offset is non-zero:
- Do not match fragmented packets if the rule specifies a port or
TCP flags
- Match fragmented packets if the rule does not specify a port and
TCP flags
Since ipfw cannot examine port numbers or TCP flags for such packets,
it is now illegal to specify the 'frag' option with either ports or
tcpflags. Both kernel and ipfw userland utility will reject rules
containing a combination of these options.
BEWARE: packets that were previously passed may now be rejected, and
vice versa.
Reviewed by: Archie Cobbs <archie@whistle.com>
real path here for the mount device (or path). This fixes difficulties
unmounting devices that are actually symlinks to real devices.
Also, print the original path instead of the real path in early error
messages. nfs path handling and later error messages may still be wrong,
probably only in silly cases where the original path is both a symlink
and a remote path.
PR: 5208
size was rounded up to a multiple of the fragment size, but this
gave invalid file systems when the fragment size was > SBSIZE (fsck
aborts early on them). Now a fragment size of 32768 seems to work
(too-simple tests with fsck and iozone worked).
superblock is invalid, fsck looks at the label to help guess where
the next superblock should be. If the partition type is 4.2BSD,
fsck assumed that the block size was valid and divided by it, so
it dumped core if the size was 0.
Initialization of the label was broken almost 3 years ago in rev.1.9
of newfs/newfs.c. Newfs does not change the label at all, so there
is no problem (except the breakage of the automatic search for
backup superblocks) unless something else sets the partition type
to 4.2BSD. However, it is too easy to set partition types to
4.2.BSD by copying an old label or by using a disktab entry to
create the label.
PR: 2537
rely on undocumented behavior.
The following fixes were obtained from OpenBSD:
o -Wall fixes to tlist array initialization and assignment used
as truth value.
o Use a restricted environment.
o Improved error message when shutdown fails to exec reboot or halt.
consequence, ipfw's list command now adjusts its output at runtime
based on the largest packet/byte counter values.
NOTE:
o The ipfw struct has changed requiring a recompile of both kernel
and userland ipfw utility.
o This probably should not be brought into 2.2.
PR: 3738
confused when they can't find it), but leave the reference to it
as being a standard filename (which doesn't imply that it exists).
Discussed with: jkh
floating point better in the percentage calculation there to avoid
overflow when there are more than about 20 million fragments. Start
using floating point in the other percentage calculation to avoid
overflow when there are more than about 2 million fragments.
Fixed printf format strings.
Converted sccsid to rcsid.
when there isn't even a filesystem. Attempting to print them tended
to cause SIGSEGV or SIGFPE depending on how far setup() got before it
returned 0. This was broken in the previous revision by removing a
return statement that the previous case depended on falling into.
PR: 4840 (fixed by this commit)
PR: 2537 (possibly fixed by Lite2 merge and later changes. setup()
does more checking now)
instead of htonl() !
This results in the int a,b,c,d changing to b,a,c,d,
but as it's subsequently coerced to a u_short, the
ultimate answer is correct.
If this isn't fixed properly soon (by the author) I'll
have a look at it again.
Noted by: eivind & ari@suutari.iki.fi
Obtained from: Whistle Communications tree
Add an option to the way UFS works dependent on the SUID bit of directories
This changes makes things a whole lot simpler on systems running as
fileservers for PCs and MACS. to enable the new code you must
1/ enable option SUIDDIR on the kernel.
2/ mount the filesystem with option suiddir.
hopefully this makes it difficult enough for people to
do this accidentally.
see the new chmod(2) man page for detailed info.
o start function names in column 1
o sort order of flags in getopt and switch
o don't try to reference progname
o unspam some changes introduced by a 2.2.1-R build box instead of a
-current build box
doc changes:
o document when these commands first appeared
o put email address in angle brakets
o minor mdoc clean up
permissions centrally and a setuid root mount utility just breaks
its security. There was no new breakage in practice because
mfdosfs_mount() still checks the ruid.
fix a few problems with missing headers, warn called with an exit
value, and undeclared getopt vars
these programs now compile -Wall clean (and yes, I know I should use
more than just -Wall) :)
like PAP and CHAP secrets with sppp(4). This is the first utility
using the new SIOC[SG]IFGENERIC ioctls (and the reason for inventing
them in the first place).
plain 0 should be used. This happens to work because we #define
NULL to 0, but is stylistically wrong and can cause problems
for people trying to port bits of code to other environments.
