that ext2fs in the kernel supports async mounts. ext2fs used to
effectively force the -async flag on. -async for ext2fs only gives
async (more precisely, delayed) writes for inode updates, so it is
barely worth using even when it is safe.
This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.
Sponsored by: sentex.net
These files had tags after the copyright notice,
inside the comment block (incorrect, removed),
and outside the comment block (correct).
Approved by: rwatson (mentor)
- Ensure that the buffer ends with "\n\0" to avoid special cases
and allow the use of strtol().
- Use strvisx() on each complete line instead of character by
character.
Submitted by: bde
MFC after: 1 week
lookup on an IP address from the packet (such as the IP that sent
a TTL exceeded error). If the DNS lookup takes a long time, ^C will
appear to be ineffective since the SIGINT handler just sets a flag
and returns. Work around this by exiting immediately on receipt of
a second SIGINT when DNS lookups are enabled.
PR: bin/4696
MFC after: 1 week
full, since that line is almost always incomplete. Make the parsing
of <%d> lines more strict.
Also simplify the logic a little:
- Start off by making the buffer linear so that we don't have to
deal with it wrapping around (suggested by bde).
- Process line by line rather than byte at a time.
has now has no effect except in combination with -p, and plain fsck
checks all file systems instead of skipping clean ones for msdosfs
only.
Renamed the force flag to skipclean and inverted its logic as in
fsck_ffs.
combined with the the signature check in a wrong way (basically
(dirty:= signature_recognised() && !clean) instead of
(mightbedirty:= !signature_recognized || !clean), so file systems
with unrecognized signatures were considered clean. Many of the
don't-care and reserved bits were not ignored, so some file systems
with valid signatures were unrecognized. One of my FAT32 file systems
has a signature of f8,ff,ff,ff,ff,ff,ff,f7 when dirty, but only
f8,ff,ff,0f,ff,ff,ff,07 was recognised as dirty for FAT32, so the
fail-unsafeness made my file system always considered clean.
Check the i/o non-error bit in checkdirty(). Its absence would give
an unrecognized signature in code that is unaware of it, but we now
mask it out of the signature so we have to check it explicitly. This
combines naturally with the check of the clean bit.
Reviewed by: rnordier (except for final details)
better. There is a related I/O error flag which we don't support in
the kernel but must support here. (Support for bits that we don't
understand here is mostly automatic by fail-safeness, but checkdirty()
has fail-unsafeness.) There are some reserved and don't-care bits
that weren't fully documented and aren't always masked properly. The
comment about the bits in readfat() will be removed when the masking
is fixed.
Submitted by: rnordier
reorganize the printing of the interface name when using wildcard
cloning so it is not printed if it we either immediately rename or
destroy the interface.
Reviewed by: ru
in those cases:
1. File system was mounted by an unprivileged user.
2. File system was mounted by an unprivileged root user.
3. File system was mounted by a privileged non-root user.
Point 1 is when file system was mounted by unprivileged user
(sysctl vfs.usermount was equal to 1 then).
Point 2 is when file system was mounted by root, while sysctl
security.bsd.suser_enabled is set to 0 and sysctl vfs.usermount
is set to 1.
Point 3 is because we want to be ready for capabilities.
Reviewed by: rwatson
Approved by: scottl (mentor)
from the sdl because strlcpy requires that the source string be
NUL-terminated unlike strncpy.
Submitted by: Peter Jeremy <PeterJeremy at optushome dot com dot au>
name.
Prevent the kernel from potentially overflowing the interface name
variable. The size argument of strlcpy is complex because the name is
not null-terminated in sdl_data.
return for getopt() and comparing to -1, ditto with fgetc() and EOF,
and using the kg_nice value from <sys/user.h>
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
Reviewed by: obrien, bde (a while back)
Tested lightly on: ppc, i386, make universe
- Unify the conditional assignments section so that architectural
exclusions come first, then options and !options, sorted by the
option name, also in directory order, then architecture specific
sections, sorted by the architecture name, with i386 being a
traditional exception.
