Add a few very useful variables that might easily be overlooked, since
they're only documented in rc.subr(8) which might not be the first place
that people look.
At least _oomprotect has existed since 11.0-RELEASE, and doesn't appear
to be very well-known. While the others aren't as new, in my estimation,
a lot more people would use them if they knew about them.
While here, also add a reference to rc.subr(8) and login.conf(5), and
sort the variables alphabetically.
Reported by: Daniel Dettlaff <dmilith at gmail.com>
Reviewed by: ceri, gbe, 0mp, ygy, a.wolk, pauamma
Add in all the variables set in the kenv variable devmatch_blocklist
too. This allows blocking autoloading from the boot loader.
Sponsored by: Netflix
Reviewed by: 0mp
Differential Revision: https://reviews.freebsd.org/D32171
Entries for a few recently defined rc variables
were missing from rc.conf.5. This patch adds
those.
It was not obvious to me what the ordering is,
so I added them to the area where other nfsd
related variables are. I can easily move them.
I also replaced "are" with "is", since it seems to
read better.
This is a content change.
Reviewed by: debdrup
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D33043
Mark functions inet_netof(), inet_lnaof(), and inet_makeaddr() as
deprecated, as they assume Class A/B/C. inet_makeaddr() mostly works
when networks are a multiple of 8 bits, but warn for anything other
than historical classes. Reduce other mentions of network classes.
MFC after: 1 month
Reviewed by: bcr, #manpages
Differential Revision: https://reviews.freebsd.org/D32711
Allow users to set a number on rules which will be exposed as part of
the pflog header.
The intent behind this is to allow users to correlate rules across
updates (remember that pf rules continue to exist and match existing
states, even if they're removed from the active ruleset) and pflog.
Obtained from: pfSense
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D32750
Pick up changes in option dependencies (WITHOUT_OPENSSL and WITHOUT_CXX)
and the addition of WITH_DETECT_TZ_CHANGES and WITH_LLVM_BINUTILS.
Sponsored by: The FreeBSD Foundation
The last two drivers that required sppp are cp(4) and ce(4).
These devices are still produced and can be purchased
at Cronyx <http://cronyx.ru/hardware/wan.html>.
Since Roman Kurakin <rik@FreeBSD.org> has quit them, they no
longer support FreeBSD officially. Later they have dropped
support for Linux drivers to. As of mid-2020 they don't even
have a developer to maintain their Windows driver. However,
their support verbally told me that they could provide aid to
a FreeBSD developer with documentaion in case if there appears
a new customer for their devices.
These drivers have a feature to not use sppp(4) and create an
interface, but instead expose the device as netgraph(4) node.
Then, you can attach ng_ppp(4) with help of ports/net/mpd5 on
top of the node and get your synchronous PPP. Alternatively
you can attach ng_frame_relay(4) or ng_cisco(4) for HDLC.
Actually, last time I used cp(4) back in 2004, using netgraph(4)
instead of sppp(4) was already the right way to do.
Thus, remove the sppp(4) related part of the drivers and enable
by default the negraph(4) part. Further maintenance of these
drivers in the tree shouldn't be a big deal.
While doing that, remove some cruft and enable cp(4) compilation
on amd64. The ce(4) for some unknown reason marks its internal
DDK functions with __attribute__ fastcall, which most likely is
safe to remove, but without hardware I'm not going to do that, so
ce(4) remains i386-only.
Reviewed by: emaste, imp, donner
Differential Revision: https://reviews.freebsd.org/D32590
See also: https://reviews.freebsd.org/D23928
This can be disabled by sysctl kern.core_dump_can_intr
Reported and tested by: pho
Reviewed by: imp, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D32313
The script that used these was removed in 13f7dbe822d5f along with amd
itself.
Fixes: 13f7dbe822d5 ("retire amd(8)")
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/548
The ng_h4 module was disconnected 13 years ago when the tty later was
locked by Ed. It completely fails to compile, and has a number of false
positives for Giant use. Remove it for lack of interest. Bluetooth has
largely (completely?) moved on from bluetooth over UART transport.
OK'd by: emax
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D31846
Using /etc/jail.{jailname}.conf is nice, however it makes /etc/ very
messy if you have many jails. This patch allows one to move these
config files out of the way into /etc/jail.conf.d/{jailname}.conf.
Note that the same caveat as /etc/jail.*.conf applies: the jail service
will not autodiscover all of these for starting 'all' jails. This is
considered future work, since the behavior matches.
Reviewed by: kevans
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D24570
Add more manual pages which were not spotted previously in 0a0f7486413c
Ideally to be MFH'ed with:
8539518055d0 - Remove manpages from OLD_FILES
8b487b8292e4 - Fix bsd.subdir.mk-related issues after 0a0f7486413c
f6043a672135 - ObsoleteFiles.inc: Remove manpages from OLD_FILES
0a0f7486413c - man: Build manpages for all architectures
There is at least one pending issue when building with -DNO_ROOT.
Reported by: ceri@
MFH: 4 weeks
Discussed with: wosch
Differential Revision: https://reviews.freebsd.org/D31018
Support loading a default pf ruleset in case of invalid pf.conf.
If no pf rules are loaded pf will pass/allow all traffic, assuming the
kernel is compiled without PF_DEFAULT_TO_DROP, as is the case in
GENERIC.
