Commit Graph

9303 Commits

Author SHA1 Message Date
Conrad Meyer
7575e5c472 dumpon.8: Update minimum key size language
dumpon(8) has not accepted 1024-bit RSA keys since prior to r339784 (2018-10).
The manual page language was not updated at that time (oops).  The minimum
accepted is 2048 bits, which is also a good default choice.

Sponsored by:	Dell EMC Isilon
2020-04-23 18:04:52 +00:00
Conrad Meyer
4647ce4fb6 EKCD: Preload error strings, PRNG seed; use OAEP padding
Preload OpenSSL ERR string data so that the formatted error messages are
vaguely meaningful. Add OpenSSL error information to the RSA_public_encrypt()
operation failure case in one-time key generation.

For obsolescent OpenSSL versions (*cough* FIPS *cough*), pre-seed the PRNG
before entering Cap mode, as old versions of OpenSSL are unaware of kernel
RNG interfaces aside from /dev/random (such as the long-supported kern.arnd, or
the slightly more recent getentropy(3) or getrandom(2)). (RSA_public_encrypt()
wants a seeded PRNG to randomize the "PS" portion of PKCS 1.5 padding or the
"MGF" pseudo-random function in OAEP padding.)

Switch dumpon to encrypt the one-time key with OAEP padding (recommended since
1998; RFC2437) rather than the obsolescent PKCS 1.5 padding (1993; RFC2313).

Switch decryptcore to attempt OAEP decryption first, and try PKCS 1.5
decryption on failure. This is intended only for transition convenience, and
we should obsolete support for non-OAEP padding in a release or two.

Reviewed by:	markj
MFC After:	2 weeks
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D24534
2020-04-23 17:56:48 +00:00
Alexander Motin
5458a1c840 Allow namespace-id specification where it makes sense.
It makes tool more convenient to not require user to explicitly convert
namespace device name into controller device name.  There should be no
changes to already existing syntaxes.

MFC after:	1 week
2020-04-20 14:54:41 +00:00
Alexander Motin
1f15d49eea Open device with O_RDONLY when command is non-invasive.
This allows to use some of the subcommands against mounted nvd devices.

MFC after:	1 week
Sponsored by:	iXystems, Inc.
2020-04-20 13:47:07 +00:00
Kristof Provost
8fd675d8a0 pfctl: Call ifa_load() before ifa_grouplookup()
ifa_grouplookup() uses the data loaded in ifa_load() (through is_a_group()), so
we must call ifa_load() before we can rely on any of the data it populates.

Submitted by:	Nick Rogers
MFC after:	1 week
Sponsored by:	RG Nets
2020-04-19 15:37:13 +00:00
Kristof Provost
681652667a pfctl: Remove unused variable
Submitted by:	Nick Rogers
MFC after:	1 week
Sponsored by:	RG Nets
2020-04-19 15:32:14 +00:00
Alan Somers
cb67aaf20c bectl.8: correctly sort SEE ALSO section after 360078
Reported by:	yuripv
MFC after:	2 weeks
MFC with:	360078
2020-04-19 01:43:59 +00:00
Alan Somers
27586155ac bectl.8, beinstall.sh.8: fix man page section of beinstall.sh
Reported by:	phk
MFC after:	2 weeks
2020-04-18 19:53:47 +00:00
Mateusz Piotrowski
789e4d2f20 Improve manual page formatting
-	Use appropriate macros for command arguments.
-	Increase option list indentation for better readability.

MFC after:	3 days
2020-04-14 10:10:31 +00:00
Li-Wen Hsu
862ac3b74a Ensure kyua list working when there is no /dev/nvme*
Sponsored by:	The FreeBSD Foundation
2020-04-13 21:08:54 +00:00
Mariusz Zaborski
eec362ef58 decryptcore: load the nls data
Load the nls data before the openssl will try to do it in the
capability mode.
On my machine the sa_ossl_private_decrypt is trying to do that.

MFC after:	2 weeks
2020-04-11 17:30:33 +00:00
Kirk McKusick
0c08ecdff3 Inode check-hash errors were being reported after system crashes.
Trace the cause down to journalled soft updates recovery code in
fsck failing to recompute the check-hash after updating an inode.

