original intention of the less restrictive permissions was to allow
users to move or delete recovered files that they own. However, it
is better to not create world-writable directories by default; the
administrator can always pre-create lost+found if different permissions
are desired.
Reviewed by: mckusick
the stack to the heap to work around a problem on ia64. Now, roughly
16 months and two compiler updates later, it isn't an issue anymore
in the sense that putting a 1M buffer on the stack just works and we
don't actually need to work around anything anymore.
However, since there's no advantage or need to put the buffer on the
stack (again), this change merely removes the XXX comment describing
that there's an explicit reason for the heap allocation. Hence, this
change is a functional no-op.
PR: ia64/38677
filesystem that is checked in background. Create the snapshot in this
directory rather than in the root. There are two benefits:
1) For terabyte-sized filesystems, the snapshot may require many
minutes to build. Although the filesystem will not be suspended
during most of the snapshot build, the snapshot file itself is
locked during the entire snapshot build period. Thus, if it is
accessed during the period that it is being built, the process
trying to access it will block holding its containing directory
locked. If the snapshot is in the root, the root will lock and
the system will come to a halt until the snapshot finishes. By
putting the snapshot in a subdirectory, it is out of the likely
path of any process traversing through the root and hence much
less likely to cause a lock race to the root.
2) The dump program is usually run by a non-root user running with
operator group privilege. Such a user is typically not permitted
to create files in the root of a filesystem. By having a directory
in group operator with group write access available, such a user
will be able to create a snapshot there. Having the dump program
create its snapshot in a subdirectory below the root will benefit
from point (1) as well.
Sponsored by: DARPA & NAI Labs.
and the logic for setting them according to the partition size.
Instead, unspecified filesystem values are left at 0 so that newfs
will use its own defaults. It just caused confusion to have the
defaults duplicated in two different places.
Reviewed by: phk
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers. With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.
Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.
PR: 55843
Reviewed by: ru
Approved by: ru
MFC after: 30 days
of do_cmd() broke things, because this function assumes that a socklen_t
is large enough to hold a pointer.
A real solution to this problem would be a rewrite of do_cmd() to
treat the optlen parameter consistently and not use it to carry
a pointer or integer dependent on the context.
The immediate purpose for this option is to use it in rc.d so that we
can make savecore behavior conditional.
Tremendous assistance with ideas and sanity checking provided by tjr
and b@etek.chalmers.se.
need for libstdc++ in /lib, and the generated binary is actually smaller
statically linked than dynamically + sizeof(libstdc++). Additionally,
devd doesn't use get*by*() which is one of the main motivations for
dynamically linking your root partition anyway.
WITH_DYNAMICROOT, which will toggle the generation of dynamically-linked
binaries for installation in /bin and /sbin. It is currently off,
meaning that /bin and /sbin are still statically linked by default.
If something goes wrong (which I hope doesn't), this is what /rescue is
all about. Please do not try to use WITH_DYNAMICROOT and NO_RESCUE to
save space or some other equally silly reason. If you do and end up
having problems, you have been warned.
Update ffsinfo(8) to use new UFS2 support in the growfs(8) debugging
functions. Largely consists of renaming fields and types to be aware
of the UFS1/UFS2 distinction, relying on libufs(3) to open and sanity
check the device/file/label accessed.
Since libufs(3) now handles label/UFS interactions, remove -L argument.
Note: when submitted, this patch had substantial style changes. I've
attempted to remove the restyling from the patch to separate the
functional and style changes.
Submitted by: Lukas Ertl <l.ertl@univie.ac.at>
PR: bin/53517
Add support for UFS2 to the UFS debugging routines in growfs; required
to update ffsinfo(8) for UFS2. A variety of types and fs variables are
renamed to reflect UFS1/2 structures. Also, the print routines for
inodes are now split into separate UFS1 and UFS2 versions. We now
define dbg_dump_csum_total(), but lose the printing of rotational
information since that's not present in UFS2. In the future, we may
want to re-add this functionality to print it solely for UFS1.