PR: 2752
Submitted by: Arne Henrik Juul <arnej@imf.unit.no>
higher up in memory (0x0800000 upwards) rather than near zero (0x1000
for our qmagic a.out format). The method that mount_mfs uses to allocate
the memory within data size rlimits for the ram disk is entirely too much
of a kludge for my liking. I mean, if it's run as root, surely it makes
sense to just raise the resource limits to infinity or something, and if
it's a non-root user mount (do these work? with mfs?) it could just fail
if it's outside limits.
an export line) is unresolvable, make a note of it via syslog and skip
that individual host instead of skipping the entire line.
PR: 1981, 815
Perused by: joerg
file based on the previous list of directories stored there which
should overcome a weakness of the '-m' switch which can only add
libs. This is an ideal way of updating the hints list after adding
or removing a shlib since it will remove entries that are gone and
doesn't need to have all the directories spelled out each time.
(eg: rm -f /usr/lib/libtcl75*; ldconfig -R) This only works for
version 2 hints files (which we've been generating for a year or
so) which store the path.
fixed. Natd now waits with select(2) for buffer space
to become available if write fails.
- Packet aliasing library upgraded to 2.2.
Submitted by: Ari Suutari <suutari@iki.fi>
non-directory file with more than one link to it, but in a level M > N
dump, the file with the inode number X is a plain file, "restore", when
restoring the level M dump, won't remove all the hard links to the old
file.
Submitted by: guy@netapp.com (Guy Harris)
accommodate the expanded name, the ICMP types bitmap has been
reduced from 256 bits to 32.
A recompile of kernel and user level ipfw is required.
To be merged into 2.2 after a brief period in -current.
PR: bin/4209
Reviewed by: Archie Cobbs <archie@whistle.com>
This isn't necessarily the best statistic, but it is by far the easiest to
calculate. Update the man page to be more explicit about precisely which
statistics are printed out. Revert some of jmg's bogus man page changes from
rev 1.11.
The answer is not really, but almost.
it sent data that was ok, though it was a hack,
but it was bug-compatible with the kernel on receiving them. This also
had been fixed with a hack.. I hacked it better I think.
to do with netmasks.. we fed totally bogus data into the kernel
to do with default routes and it just believed us. this led to:
1/ kernel panics
2/ the default route refusing to be deleted or added
(depending on a number of factors, usually it worked ok.)
better hack in ffs_vfsops.c. The hack here restricted the maximum file
size to 2^39 bytes (512GB). fs_bsize * 2^31 - 1 (16TB for the default
blocksize of 8K) would have been better. There is no good way to remove
this limit on old BSD4.4 file systems.
unreachable hosts. Note that most of this consists of telling SIGINT
and SIGALRM to interrupt the system call, instead of restarting them.
Also try to get rid of some potential races Bruce didn't like; hopefully
they aren't a problem (potential or otherwise) now.
Reviewed by: julian
this is a NO-NO
re-arange to just set a "please die immediatly" flag in the signal handler
and handle this in the normal thread.
also handle ping -f better on slow links by backing off a bit when
we get a ENOBUFFS from the sendto().
to the session list. If the device comes back as unconfigured, just
ignore that line in /etc/ttys. If someone HUP's init, we'll try again.
This change stops getty's from hanging on vty and sio ports that don't
exist, either due to LKM drivers not being loaded, or probes failing.
Reviewed by: bde
This makes configuration of mfs /tmp on diskless clients more intuitive
for people like me, that have used this feature on NetBSD and SunOS.
Using the -T option and /dev/null, while already supported,
is neither intuitive nor documented in the handbook.
Obtained from: NetBSD
- use new getvfsbyname() interface.
- new -A option, like -a except only mounted file systems are unmounted.
All non-cosmetic FreeBSD changes in umount.c, except ignoring of
realpath() failures, went away because they are done better in Lite2.
realpath() failures must be ignored so that non-pathnames like
"<above>:/foo" and "host:/bar" get as far as mount(2).
Reviewed by: dfr
Any existing config files (using the -f option) will need
to be changed although using the old files will usually result
in an error (partition 0 is invalid).
these are quite extensive additions to the ipfw code.
they include a change to the API because the old method was
broken, but the user view is kept the same.
The new code allows a particular match to skip forward to a particular
line number, so that blocks of rules can be
used without checking all the intervening rules.