As inode check-hash was first introduced to UFS in FreeBSD 13,
there is no need to MFC this commit.

Reported by:  Chuck Silvers
Sponsored by: Netflix
2020-04-10 23:58:07 +00:00
Kirk McKusick
2a18059670 Add an inode check-hash verification when running the journalled
soft update recovery code with the debugging (-d) option.

As inode check-hash was first introduced to UFS in FreeBSD 13,
there is no need to MFC this commit.

Reported by:  Chuck Silvers
Sponsored by: Netflix
2020-04-10 23:49:34 +00:00
David Bright
0e3e53d746 Add a basic test for nvmecontrol
I recently made some bug fixes in nvmecontrol. It occurred to me that
since nvmecontrol lacks any kyua tests, I should convert the informal
testing I did into a more formal automated test. The test in this
change should be considered just a starting point; it is neither
complete nor thorough. While converting the test to ATF/kyua, I
discovered a small bug in nvmecontrol; the nvmecontrol devlist command
would always exit with an unsuccessful status. So I included the fix
for that, too, so that the test won't fail.

Reviewed by:	imp@
MFC after:	3 days
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D24269
2020-04-07 20:26:42 +00:00
Kirk McKusick
33ceb489d3 Clean up global variable declarations in the dump and restore
utilities so that they will compile with -fno-common.

Started by:  Kyle Evans (kevans)
Reviewed by: Kyle Evans (kevans)
MFC after:   1 week
Differential Revision: https://reviews.freebsd.org/D24210
2020-04-04 00:56:56 +00:00
Mateusz Piotrowski
b75ab02f57 Bump date after recent changes and lint 2020-04-03 13:05:26 +00:00
Poul-Henning Kamp
9546e08e7b Add two options to recoverdisk(1) inspired by a recent
data-archæology project:

-u pattern

    Fill unread parts of the output with pattern.
    Default pattern is "_UNREAD_", empty pattern disables.

-v

    Fancy status reporting using ANSI escapes and UTF-8
2020-04-02 15:17:53 +00:00
David Bright
6995fb5eb7 Fix various Coverity-detected errors in nvmecontrol
This fixes several Coverity-detected errors in nvmecontrol. While in
here, a couple additional errors with shift/mask confusion that were
not diagnosed by Coverity are also fixed.

CIDs addressed: 1040299, 1040300, 1403972, 1403973, 1403985, 1403988,
1403990, 1404374, 1404427, 1404469, 1404510, 1404534, 1418118

CID 1403657 (resource leak of shared library handle) was marked
"intentional" in the Coverity scan database.

Reviewed by:	vangyzen, robert.herndon_dell.com
Reviewed by:	daniel.william.ryan_gmail.com (earlier version)
Reviewed by:	rramsden_isilon.com (earlier version), imp
MFC after:	5 days
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D24203
2020-04-02 13:52:54 +00:00
Kyle Evans
c3e9752ea1 fsck_ffs/fsdb: fix -fno-common build
This one is also a small list:

- 3x duplicate definition (ufs2_zino, returntosingle, nflag)
- 5x 'needs extern', 3/5 of which are referenced in fsdb

-fno-common will become the default in GCC10/LLVM11.

MFC after:	1 week
2020-03-29 20:03:46 +00:00
Kyle Evans
b4cd5daf75 iscontrol: move definition of vflag/iscsidev to iscontrol.c
Mark the declaration extern as these are used elsewhere; this fixes the
build with -fno-common.

MFC after:	3 days
2020-03-29 02:28:15 +00:00
Andrey V. Elsukov
db1102f213 Use IP_FW_NAT44_DESTROY opcode for IP_FW3 socket option to destroy
NAT instance.

The NAT44 group of opcodes for IP_FW3 socket option is modern way
to control NAT instances and this method can be used in future to
switch from numeric to named NAT instances, like was done for ipfw
tables.
The IP_FW_NAT_DEL opcode is the last remnant of old ipfw_ctl control
plane that doesn't support versioned operations. This interface will
be retired soon.