Submitted by: Lukas Ertl <l.ertl@univie.ac.at>
PR: bin/53517
masks for files and directories. This should make some
of the Midnight Commander users happy.
Remove an extra ')' in the manual page.
PR: 35699
Submitted by: Eugene Grosbein <eugen@grosbein.pp.ru> (original version)
Tested by: simon
stuff. This utility allows inspection of the ATM characteristics,
the PHY layer, including statistics of both, the retrival of the
list of currently open channels and also allows access to utopia(4).
The old way of just returning could result in a file system
extremely likely to panic the kernel. The warning printed
wouldn't help much since tools invoking newfs(8), e.g., mdmfs(8),
couldn't detect the error.
PR: bin/55078
MFC after: 1 week
1: add 'const' to char * where needed;
2: mark unused variables with __unused;
3: remove double prototypes for mode_edit and mode_list.
4: moves the global variables 'bus', 'target', and 'lun' into
the main function and protect them with #ifndef MINIMALISTIC,
5: renames 3 variable in order not to shadow other things
index -> indx -- in modepage_dump since index is a function
from <strings.h.>
arglist -> arglst -- in the function parse_btl since arglist
is also a global variable
convertend -> convertend2 -- in the function editentry_set
since that name is used two times within the function.
6: cast 0xffffffff in the macro RESOLUTION_MAX(size) to (int)
since it is unsigned otherwise.
Tested by: make universe
Approved by: ken
The old firmware (3.0.1) can still be used by specifying the '-3' option
to fore_dnld.
Document the -r option that resets the adapter prior to the download.
Ther newer firmware version allows traffic shaping.
requests if the interface has an active link. This is a
great benefit if you often change networks with your laptop
and you do not like to kill/restart dhclient all the time.
Changes are automatically detected and the link is refreshed.
The change allows us to start dhclient in background mode
Enable dhclient to poll the interface state and send only
requests if the interface has an active link. This is a
great benefit if you often change networks with your laptop
and you do not like to kill/restart dhclient all the time.
Changes are automatically detected and the link is refreshed.
The change allows us to start dhclient in background mode
while the network cable is not plugged in.
To control the polling interval, the option -i has been
introduced. It takes seconds as parameter, the minimum is
one second, the default is five seconds.
Polling is done in seconds, not microseconds, because dhclient
does internally work with timeouts in seconds.
This change will be part of the next major ISC-dhcpd release.
Tested by: bms, imp, and many many others.
Reviewed by: murray, eivind, dhclient folks
- remove some instances of __P()
- use real prototypes and un-K&R function headers
- constify where necessary (mostly strings and structures containing
strings)
- make functions and variables static that need not to be global
- tag unused function parameters as __unused
Testing: a fresh universe
than at the vendor. We have three different Fore cards and only the PCA200
need the microcode. Look also at the RAM address and load the code only if
it is not zero. A zero RAM address means either a bug in the driver or
this is a interface created by harp(4) in which case fatm(4) handles the
microcode issue.
The output format specifier for the round-trip time in ping6 should be
changed to %.3f instead of %g since %g doesn't accurately represent the
precision of the number being output. In particular, %g truncates trailing
zeroes. 0.01 ms does not mean the same thing as 0.010 ms. Although they
are numerically identical, they do not have the same precision.
PR: bin/52324, bin/52750
Submitted by: dg
MFC after: 1 week
and make it work more reliably in a number of cases that have
traditionally been troublesome. The new behaviour is:
1) If the filesystem can be determined by the fsid or device,
or uniquely identified by the mountpoint, then just go ahead
and call unmount(2) using the file system ID.
2) Otherwise use fstatfs(2) to resolve the path into a file system
ID (checking with stat(2) that it is a filesystem root directory).
Case 2 can potentially block if an NFS server is down, but it can
always be avoided by using an unambiguous specification. It handles
all the hard cases such as symlinks and mismatches between the mount
list and reality. For example, if a filesystem was mounted as /mnt
inside a chroot, it will show up in the mount list as /mnt, but now
you can unmount it from outside the chroot with "umount /chroot_path/mnt".