Prodded by: bde
this program. Gnu indentation is used for these. Redo the fix for
the large expression at the end of the previous commit to give gnu
indentation. The original version was gnuish but had 9 bogus extra
characters of indentation in its continuation lines, perfect tab
lossage on every line, and other bugs.
The previous commit log should have claimed to fix style bugs in the
previous-1 commit (1.5), not the forced null previous commit (1.6).
Declare perror(). We define and use a home made version of perror(3)
that can't simply be removed (although it has the same interface as
perror(3)) since it is very different (it prints on stdout, doesn't
always print the program name, and sometimes exits). Declare it to
get a reminder of this brokenness when WARNS is increased enough.
became garbage when block devices were axed and were removed a few
months later, but they came back (with hotroot renamed to hot + hotroot())
when the NetBSD fsck was mismerged.
- Don't use errexit() to (mis)implement usage(). Using errexit() just
gave the bogus exit code 8.
- Fixed 3 other style bugs in usage().
fsck/fsutil.[ch]:
- Garbage-collected errexit(). It is essentially just one of NetBSD's
fsck_ext2fs error printing functions, but we don't have fsck_ext2fs
and the function is unsuitable for use there too (since pfatal() is
also used and it printf to a different stream).
add one if the SYN flag was set in the original packet. This seems to make
ip6fw reset work correctly for new and in-progress connections. Update
the man page to reflect the fact it now seems to work.
Glanced at by: ume
MFC after: 2 weeks
rule, thus omitting the entire body.
This makes the output a lot more readable for complex rulesets
(provided, of course, you have annotated your ruleset appropriately!)
MFC after: 3 days
is all zeros. The kernel now consistently zeroes FSIDs for non-root
users, so there's no point in printing these.
Also fix a number of compiler warnings, including two real bugs:
- a bracket placement bug caused `mount -t ufs localhost:/foo /mnt'
to override the `-t ufs' specification and use mount_nfs.
- an unitialised variable was used instead of _PATH_SYSPATH when
warning that the mount_* program cound not be found.
Submitted by: Rudolf Cejka <cejkar@fit.vutbr.cz> (FSID part)
Approved by: re (scottl)
is all zeros. The kernel now consistently zeroes FSIDs for non-root
users, so there's no point in printing these. Also fix a misspelling
in a comment.
Submitted by: Rudolf Cejka <cejkar@fit.vutbr.cz>
Approved by: re (scottl)
in /etc/ttys. Before this fix, once the count of active services
reaches 0, one could never restart any more without a reboot.
Steve Passe did the leg work on this patch. After he found the fix,
we discovered that an identical fix had been made to NetBSD.
Approved by: re@ <scottl>
Approval tool: peril sensitive sunglasses
The sconfig utility supports more than just cx boards, and those drivers
will make their way into FreeBSD shortly (maybe before 5.2).
Confirmed that this doesn't break the build.
Submitted by: Roman Kurakin <rik@cronyx.ru>
Approved by: re@ <scottl>
+ Patch is not my friend, but an evil toad
Remove redunant copy of each of these files that patch appended to them.
# Still not connected to the build.
Approved by: re@ <scottl>
This is the new cronyx serial control program.
# A future commit will remove the old driver/userland pieces and connect things
# to the build.
Submitted by: Roamn Kurakin <rik@cronyx.ru>
code is compiled in to support the O_IPSEC operator. Previously no
support was included and ipsec rules were always matching. Note that
we do not return an error when an ipsec rule is added and the kernel
does not have IPsec support compiled in; this is done intentionally
but we may want to revisit this (document this in the man page).
PR: 58899
Submitted by: Bjoern A. Zeeb
Approved by: re (rwatson)
parameter checking introduced in vfs_mount.c r1.113 rejects them
otherwise.
Submitted by: R. Imura <imura at ryu16 dot org>
Approved by: re (scottl,rwatson)