Reviewed by:	melifaro
MFC after:	10 days
Sponsored by:	Yandex LLC
2020-03-24 12:27:02 +00:00
Baptiste Daroussin
1b6c9c3f43 Remove the link to libl which only contains a stub function
on yywrap, if the flex is told yywrap is not in use, then this linkage becomes
unnecessary
2020-03-23 14:37:00 +00:00
Baptiste Daroussin
e2328be509 Revove useless linking to yacc 2020-03-23 14:11:49 +00:00
Kristof Provost
d2568b024d pfctl: improve rule load times with thousands of interfaces
r343287 / D18759 introduced ifa_add_groups_to_map() which is now run by
ifa_load/ifa_lookup/host_if. When loading an anchor or ruleset via pfctl that
does NOT contain ifnames as hosts, host() still ends up iterating all
interfaces twice, grabbing SIOCGIFGROUP ioctl twice for each. This adds an
unnecessary amount of time on systems with thousands or tens of thousands of
interfaces.

Prioritize the IPv4/6 check over the interface name lookup, which skips loading
the iftab and iterating all interfaces when the configuration does not contain
interface names.

Submitted by:	Nick Rogers
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24100
2020-03-19 12:54:43 +00:00
Ed Maste
2ee11faacf ldconfig: add aout deprecation notice
aout support in ldconfig hasn't been required since FreeBSD 2.x.
Anyone still using FreeBSD 2 shared libraries can also use a FreeBSD 2
ldconfig to generate aout ldconfig hints.

Sponsored by:	The FreeBSD Foundation
2020-03-17 15:57:25 +00:00
Alexander V. Chernikov
e3bf606c5d Revert r358858 as it breaks some ipfw(8) setups.
Reported by:	O. Hartmann <o.hartmann@walstatt.org>
2020-03-11 08:08:53 +00:00
Alexander V. Chernikov
8149b12da1 Don't assume !IPv6 is IPv4 in ipfw(8) add_src() and add_dst().
Submitted by:	Neel Chauhan <neel AT neelc DOT org>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D21812
2020-03-10 20:30:21 +00:00
Gleb Smirnoff
3f16af55b2 Align the buffer to the alignment of the structure we expect.
Submitted by:	Slawa Olhovchenkov <slw zxy.spb.ru>
2020-03-05 21:01:47 +00:00
Gleb Smirnoff
8cd9718f0b When a machine boots the NFS mounting script is executed after
interfaces are configured, but for many interfaces (e.g. all Intel)
ifconfig causes link renegotiation, so the first attempt to mount
NFS always fails. After that mount_nfs sleeps for 30 seconds, while
only a couple seconds are actually required for interface to get up.

Instead of sleeping, do select(2) on routing socket and check if
some interface became UP and in this case retry immediately.

Reviewed by:	rmacklem
Differential Revision:	https://reviews.freebsd.org/D23934
2020-03-04 22:27:16 +00:00
Eric van Gyzen
7bef70737b dumpon: skip size check if using zstd
As with gzip, let the dump device be smaller than physical memory
when using zstd and full dumps.

Also print the error message if the size check fails, even if -v
is not specified.  Failing silently is not friendly.

Reviewed by:	cem markj
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D23923
2020-03-03 22:14:23 +00:00
Li-Wen Hsu
fe44c67716 Fix test cases after r358448
sbin.pfctl.pfctl_test.pf0087
sbin.pfctl.pfctl_test.selfpf0087

MFC with:	r358448
Sponsored by:	The FreeBSD Foundation
2020-02-29 13:24:41 +00:00
Alexander V. Chernikov
af14123601 Make ping6(1) return code consistent with the man page.
When every sendto() call originated by ping6(1) fails, current code always
 returns 2 ("transmission was successful but no responses were received")
 which is incorrect. Return EX_OSERR instead as in many cases it indicates
 some kernel-level problems.