There are also many more ways of rejecting
connections especially TCP related, and
many many more ...
see the man page for a complete description.
place rather than updating the main loop's index variables from within
a subroutine and other revolting things like that. Move some more
globals into local variables.
program and it's use of global variables. Somehow, I managed to miss the
most obvious case.. "ifconfig ed0 10.0.0.1" failed (no "inet")
Submitted by: dfr
family inet if not specified. (eg: "ifconfig ed0" down would fail because
no family was specified, even though the up/down status is not per family)
Pointed out by: Wolfgang Helbig <helbig@MX.BA-Stuttgart.De>
- parse command options using getopt for consistancy
- sanitise the command parsing so that it's less like spaghetti
- implement a "-l" option (idea from NetBSD - just list names)
- attempt to clean up the sysctl parsing loop some more. It still needs
to be taken out the back and shot though.
- cut down on global usage, but there's a lot more scope for this.
- make usage string a bit closer to reality (it was missing lots of things)
Unfortunately, I did this for the second time but with the memory of
the NetBSD version still recently in my mind. It's hard to redo simple
changes or getopt stuff without making it look like what you've been
working with a few hours ago.
mount. It is possible to have v3 MOUNT but only v2 NFS, for instance for
a custom user-mode server like CFS.
Reviewed by: "Louis A. Mamakos" <louie@TransSys.COM>
Instead, reverse the order of the testing, so if a symbolic name starts with
a digit, we'll see if we can make a network address out of it first. If
that fails, then we'll call getnet...
options one would normally expect to set the realm, enable encryption,
and whatnot, but this actually is able to contact the remote server,
so at least it's a start. (As a bonus, the stripped static binary is
unquestionably exportable.)
now by default mount the last data track (thus last session), as
opposed to the very first session it has been mounting previously.
This is consistent with the ISO9660 multi-session idea, and the way
other operating systems are working.
There's support to mount arbitrary sessions using the -s option. This
way, you can simulate multi-session CDs on something like vn devices
that don't support CDIO* ioctl commands. You can also force the
historic behaviour with
mount -t cd9660 -o -s=0 /dev/cd0a /cdrom
nfs requests from non-privileged ports.
Change mountd such that it does never set this variable, but only clears
it when run with -n. Also document this in the man page.
a reserved port, so why not the nfs rpc's themselves?
With user allowed mounts, this perhaps needs a closer look, but
on the other hand, a user could already specify the flag.
If normal users should not be able to use resserved ports, the kernel
should check for the flag at mount time.
(presumably because the kernel is old). Moved the declaration of a
variable realated to this sysctl outside of an unrelated ifdef.
Not fixed:
- this sysctl is badly named (nfs occurs twice).
- it's silly to have for FreeBSD in FreeBSD code, especially when
only half of the FreeBSD-dependent code is ifdefed.
in uu_lock(). Add uu_lockerr() for turning the results of
uu_lock into something printable. Remove bogus section in man page
about race conditions allowing both processes to get the lock.
Include libutil.h and use uu_lock() correctly where it should.
Suggested by: ache@freebsd.org
it's internal malloc() implementation to try and avoid overstepping it's
resource limits (yuk!). Remain using libc's malloc(), but check the
resource limits right before trying to malloc the ramdisk space and leave
some spare memory for libc. In Andrey's words, the internal malloc
was "true evil".. Among it's sins is it's ability to allocate less memory
than asked for and still return success. stdio would just love that. :-)
Reviewed by: ache
I was not sure whether the fs_id fields should be printed in the clear
in case of sniffing over a network login etc. It might be an idea
to have somebody with spare time go through and find any other missing
fields that should be reported.
Definate 2.2.x/2.1.x candidate since it breaks the build.
automatically have random generation numbers. The kenel way of handling those
also changed. Further it is advised to run fsirand on all your nfs exported
filesystems. the code is mostly copied from OpenBSD, with the randomization
chanegd to use /dev/urandom
Reviewed by: Garrett
Obtained from: OpenBSD
something closer to how we used to do it. The Lite2 way is to check the
"fsclean" flag in the superblock and stop there if so (during preen).
We now do the various superblock sanity checks that we used to do before
since it's cheap. We now get the filesystem state summary again instead
of "FILESYSTEM CLEAN; CHECKING SKIPPED" (or whatever).
errors (mis-sorted prototypes, duplicated MNT_NOATIME, duplicated NULL
mntopts fixup).
Updated getopt() usage.
Fixed style bugs in FreeBSD changes (one or two per line for putfsent()
stuff).
