addresses. For arch's with 64-bit longs, this is a nop, but for i386 this
allows sysinstall to properly handle disks and filesystems > 1 TB.
Changes from the original patch include:
- Use d_addr_t rather than inventing a blkcnt type based on int64_t.
- Use strtoimax() rather than strtoull() to parse d_addr_t's from config
files.
- Use intmax_t casts and %jd rather than %llu to printf d_addr_t values.
Tested on: i386
Tested by: kuriyama
Submitted by: julian
MFC after: 1 month
o Add a -D option to not attempt to create the home directory.
o Treat the /nonexistent home directory specially. It means the user has
no home directory and it should not be created.
o Update Copyright year and my email.
/sbin to /usr/sbin. A symlink from /sbin/nologin -> /usr/sbin/nologin
is created for compatibility purposes.
This will probably not cause any problems, but anyone who is doing
anything particularly unusual with nologin(8) or shells in general might
be well advised to check that everything still works.
Bikesheds on: cvs-all, current
/sbin/nologin for compatibility purposes. Also, remove the NO_NOLOGIN_LOG
option; we don't need to worry about conserving space as much on the /usr
partition.
Note that usr.sbin/nologin is not yet hooked up to the build.
- Add DECL wrappers to libgeom.h.
- Rename structure members in libgeom.h to use a lg_ prefix for member
names. This is required because a few structures had members named
'class' which made g++ very unhappy.
- Catch gstat(8) and gconcat(8) up to these API changes.
Reviewed by: phk
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.
Approved by: bms(mentor)
data buffering issue that corrupts files if two pw(8)'s run at the
same time as well as changing pw(8) so it uses the same locking
mechanism as PAM, vipw(8), pwd_mkdb(8), etc.
PR: bin/23501
Submitted by: Alex Kapranoff <alex (at) kapran (dot) bitmcnit (dot) bryansk (dot) su>
Approved by: rwatson (mentor)
MFC after: 5 days
records with time==0 get "the time of the last valid record", while records
where time goes backwards (compared to the previous record) are skipped.
Also prints a message saying how many records were changed or skipped due
to these checks. Check was inspired by a simpler check in OpenBSD's version.
This is all meant to sidestep problems that Tillman Hodgson noticed with 'ac'
when running sparc64 with 64-bit time_t's. The real problem is whatever is
creating wtmp records with ut_time==0, of course, but I have not yet figured
out what is doing that.
Reviewed by: no screams from freebsd-sparc64 or bde
MFC after: 2 weeks
so the program compiles without errors or warnings when DEBUG is defined on
sparc64 with 64-bit time_t's. Also have debug statements include the year
when printing records from a different year than 'now'. Also print out a
special timestamp in debug statements when ut_time==0.
Reviewed by: freebsd-sparc, bde
MFC after: 2 weeks
they want to delete '*'. It turns out that there is one valid case where
this might happen, installing to an empty DESTDIR.
Patch submitted by: schweikh
if_ndis.c has been split into if_ndis_pci.c and if_ndis_pccard.c.
The ndiscvt(8) utility should be able to parse device info for PCMCIA
devices now. The ndis_alloc_amem() has moved from kern_ndis.c to
if_ndis_pccard.c so that kern_ndis.c no longer depends on pccard.
NOTE: this stuff is not guaranteed to work 100% correctly yet. So
far I have been able to load/init my PCMCIA Cisco Aironet 340 card,
but it crashes in the interrupt handler. The existing support for
PCI/cardbus devices should still work as before.
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).
There are places where (void *) pointers are not valid, such as for
function pointers, but in the special case of (void *)0, agreement
settles on it being OK.
Most of the fixes were NULL where an integer zero was needed; many
of the fixes were NULL where ascii <nul> ('\0') was needed, and a
few were just "other".
Tested on: i386 sparc64
done inside of chroot(2) to chrootdir. Added to help with sysinstall(8)
support of install to alternate root but possibly useful for setting up
jails, etc.