MFC after:	3 weeks
2020-02-15 15:39:53 +00:00
Dimitry Andric
dacf624d5f Fix the following -Werror warning from clang 10.0.0 in sconfig:
sbin/sconfig/sconfig.c:909:5: error: misleading indentation; statement is not part of the previous 'else' [-Werror,-Wmisleading-indentation]
                                exit (-1);
                                ^
sbin/sconfig/sconfig.c:907:6: note: previous statement is here
                        } else
                          ^

The intent was to group the exit() call with the previous fprintf()
call.

MFC after:	3 days
2020-02-13 18:37:17 +00:00
Eugene Grosbein
04777538e7 ipfw nat: add missing bits after r357092 (RFC 6598/Carrier Grade NAT)
Submitted by:	Neel Chauhan <neel AT neelc DOT org>
Reviewed by:	Lutz Donnerhacke
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D23448
2020-02-12 00:46:33 +00:00
Xin LI
9e4029ff49 Use humanize_number to format available and bad space sizes.
Reviewed by:		mckusick (earlier version)
MFC after:		2 weeks
Differential Revision:	https://reviews.freebsd.org/D23050
2020-02-10 04:16:41 +00:00
Warner Losh
ab9848aa9b No need to make sunlabel anymore
It was only built on sparc64. Since it wasn't a general tool on other
architectures, no need to keep it around for another release.

Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D23524
2020-02-06 17:52:02 +00:00
Kyle Evans
21c1a93c04 init(8): set environment variables from the "daemon" class as well
Specifically, when running /etc/rc. This allows one to specify via
login.conf(5) an environment that should be used when running services to
ease, e.g., setting up env vars for an HTTP proxy consistently across cron
and services alike.

Future changes will extend cron(8)/service(8) to use environment vars
pecified in login.conf(5) as well to promote a more cohesive experience.

This is a part of D21481.

Submitted by:	Andrew Gierth <andrew_tao173.riddles.org.uk>
2020-02-05 04:27:44 +00:00
Xin LI
43f1940992 Diff reduction against NetBSD, no functional change.
MFC after:	1 week
2020-02-02 20:53:31 +00:00
Dimitry Andric
e54f2950a6 Fix the following -Werror warning from clang 10.0.0 in newfs_msdos:
sbin/newfs_msdos/newfs_msdos.c:181:2: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
        if (o.align) {
        ^
sbin/newfs_msdos/newfs_msdos.c:179:5: note: previous statement is here
    if (argc < 1 || argc > 2)
    ^

MFC after:	3 days
2020-01-28 20:10:26 +00:00
Alex Richardson
162ae9c834 Allow bootstrapping makefs on older FreeBSD hosts and Linux/macOS
In order to do so we need to install the msdosfs headers to the bootstrap
sysroot and avoid includes of kernel headers that may not exist on every
host (e.g. sys/lockmgr.h). This change should allow bootstrapping of makefs
on FreeBSD 11+ as well as Linux and macOS.

We also have to avoid using the IO_SYNC macro since that may not be
available. In makefs it is only used to switch between calling
bwrite() and bdwrite() which both call the same function. Therefore we
can simply always call bwrite().

For our CheriBSD builds we always bootstrap makefs by setting
LOCAL_XTOOL_DIRS='lib/libnetbsd usr.sbin/makefs' and use the makefs binary
from the build tree to create a bootable disk image.

Reviewed By:	brooks
Differential Revision: https://reviews.freebsd.org/D23201
2020-01-27 12:02:41 +00:00
Alexander V. Chernikov
75b893375f Add support for RFC 6598/Carrier Grade NAT subnets. to libalias and ipfw.
In libalias, a new flag PKT_ALIAS_UNREGISTERED_RFC6598 is added.
 This is like PKT_ALIAS_UNREGISTERED_ONLY, but also is RFC 6598 aware.
Also, we add a new NAT option to ipfw called unreg_cgn, which is like
 unreg_only, but also is RFC 6598-aware.  The reason for the new
 flags/options is to avoid breaking existing networks, especially those
 which rely on RFC 6598 as an external address.

