4322 Commits

Author SHA1 Message Date
Ruslan Ermilov
a55042cb4e Removed commented out bitrot. 2004-08-13 14:18:24 +00:00
Christian S.J. Peron
a8247db1de Remove trailing whitespace and change "prisoniD" to "prisonID".
Pointed out by:	simon
Approved by:	bmilekic (mentor)
2004-08-13 02:50:59 +00:00
Christian S.J. Peron
31c88a3043 Add the ability to associate ipfw rules with a specific prison ID.
Since the only thing truly unique about a prison is it's ID, I figured
this would be the most granular way of handling this.

This commit makes the following changes:

- Adds tokenizing and parsing for the ``jail'' command line option
  to the ipfw(8) userspace utility.
- Append the ipfw opcode list with O_JAIL.
- While Iam here, add a comment informing others that if they
  want to add additional opcodes, they should append them to the end
  of the list to avoid ABI breakage.
- Add ``fw_prid'' to the ipfw ucred cache structure.
- When initializing ucred cache, if the process is jailed,
  set fw_prid to the prison ID, otherwise set it to -1.
- Update man page to reflect these changes.

This change was a strong motivator behind the ucred caching
mechanism in ipfw.

A sample usage of this new functionality could be:

    ipfw add count ip from any to any jail 2

It should be noted that because ucred based constraints
are only implemented for TCP and UDP packets, the same
applies for jail associations.

Conceptual head nod by:	pjd
Reviewed by:	rwatson
Approved by:	bmilekic (mentor)
2004-08-12 22:06:55 +00:00
Pawel Jakub Dawidek
896a489487 The geom(8) utility needs dynamic linker functionality to work, so it can't
be staticaly linked.
This fixes problems on systems compiled with NO_DYNAMICROOT.
2004-08-12 13:15:52 +00:00
Hartmut Brandt
ca0f4b1dba Add support for the examination and modification of the devices.
This is implemented through SNMP and requires the ilmi daemon to
run on the system. To prevent bloat in rescue the atmconfig for
rescue is compiled without this stuff.
2004-08-12 12:31:43 +00:00
Pawel Jakub Dawidek
c38d2f4eca Forgot to commit those: introduce hardcoded provider functionality,
which allow to store provider's name in the metadata and avoid
problems when few providers share the same last sector.
2004-08-10 19:52:12 +00:00
Andre Oppermann
5f9541ecbd New ipfw option "antispoof":
For incoming packets, the packet's source address is checked if it
 belongs to a directly connected network.  If the network is directly
 connected, then the interface the packet came on in is compared to
 the interface the network is connected to.  When incoming interface
 and directly connected interface are not the same, the packet does
 not match.

Usage example:

 ipfw add deny ip from any to any not antispoof in

Manpage education by:	ru
2004-08-09 16:12:10 +00:00
Dag-Erling Smørgrav
8180729228 The multiplier prefix is actually a multiplier suffix. 2004-08-09 14:43:50 +00:00
Pawel Jakub Dawidek
6c74f5177c - Introduce option for hardcoding providers' names into metadata.
It allows to fix problems when last provider's sector is shared between few
  providers.
- Bump version number for CONCAT and STRIPE and add code for backward
  compatibility.
- Do not bump version number of MIRROR, as it wasn't officially introduced yet.
  Even if someone started to play with it, there is no big deal, because
  wrong MD5 sum of metadata will deny those providers.
- Update manual pages.
- Add version history to g_(stripe|concat).h files.
2004-08-09 11:29:42 +00:00
John-Mark Gurney
a246f097d6 change the name of the md module, to g_md, introduce a define with the
name MD_MODNAME, and make mdconfig use this new define...
2004-08-09 06:45:20 +00:00
Pyun YongHyeon
a740f6ee14 Fix long standing mediaopt setting bugs seen on sparc64. Though
the bug exists in little-endian machine, it was not triggered due
to the difference of memory ordering between little/big endian
machines. Instead of relying on possibly modified value during
function invokcations, use saved copy of ifr.ifr_addr.sa_family.
Also add a comment at the top of ifconfig.c clarifying the issue
so the bug won't re-appear.