ID for each file system in addition to the normal information.
In umount(8), accept filesystem IDs as well as the usual device and
path names. This makes it possible to unambiguously specify which
file system is to be unmounted even when two or more file systems
share the same device and mountpoint names (e.g. NFS mounts from
the same export into different chroots).
Suggested by: Dan Nelson <dnelson@allantgroup.com>
of by mount point, umount had to take care not to unmount the wrong
file system if another file system was covering the requested one.
Now that the file system to unmount is specified to the kernel using
the filesystem ID, this confusion cannot occur, so remove the code
that checked for it.
Allow set 31 to be used for rules other than 65535.
Set 31 is still special because rules belonging to it are not deleted
by the "ipfw flush" command, but must be deleted explicitly with
"ipfw delete set 31" or by individual rule numbers.
This implement a flexible form of "persistent rules" which you might
want to have available even after an "ipfw flush".
Note that this change does not violate POLA, because you could not
use set 31 in a ruleset before this change.
Suggested by: Paul Richards
o Warn when recieved packet length is not equal to length of the
packet we sent out. Idea from NetBSD.
o Fit the dump of packet with wrong data to 80 columns (from NetBSD).
Comments from: bde
introduced in the latest commits).
Also:
* update the 'ipfw -h' output;
* allow rules of the form "100 add allow ..." i.e. with the index first.
(requested by Paul Richards). This was an undocumented ipfw1 behaviour,
and it is left undocumented.
and minor code cleanups.
* make the code compile with WARNS=5 (at least on i386), mostly
by adding 'const' specifier and replacing "void *" with "char *"
in places where pointer arithmetic was used.
This also spotted a few places where invalid tests (e.g. uint < 0)
were used.
* support ranges in "list" and "show" commands. Now you can say
ipfw show 100-1000 4000-8000
which is very convenient when you have large rulesets.
* implement comments in ipfw commands. These are implemented in the
kernel as O_NOP commands (which always match) whose body contains
the comment string. In userland, a comment is a C++-style comment:
ipfw add allow ip from me to any // i can talk to everybody
The choice of '//' versus '#' is somewhat arbitrary, but because
the preprocessor/readfile part of ipfw used to strip away '#',
I did not want to change this behaviour.
If a rule only contains a comment
ipfw add 1000 // this rule is just a comment
then it is stored as a 'count' rule (this is also to remind
the user that scanning through a rule is expensive).
* improve handling of flags (still to be completed).
ipfw_main() was written thinking of 'one rule per ipfw invocation',
and so flags are set and never cleared. With readfile/preprocessor
support, this changes and certain flags should be reset on each
line. For the time being, only fix handling of '-a' which
differentiates the "list" and "show" commands.
* rework the preprocessor support -- ipfw_main() already had most
of the parsing code, so i have moved in there the only missing
bit (stripping away '#' and comments) and removed the parsing
from ipfw_readfile().
Also, add some more options (such as -c, -N, -S) to the readfile
section.
MFC after: 3 days
spaces and comma-separated lists of arguments;
* reword the description of address specifications, to include
previous and current changes for address sets and lists;
* document the new '-n' flag.
* update the section on differences between ipfw1 and ipfw2
(this is becoming boring!)
MFC after: 3 days
* Make the addr-set size optional (defaults to /24)
You can now write 1.2.3.0/24{56-80} or 1.2.3.0{56-80}
Also make the parser more strict.
* Support a new format for the list of addresses:
1.2.3.4,5.6.7.8/30,9.10.11.12/22,12.12.12.13, ...
which exploits the new capabilities of O_IP_SRC_MASK/O_IP_DST_MASK
* Allow spaces after commas to make lists of addresses more readable.
1.2.3.4, 5.6.7.8/30, 9.10.11.12/22, 12.12.12.13, ...