Submitted by:	Neel Chauhan <neel AT neelc DOT org>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D22877
2020-01-24 20:35:41 +00:00
Kyle Evans
6966ac055c Drop "All Rights Reserved" from all libbe/bectl files
I sent out an e-mail on 2020/01/21 with a plan to do this to Kyle, Rob, and
Wes; all parties have responded in the affirmative that it's OK to drop it
from these files.
2020-01-24 02:18:09 +00:00
Warner Losh
73c6e0c358 Small tweak to the default behavior of shutdown -c
'shutdown -c' is supposed to power cycle the system rather than doing a normal
reboot. However, when that fails, it halts the system. This is not quite right
since the intent isn't to halt the system but to restart. Make the default init
behavior be to restart the system. The halt(8) interface can be used if you'd
like to powercycle or halt.

MFC After: 1 week
Differential Revision: https://reviews.freebsd.org/D23129
2020-01-17 01:20:48 +00:00
Eric van Gyzen
a532f299c9 savecore: include time zone in info.N file
This helps with event correlation when machines are distributed
across multiple time zones.

Format the time with relaxed ISO 8601 for all the usual reasons.

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2020-01-13 22:01:37 +00:00
Xin LI
d14a599d69 Tighten FAT checks and fix off-by-one error in corner case.
sbin/fsck_msdosfs/fat.c:
 - readfat:
    * Only truncate out-of-range cluster pointers (1, or greater than
      NumClusters but smaller than CLUST_RSRVD), as the current cluster
      may contain some data. We can't fix reserved cluster pointers at
      this pass, because we do no know the potential cluster preceding
      it.
    * Accept valid cluster for head bitmap. This is a no-op, and mainly
      to improve code readability, because the 1 is already handled in
      the previous else if block.
 - truncate_at: absorbed into checkchain.
 - checkchain: save the previous node we have traversed in case that we
   have a chain that ends with a special (>= CLUST_RSRVD) cluster, or is
   free. In these cases, we need to truncate at the cluster preceding the
   current cluster, as the current cluster contains a marker instead of
   a next pointer and can not be changed to CLUST_EOF (the else case can
   happen if the user answered "no" at some point in readfat()).
 - clearchain: correct the iterator for next cluster so that we don't
   stop after clearing the first cluster.
 - checklost: If checkchain() thinks the chain have no cluster, it
   doesn't make sense to reconnect it, so don't bother asking.

Reviewed by:	kevlo
MFC after:	24 days
X-MFC-With:	r356313
Differential Revision:	https://reviews.freebsd.org/D23065
2020-01-12 06:13:52 +00:00
Xin LI
d3dd66792b Correct off-by-two issue when determining FAT type.
In the code we used NumClusters as the upper (non-inclusive) boundary
of valid cluster number, so the actual value was 2 (CLUST_FIRST) more
than the real number of clusters. This causes a FAT16 media with
65524 clusters be treated as FAT32 and might affect FAT12 media with
4084 clusters as well.

To fix this, we increment NumClusters by CLUST_FIRST after the type
determination.

PR:		243179
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D23082
2020-01-11 17:41:20 +00:00
Xin LI
727d995c7d Apply typo fix from NetBSD, we have already applied all NetBSD changes so
update the NetBSD tag while I'm there.

MFC after:	2 weeks
2020-01-11 04:02:40 +00:00
Xin LI
ed0879d944 Require FAT to occupy at least one sector.
Obtained from:	Android https://r.android.com/1205830
MFC after:	3 days
2020-01-11 03:59:06 +00:00
Mark Johnston
c23df8eafa lagg: Further cleanup of the rr_limit option.
Add an option flag so that arbitrary updates to a lagg's configuration
do not clear sc_stride.  Preseve compatibility for old ifconfig
binaries.  Update ifconfig to use the new flag and improve the casting
used when parsing the option parameter.

Modify the RR transmit function to avoid locklessly reading sc_stride
twice.  Ensure that sc_stride is always 1 or greater.

Reviewed by:	hselasky
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23092
2020-01-09 14:58:41 +00:00
Xin LI
9a67c570a9 fsck_msdosfs.8: document -M.
Reported by:	mckusick
Reviewed by:	mckusick, emaste, bcr
MFC after:	28 days
X-MFC-with:	r356313
Differential Revision:	https://reviews.freebsd.org/D23049
2020-01-07 04:33:14 +00:00