Approved by:	jake
Reviewed by:	yar
2004-08-09 03:13:57 +00:00
Dag-Erling Smørgrav
4c814dfc27 Use fallthrough to simplify the multiplier logic; optimistically add
support for the T multiplier; improve the error message for unrecognized
multipliers.
2004-08-08 23:14:44 +00:00
Dag-Erling Smørgrav
266e79978a Fix some whitespace issues, and move a curly brace out of an #ifdef to
avoid confusing auto-indenting editors.
2004-08-08 23:11:43 +00:00
Lukas Ertl
dbf29ccf9c Due to popular demand, hook up geom_vinum to the build. 2004-08-07 16:16:59 +00:00
Marcel Moolenaar
7eece0972d Document the remove command. 2004-08-07 07:52:31 +00:00
Marcel Moolenaar
6686e95fef Implement a remove command. The remove command iterates the GPT
partitions and removes any that matches the pre-conditions. The
options are the same for the add command and are used to select
the partitions to remove.
Currently the remove command without any options deletes all GPT
partitions. This is rather harmful and will need anti-footshooting
measures.
2004-08-07 07:41:37 +00:00
Marcel Moolenaar
2cedbd6ee8 Use __FBSDID. 2004-08-07 06:24:25 +00:00
Marcel Moolenaar
f61bdfe072 o Save the partition number (=index) in the internal map. The index
starts at 1. No index is represented by 0.
o  Change the show command to display the partition number at the expense
   of the partition end columm. We already display the start and size.
o  Enhance the add command to accept the -i option. The -i option allows
   the user to specify which partition number the new partition should
   get.
o  Update the manpage accordingly.
2004-08-07 06:10:45 +00:00
Pawel Jakub Dawidek
cea363682f Add and document kern.geom.stripe.fast_failed sysctl, which shows how
many times "fast" mode failed.
2004-08-06 10:19:34 +00:00
Gordon Tetlow
5036802031 Now that we have gcc 3.4, we can flip ia64 to using a dynamically linked
/bin and /sbin.

Reviewed by:	marcel (via pluto1)
2004-08-06 00:07:26 +00:00
Lukas Ertl
5c1accc9ab Allow 'create <filename>'. 2004-08-04 00:23:00 +00:00
Marcel Moolenaar
2ef70adc0c Add Linux swap partition and MS reserved partition descriptions.
While here:
o  Make the UUIDs static to avoid runtime initialization,
o  Rename ext to mslinux,
o  Replace the use of memcmp() with uuid_equal(),
o  Various style(9) improvements,
o  Order the comparisons based on importance,
o  Remove the word partition from all the descriptions,
o  Other description improvements.

Includes patch from: T. Muthu Mohan < Muthu_T at dell dot com >
2004-08-02 19:28:03 +00:00
Marcel Moolenaar
814db82be5 What's in a name: s/disklabel/bsdlabel/ 2004-08-02 19:22:11 +00:00
Pawel Jakub Dawidek
fe5e0baab7 Don't use version number in library name. The library version is checked
after dlopen() anyway, so we should be safe.

Suggested by:	ru
2004-08-02 09:05:29 +00:00
Stefan Farfeleder
adb89653fc - Signal handlers must have an int argument.
- Use prototypes.
- Add a cast for a signed vs unsigned comparison.
- Mark as WARNS?=3 clean.
2004-08-02 08:10:28 +00:00
Pawel Jakub Dawidek
32e7be7043 After changing LIBDIR to SHLIBDIR, because of dependencies problems,
new problem shows up: symblic links (<libname>.so) are created under
/usr/lib/ now, instead of under /lib/geom/ where geom(8) looks for them.
Introduce a workaround to fix this by teaching geom(8) to open libraries
via /lib/geom/<libname>.so.<major_number> instead of /lib/geom/<libname>.so.
2004-08-01 22:24:07 +00:00
Pawel Jakub Dawidek
f97ee75284 Use SHLIBDIR instead of LIBDIR. This should fix buildworld breakage.
Reported by:	des
2004-07-31 09:20:27 +00:00
Pawel Jakub Dawidek
55d6eb9fef Add '-p' option for 'insert' command which allows to specify priority
of the new component.
Version number wasn't bumped (it should be), because I think there are
no geom_mirror users yet.
2004-07-31 00:54:44 +00:00
Pawel Jakub Dawidek
8a8fbaca32 Connect GEOM_MIRROR class to the build. 2004-07-30 23:18:53 +00:00
Pawel Jakub Dawidek
fa4a1febf7 Add GEOM_MIRROR class which provide RAID1 functionality and has many useful
features. The gmirror(8) utility should be used for control of this class.
There is no manual page yet, but I'm working on it with keramida@.

Many useful tests provided by:	simon (thank you!)
Some ideas from:		scottl, simon, phk
2004-07-30 23:13:45 +00:00
Pawel Jakub Dawidek
d5c96d389e - Add '-S' option, which allow to specify sector size for transparent
provider.
- Bump version number.