In other words: if there's a typo in the main pf_rules we would allow
all traffic. The new default rules minimise the impact of this.
If $pf_program (i.e. pfctl) fails to set $pf_fules and
$pf_fallback_rules_enable is YES we will load $pf_fallback_rules_file if
set, or $pf_fallback_rules.
$pf_fallback_rules can include multiple rules, for example to permit
traffic on a management interface.
$pf_fallback_rules_enable defaults to "NO", preserving historic behaviour.
man page changes by ceri@.
PR: 256410
Reviewed by: donner, kp
Sponsored by: semaphor.dk
Differential Revision: https://reviews.freebsd.org/D30791
Building and installing architecture-specific man pages only raises a number of
problems:
* The https://www.freebsd.org/cgi/man.cgi is incomplete. As an
example, it does not show results for pae(4). The reason for this is
that the cgi interface runs on FreeBSD amd64.
* In FreeBSD amd64 some manual pages have broken X-refs. See hptrr(4)
for an example.
* Also, we have broken links in our Release Notes. This is a
consequence of the first point. See
https://www.freebsd.org/releases/13.0R/hardware/#proc-i386.
Make MAN_ARCH default to 'all' so we build all the man pages for all the
architectures. The difference in disk space is negligible. Also link
architecture-specific man pages to their own section while keeping their own
namespace.
PR: 212290
Reported by: mj@bsdops.com
Approved by: ceri@, wosch@
MFC after: 4 weeks
Accept the old rc.conf variable if the new one is not present for
compatability.
Approved by: imp
Differential Revision: https://reviews.freebsd.org/D30806
In the CVS days this used be a wrapper around either CVS or CVSup and
used to support updating src, doc, and ports checkouts. With the move
to subversion this only supported updating src and was itself a
wrapper around 'svn update'. With Git, users are probably better off
using appropriate Git commands directly to update without needing an
explicit make target as a wrapper.
Reviewed by: bcr, imp, emaste
Differential Revision: https://reviews.freebsd.org/D30736
The 'nodup' option forces fdescfs to return real vnode behind file
descriptor instead of the fdescfs fd vnode, on lookup. The end result
is that e.g. stat("/dev/fd/3") returns the stat data for the underlying
vnode, if any. Similarly, fchdir(2) works in the expected way.
For open(2), if applied over file descriptor opened with O_PATH, it
effectively re-open that vnode into normal file descriptor which has the
specified access mode, assuming the current vnode permissions allow it.
If the file descriptor does not reference vnode, the behavior is unchanged.
This is done by a mount option, because permission check on open(2) breaks
established fdescfs open semantic of dup(2)-ing the descriptor. So it
is not suitable for /dev/fd mount.
Tested by: Andrew Walker <awalker@ixsystems.com>
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D30140
Also improve temporary file usage in 200.accounting, add an xref to
zstd(1) to newsyslog.conf.5, and clarify in periodic.conf that
"daily accounting" means process accounting and "monthly accounting"
is login accounting.
PR: 253868
Reviewed by: allanjude
Approved by: blackend (mentor)
Differential Revision: https://reviews.freebsd.org/D29267
The patch in the PR largely no longer applied due to age, but
thanks to Evgeniy Khramtsov for the patches in the PR.
PR: 120024
Reported by: bcran
Approved by: blackend (mentor)
Obtained from: Evgeniy Khramtsov <evgeniy@khramtsov.org> (partly)
There are still references to timed(8) and timedc(8) in the base system,
which were removed in 2018.
PR: 255425
Reported by: Ceri Davies <ceri at submonkey dot net>
Reviewed by: ygy, gbe
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30232
Make rc.d/routing read defaultrouter_fibN and ipv6_defaultrouter_fibN, and
set it as the default gateway for FIB N, where N is from 1 to (net.fibs - 1)
This allows adding gateways for multiple FIBs in the same format as the main
gateway. (FIB 0)
Reviewed by: olivier, rgrimes, bcr (man page)
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D22706
Usually rule counters are reset to zero on every update of the ruleset.
With keepcounters set pf will attempt to find matching rules between old
and new rulesets and preserve the rule counters.
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29780
MAP-E (RFC 7597) requires special care for selecting source ports
in NAT operation on the Customer Edge because a part of bits of the port
numbers are used by the Border Relay to distinguish another side of the
IPv4-over-IPv6 tunnel.
PR: 254577
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D29468
The possibility of using a sysctl.conf.local on a machine that has a shared
sysctl.conf(5) isn't documented. So mention the sysctl.conf.local in the
manual page.
PR: 254901
Submitted by: Jose Luis Duran <jlduran at gmail dot com>
Reported by: Jose Luis Duran <jlduran at gmail dot com>
Reviewed by: markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D29673
ipv6_ipfilter_rules was obsoleted because of ipfilter was updated, and
rc_parallel_start was reverted to undergo further refinement.
PR: 254398
Fixes: e2ad10e84792, f61831d2e8bd
Document the workstation ACL ruleset, which uses stateful rules.
While here, add a note about where some of the undocumented variables
can be found. This is not a perfect solution for bug 127359, but it at
at least gives a place to go look, and can be used as a reference for
when bug 127359 gets fixed properly.
PR: 254358, 127359