No objection from: portmgr@
Style(9) abuse due to: entire program violates style(9)
Approved by: rwatson (mentor)
libexec/ftp-proxy - ftp proxy for pf
sbin/pfctl - equivalent to sbin/ipf
sbin/pflogd - deamon logging packets via if_pflog in pcap format
usr.sbin/authpf - authentification shell to modify pf rulesets
Bring along some altq headers used to satisfy pfctl/authpf compile. This
helps to keep the diff down and will make it easy to have a altq-patchset
use the full powers of pf.
Also make sure that the pf headers are installed.
This does not link anything to the build. There will be a NO_PF switch for
make.conf once pf userland is linked.
Approved by: bms(mentor)
generic watchdoc(9) interface.
Make watchdogd(8) perform as watchdog(8) as well, and make it
possible to specify a check command to run, timeout and sleep
periods.
Update watchdog(4) to talk about the generic interface and add
new watchdog(8) page.
nologin(8), this causes a considerable (100K) increase in the binary size,
so I've added a NO_LOGIN_LOG option which disables this.
While I'm here, s/sizeof(MESSAGE)/sizeof(MESSAGE) - 1/, in order to
avoid writing the string-terminating zero byte.
No complaints from: -current
Approved by: rwatson (mentor)
This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.
Sponsored by: sentex.net
hostname rather than an IP. The code was copying the pointer to the
IP address instead of the IP address itself. The bug has existed
ever since ypset was first imported in 1994.
PR: bin/62550
Submitted by: aardvark@saintaardvarkthecarpeted.com
MFC after: 1 week
loading on a particular version of Windows. For example, a .INF file
for a Windows 2000 driver may have an empty [foo.NT.5.1] section which
will be ingored on Win2K (whose .INF parser won't look for sections
decorated with .NT.5.1) in favor of a [foo] section. Likewise, a
WinXP file will have an empty [foo] section which will be ignored in
favor of [foo.NT.5.1].
The problem is, we can handle both Win2K and WinXP drivers, and we
don't want to exclude either one.
As a workaround, we try to pretend we are WinXP by default and search
for sections decorated with .NT.5.1, but if we don't turn up any records,
we assume that maybe we're being fooled by a sabotaged .INF file and
make one more pass looking for undecorated sections instead.
This allows us to parse the .INF files for both the Win2K and the WinXP
Centrino wireless drivers.
I'd give anything for 5 minutes alone in a room with whoever wrote
Microsoft's .INF file parser. Just 5 minutes. That's all.
for storing the "diff -n" output. Some files (eg ports/INDEX,v) are too
big nowadays to fit on the stack.
Submitted by: Stephen Montgomery-Smith <stephen@math.missouri.edu>
if the line doesn't match ^<%d>, then treat it as a regular kernel
printf line. Previously if a kernel printf message started with "<"
it would be interpreted as a log message, often with LOG_EMERG
level. This was triggered by some printfs in sys/dev/aic7xxx/, and
can also happen with the partial lines that result if syslogd cannot
keep up with the rate of arrival of kernel messages.
Reviewed by: dwmalone
MFC after: 1 week
their lines.
Properly discard PCMCIA device declarations. I plan to support
PCMCIA cards, but they don't work yet, and it appears some .INF files
declare both PCI and PCMCIA device instances.
instead of creating them by hand and storing them in the CVS tree. Add
gensnmptree to the bootstrap tools (it is used to generated these files).
This simplifies the update procedure.
Submitted by: ru
return for getopt() and comparing to -1, ditto with fgetc() and EOF,
and using the kg_nice value from <sys/user.h>
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
Reviewed by: obrien, bde (a while back)
Tested lightly on: ppc, i386, make universe
life easier" patch: I doubt this will affect anyone else, but the FreeBSD
Update build code was getting very confused by this.
Approved by: rwatson (mentor)
PR: bin/61087
Extend libsdp(3) API to allow service registration and removal.
Fix uninitialized variable bug in sdpcontrol(8).
Reviewed by: imp (mentor)
No objection: ru
- Unify the conditional assignments section so that architectural
exclusions come first, then options and !options, sorted by the
option name, also in directory order, then architecture specific
sections, sorted by the architecture name, with i386 being a
traditional exception.