This allows for a quite interesting trick. One can setup a stripe with
stripe size of 512 bytes and create transparent provider on top of it
with sector size equal to <ndisks> * 512. The result will be something
like RAID3 without parity disk (every access will touch all disks).
2004-07-30 08:19:22 +00:00
Pawel Jakub Dawidek
5c41aee2f0 Fix typo. 2004-07-30 08:03:46 +00:00
Alexander Kabaev
6902e79099 Make lookup_host function invocation parameter match its prototype. 2004-07-29 18:04:06 +00:00
Lukas Ertl
691ae40438 Catch up with recent gcc changes and introduce a DIP_SET macro
to use when setting values that depend on the UFS version.
Raise WARNS again.
2004-07-29 11:28:24 +00:00
Hartmut Brandt
70f920e023 No need to include if_var.h. 2004-07-28 16:34:42 +00:00
Hartmut Brandt
125469a3d8 Get rid of several unneeded includes (if.h, if_var.h, if_mib.h). 2004-07-28 16:32:17 +00:00
Alexander Kabaev
a03f8f81b7 Downgrade WARNS level until GCC 3.4.2 warning are fixed. 2004-07-28 06:00:09 +00:00
Alexander Kabaev
8518a74a8f Avoid casts as lvalues. 2004-07-28 05:59:22 +00:00
Alexander Kabaev
bcd5ceac59 Downgrade WARNS level until GCC 3.4.2 warning have been fixed. 2004-07-28 05:57:48 +00:00
Yaroslav Tykhiy
46912de489 Bump the date, .Dd, since the document content has been changed
in the previous commit.

Pointed out by:	ru
2004-07-27 09:51:49 +00:00
Pawel Jakub Dawidek
1d723f1d51 Improve geom(8)'s 'list' command to show geoms and their providers and
consumers. Teach STRIPE, CONCAT and NOP classes about this improvement.
2004-07-26 17:14:47 +00:00
Pawel Jakub Dawidek
889c5dc22b Change naming scheme from /dev/<name>.stripe to /dev/stripe/<name>. 2004-07-26 16:10:27 +00:00
Pawel Jakub Dawidek
ba385d0091 Change naming scheme from /dev/<name>.concat to /dev/concat/<name>. 2004-07-26 16:08:32 +00:00
Stefan Farfeleder
f901ebcfb6 Assign the result of getopt() to an int rather than to a char (which is
possibly unsigned).
2004-07-26 15:04:57 +00:00
Yaroslav Tykhiy
e82866fea6 Add two knobs to ifconfig(8), vlanmtu' and vlanhwtag',
that provide control over the respective capabilities
of an interface, reception of extended frames and hardware
VLAN multiplexor.
2004-07-26 13:25:45 +00:00
SUZUKI Shinsuke
b2a1393ee2 re-enabled Rev 1.15 (lost during KAME merge at Rev 1.25, due to a KAME bug...)
Obtained from: KAME
2004-07-26 08:18:37 +00:00
Poul-Henning Kamp
e869d3777e Give better diagnostic for problems with backing files. 2004-07-25 08:17:23 +00:00
Lukas Ertl
db7edb3137 Fix potential buffer overflow.
PR:            bin/14697
Submitted by:  Matthew <kienow@infinet.com>
2004-07-24 19:11:40 +00:00
Giorgos Keramidas
328dbe4a94 Add references to pf(4) and pfctl(8) at the description of
securelevel = 3.

PR:		docs/69417
Submitted by:	Janos Mohacsi (mohacsi(at)niif(dot)hu)
2004-07-22 10:38:13 +00:00
Andre Oppermann
55db762b76 Extend versrcreach by checking against the rt_flags for RTF_REJECT and
RTF_BLACKHOLE as well.

To quote the submitter:

 The uRPF loose-check implementation by the industry vendors, at least on Cisco
 and possibly Juniper, will fail the check if the route of the source address
 is pointed to Null0 (on Juniper, discard or reject route). What this means is,
 even if uRPF Loose-check finds the route, if the route is pointed to blackhole,
 uRPF loose-check must fail. This allows people to utilize uRPF loose-check mode
 as a pseudo-packet-firewall without using any manual filtering configuration --
 one can simply inject a IGP or BGP prefix with next-hop set to a static route
 that directs to null/discard facility. This results in uRPF Loose-check failing
 on all packets with source addresses that are within the range of the nullroute.

Submitted by:	James Jun <james@towardex.com>
2004-07-21 19:55:14 +00:00