* ipfw will now accept full commands as a single argument and strip
extra leading/trailing whitespace as below:
ipfw "-q add allow ip from 1.2.3.4 to 5.6.7.8, 9.10.11.23 "
This should help in moving the body of ipfw into a library
that user programs can invoke.
* Cleanup some comments and data structures.
* Do not print rule counters for dynamic rules with ipfw -d list
(PR 51182)
* Improve 'ipfw -h' output (PR 46785)
* Add a '-n' flag to test the syntax of commands without actually
calling [gs]etsockopt() (PR 44238)
* Support the '-n' flag also with the preprocessors;
Manpage commit to follow.
MFC after: 3 days
Should work with both regular and fast ipsec (mutually exclusive).
See manpage for more details.
Submitted by: Ari Suutari (ari.suutari@syncrontech.com)
Revised by: sam
MFC after: 1 week
They don't have alot of reason to be in sbin and contribute to library
bloat in the dynamic case. If you are using any of these filesystem
type to hold your /usr, please seek professional help.
The actual code was repo-copied by joe.
system by specifying the file system ID instead of a path. Use this
by default in umount(8). This avoids the need to perform any vnode
operations to look up the mount point, so it makes it possible to
unmount a file system whose root vnode cannot be looked up (e.g.
due to a dead NFS server, or a file system that has become detached
from the hierarchy because an underlying file system was unmounted).
It also provides an unambiguous way to specify which file system is
to be unmunted.
Since the ability to unmount using a path name is retained only for
compatibility, that case now just uses a simple string comparison
of the supplied path against f_mntonname of each mounted file system.
Discussed on: freebsd-arch
mdoc help from: ru
1.2.3.4/24{5,6,7,10-20,60-90}
for set of ip addresses.
Previously you needed to specify every address in the range, which
was unconvenient and lead to very long lines.
Internally the set is still stored in the same way, just the
input and output routines are modified.
Manpage update still missing.
Perhaps a similar preprocessing step would be useful for port ranges.
MFC after: 3 days
"ipid" options. This feature has been requested by several users.
On passing, fix some minor bugs in the parser. This change is fully
backward compatible so if you have an old /sbin/ipfw and a new
kernel you are not in trouble (but you need to update /sbin/ipfw
if you want to use the new features).
Document the changes in the manpage.
Now you can write things like
ipfw add skipto 1000 iplen 0-500
which some people were asking to give preferential treatment to
short packets.
The 'MFC after' is just set as a reminder, because I still need
to merge the Alpha/Sparc64 fixes for ipfw2 (which unfortunately
change the size of certain kernel structures; not that it matters
a lot since ipfw2 is entirely optional and not the default...)
PR: bin/48015
MFC after: 1 week
with a new implementation that has a mostly reentrant "addchar"
routine, supports multiple message buffers in the kernel, and hides
the implementation details from callers.
The new code uses a kind of sequence number to represend the current
read and write positions in the buffer. This approach (suggested
mainly by bde) permits the read and write pointers to be maintained
separately, which reduces the number of atomic operations that are
required. The "mostly reentrant" above refers to the way that while
it is now always safe to have any number of concurrent writers,
readers could see the message buffer after a writer has advanced
the pointers but before it has witten the new character.
Discussed on: freebsd-arch
(1) Reject zero-length strings for CTLTYPE_INT, _UINT, _LONG,
_ULONG. Do not silently convert to 0.
(2) When converting CTLTYPE_INT, _UINT, _LONG, and _ULONG, check the
end pointer generated by strtol() and strtoul() rather than
discarding it. Reject the string if either none of the string
was useful for conversion to an integer, or if there was
trailing garbage.
I.e., we will not allow you to set a numeric sysctl to a value unless
we can completely convert the string argument to a numeric value.
I tripped over this when I put the following in /etc/sysctl.conf:
kern.maxfiles="4000"
Ouch.
and libdevstat, since the new way of doing things is to just list
maintainership in src/MAINTAINERS.
Also, remove duplicate entries in src/MAINTAINERS for those utilities. I
already had entries for them.