2-aware) fsck to think it knew how to "fix"
the file system, resulting in severe data scrambling.
This patch is a more advanced version than the one originally submitted.
Lukas improved it based on feedback from Kirk, and testing by me. It
blanks all UFS1 superblocks (if any) during a UFS2 newfs, thereby causing
fsck's that are not UFS2 aware to generate the "SEARCH FOR ALTERNATE
SUPER-BLOCK FAILED" message, and exit without damaging the fs.
PR: bin/51619
Submitted by: Lukas Ertl <l.ertl@univie.ac.at>
Reviewed by: kirk
Approved by: re (scottl)
one or more actions in the list. This makes constructs like:
attach 10 {
// echo "Driver $device_name attached"
};
to be accepted by the parser. It will be treated as if the user had
entered:
// attach 10 {
// echo "Driver $device_name attached"
// };
(eg totally ignored).
Approved by: re@ (rwatson)
changed to use libufs in revision 1.71. Without this, any write
failures in newfs were silently ignored.
Note that this will display a meaningless errno string in the case
of a short write as opposed to a write error, since bwrite()'s
return value does not allow the caller to determine if errno is
valid.
Reported by: Lukas Ertl <l.ertl@univie.ac.at>
Reviewed by: jmallett
Approved by: re (bmah)
Just because we for the last ten years have fought for every byte
in the boot code on i386, doesn't mean that other architectures could
not actually have space to spare there.
Remore debugging message.
crashes, the config remains locked and causes all
subsequent start or read attempts to fail. This is part
of a fix for the recently reported hangs.
Approved by: re (scottl)
- dumpon utility has not used kern.dumpdev sysctl
since rev. 1.14 (sbin/dumpon/dumpon.c) when phk@
updated it to use the DIOCSKERNELDUMP ioctl [1]
- remove obsolete reference to sysctl(3)
While I am there, fix two style nits:
- use .Nm instead of `dumpon'
- change NOTES to IMPLEMENTATION NOTES, to bring
it in line with recommended section headings in
mdoc(7)
Original patch by: Martin Faxer <gmh003532brfmasthugget.se> [1]
PR: docs/39293
Approved and Reviewed by: des (mentor), re (scottl, bmah)
1024-byte boundaries. For many years this was a reasonable
assumption. However, in recent years we have begun seeing
devices with 2048-byte sectors. These devices return errors
when dump tries to read starting in the middle of a sector
or when it tries to read only the first half of a sector.
Rather than change the native block size used by dump (and
thus create an incompatible dump format), this fix checks
for transfer requests that start and/or end on a non-sector
boundary. When such a read is detected, the new code reads
the entire sector and copies out just the part that dump
needs.
Reviewed by: Poul-Henning Kamp <phk@critter.freebsd.dk>
Approved by: re (John Baldwin <jhb@FreeBSD.org>)
Sponsored by: DARPA & NAI Labs.
work because it referred to plexes which were almost invariably when
referred to. Instead, deprecate the "prefer" keyword for volumes
(though it's still there for the moment) and add a keyword "preferred"
to the plex definition. The relationship is like this:
Old:
vol foo ... prefer foo.p3
New:
plex foo.p3 volume foo preferred
printconfig: Print out the "preferred" keyword for plexes where
appropriate.
Still print out "prefer" for volumes. The kernel module
continues to accept this version, but it's probably not
going to live much longer.
references to it's man page, which is almost never installed on a
FreeBSD system. The information about using this command with gated
has been retained. I have just made it clear that gated is not a part
of FreeBSD.
PR: docs/51407
vinum_read:
Accept 0 parameters, hand an empty string to the kernel if so.
Use new ioctl VINUM_READCONFIG, not VINUM_CREATE, to read config.
vinum_start: When passed 0 parameters, drop the devstat kludge and
call vinum_read instead. It's no longer necessary to distinguish
between "start" and "read" if no parameters are passed, and
probably one of them should go away.
Hide all the historical fields of the label, unless people ask for them with -A,
set them to intelligently chosen defaults otherwise.
Distill the manual page to remove inaccuracies, misundertandings and obsolete
information. It can probably still be done better but now at least it is
not misinforming people.
recorded in global variables, rather than checks on the architecture.
Drop horribly code to handle MBR/PC98's embedded in the BSD label area.
If you need to have an MBR or PC98 on your disk, you should not overlap
it with a BSDLABEL, if you don't need it, this code is nothing but trouble.
for the alpha checksum, and set them depending on the specified architecture
Don't look for disklabels every 16 bytes, look the only place they should
be for the current architecture.
Always read the label from the raw disk and decode it into struct
disklabel rather than trust a cast from random addresses.
When writing to the raw disk, encode the label properly.
Change name of history file to History to avoid name conflicts.
Don't try to make devices unless devfs has been removed.
Don't accept resetconfig command from a file.
Abused by: Jens Schweikhardt <schweikh@schweikhardt.net>
Remove dead code (#if 0)
vinum_mirror: Don't try to create mirrors with 0 drives.
Found by: mismatch between enum kw in two different files.
Change name of history file to History to avoid name conflicts.
Rewrite minor number decoding. Now we have only three types of
object: subdisks, plexes and volumes. The encoding for plexes and
subdisks no longer reflects the object to which they belong. The
super devices are high-order volume numbers. This gives vastly more
potential volumes (4 million instead of 256).
Don't try to chown directories if they haven't been created.
be changed, it is very convenient to be able to toggle SDH/Sonet,
idle/unassigned cells and scrambled mode and to see the carrier
state.
Reviewed by: -arch (if_media.h definitions)
in /etc/fstab to get a memory disk:
md /tmp mfs rw,-s8m,noatime 2 2
Back when mdmfs was created, there was vague discussion about doing this, but
it never materialized.
Reminded by: Ralf S. Engelschall <rse@engelschall.com>
definitions in it. Begin to document the classes that we use, and how
they interrelate (using comments that I can use with doxygen to
automatically generate docs with).
expand one from using a fixed buffer to using a string which
dynamically allocates these things.
Submitted by: green@ (against an earlier version of devd)
Ignored for too long by: imp
Also, put a small work around into devd to prevent a hang on boot this
would cause because select used to return 2 rather than 0 for no
evetnts due to a bug I fixed a few days ago in subr_bus.c. I'll
remove this workaround May 7th. You have until then to upgrade your
kernel if you want to run a new devd with an older kernel.
where we want to take the disklabel filesystem type of "4.2BSD" and use
fsck_4.2bsd on those filesystems.
Add a comment about why the code is there, now that we know:
* XXX This is a kludge to make automatic filesystem type guessing
* from the disklabel work for "4.2BSD" filesystems. It does a
* very limited subset of transliteration to a normalised form of
* filesystem name, and we do not seem to enforce a filesystem
* name character set.
'd': now means don't do daemon().
'D': Debug
'n': Don't wait to process all pending events before calling daemon.
In the past, devd would call daemon immediately. However, this causes
a race. If anything in the boot process depends on configuring the
devices configured by devd, maybe they would be configured in time,
maybe not. Now we don't call daemon until all pending events are
processed, unless -n is specified.
# -n is actually the default for a while due to the select(2) bug in devctl
# that I just fixed to give people a chance to upgrade.
to 0 when we startup. Print a warning in this case. This allows
people that are playing with devd by hand to have something happen.
Otherwise, it appears that devd isn't working because /dev/devctl is
disabled and producing no events.
Suggested by: peter on irc a long time ago.
'a="b" c="d" at loc=1 on busN' properly set 'c' and process the rest of
the stirng. Before it would ignore everything after variable 'a'.
o Parse nomatch and other events differently. They are more different
than the code allowed for, so we weren't properly parsing nomatch
events. It appears this fixes some of the demand loading issues that
I was having with devd.
Noticed by: Gary Palmer
FreeBSD 5.1-RELEASE and later:
- newfs(8) will now create UFS2 file systems unless UFS1 is specifically
requested (-O1). To do this, I just twiddled the Oflag default.
- sysinstall(8) will now select UFS2 as the default layout for new
file systems unless specifically requested (use '1' and '2' to change
the file system layout in the disk labeler). To do this, I inverted
the ufs2 flag into a ufs1 flag, since ufs2 is now the default and
ufs1 is the edge case. There's a slight semantic change in the
key behavior: '2' no longer toggles, it changes the selection to UFS2.
This is very similar to a patch David O'Brien sent me at one point, and
that I couldn't find.
Approved by: re (telecon)
Reviewed by: mckusick, phk, bmah
kern.geom.conftxt, which md disks don't show up in. If the magic and
the checksum are right assume its a valid sunlabel, otherwise use the
DIOC ioctls to get the disk parameters and whip up a label out of thin
air.
- Don't just silently create or correct invalid c partitions, warn about
invalid ones in label proto files.
- Split checksumming into a function since we do it a couple times. Also
don't include the sl_cksum field in the checksum, which avoids needing
to clear it first.
This is makes sunlabel a suitable replacement for disklabel in make release.
Always set the magic sequence when we write, rather than trusting the
previously read boot code to do so.
Use explicit encoding/decoding of little endian disk image.
Remove a comment which was OBE.
Change the test vector for "fdisk -I" to reflect that there is a magic
sequence in the result now.
Add test case for "fdisk" which reads the image back.
At least for the two test-cases this program now gives the same result
on sparc64 as on i386. The lack of an installed /boot/mbr on sparc64
raises an (un)interesting question.