Prodded by: bde
keys, don't just do a substring match on "Ndi\Params". Instead, check
explicitly for strings that begin with "Ndi\Params". Why? Because it's
possible to create your own keys with different paths, like
"PROSetNdi\NdiExt\Params" which is what Intel does in their PRO/1000
driver's .INF file.
SRCS to teach make(1) that many .c sources are dependent on it.
This fixes parallel (-j) builds and makes it possible to build
individual .o files separately.
While here, removed PROG from CLEANFILES -- it's taken care of
already by bsd.prog.mk.
When an NFS server is port-scanned nfsd sometimes exits. This has
happened 3 times the last few weeks.
Nfsd has been written to exit when accept(2) fails. Unfortunately
accept can sometimes make a "normal" return with errno ECONNABORTED
and in this case nfsd exits prematurely.
Solution:
Check for ECONNABORTED (and also EINTR, since nfsd uses signals)
and continue.
Submitted by: Bjoern Groenvall <bg@sics.se>
PR: 61084
sequence when machine is started without attached USB mouse. Only do
repeated attempts to re-open device if the usb module has been actually
loaded. Also fix broken logic in doing delays between open attempts - do
delays between attempts, not after each attempt.
Due to previous behaviour being very annoying for notebook owners this
is a good 5.2 MFC candidate.
MFC after: 2 days
very useful .dot files of your netgraph(4) to quickly visualize the
nodes, hooks and edges. An example of this can be found here:
http://people.freebsd.org/~green/sample-netgraph-dot.ps
If anyone would like to refine the output further, please do so.
In fdformat.c a closing parenthesis is at the wrong place. Instead of
adding sizeof _PATH_DEV + 1 to the length of argv[optind], the length of the
string starting (sizeof _PATH_DEV + 1) characters after argv[optind]'s
beginning (accessing junk memory if we jump over the terminating null
character) is passed to malloc().
PR: bin/60026
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
the NTx86 section decoration).
subr_ndis.c: correct the behavior of ndis_query_resources(): if the
caller doesn't provide enough space to return the resources, tell it
how much it needs to provide and return an error.
subr_hal.c & subr_ntoskrnl.c: implement/stub a bunch of new routines;
ntoskrnl:
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
MmMapLockedPages
InterlockedDecrement
InterlockedIncrement
IoFreeMdl
KeInitializeSpinLock
HAL:
KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock
Lastly, correct spelling of "_aullshr" in the ntoskrnl functable.
copyrights to the inf parser files.
Add a -n flag to ndiscvt to allow the user to override the default
device name of NDIS devices. Instead of "ndis0, ndis1, etc..."
you can have "foo0, foo1, etc..." This allows you to have more than
one kind of NDIS device in the kernel at the same time.
Convert from printf() to device_printf() in if_ndis.c, kern_ndis.c
and subr_ndis.c.
Create UMA zones for ndis_packet and ndis_buffer structs allocated
on transmit. The zones are created and destroyed in the modevent
handler in kern_ndis.c.
printf() and UMA changes submitted by green@freebsd.org
and list_verbose(), so don't open /dev/pci read-write. This allows
pciconf -l[v] to work for non-root users, assuming the securelevel is
0 or -1.
Problem experienced by: William Michael Grim <wgrim@siue.edu>
case so that if devices need different initialization, we can key off
this in the rc scripts (currently unused). Also update the man page
which is a 100% duplicate of the rc scripts.
snprintf (buf, size, fmt, buf, etc). This only works by chance with our
libc, but fails (with a truncated string) on e.g. glibc.
Okayed by: sobomax
MFC after: 1 week
/libexec to /mnt2/libexec, and execute /mnt2/rescue/ldconfig to add
the /mnt2/lib and /mnt2/usr/lib library directories. Thanks to John Baldwin
for working to track this down.
Submitted by: jhb
than a char array. Emitting the data as a big char array works fine in
the typical case, where a .sys file may be ~50K in size. Unfortunately,
some .sys files can be several hundred Kbytes in size, or even several
megabytes in size. One extreme case is the Intel centrino wireless
driver, which is 2.4MB. This causes us to emit an ndis_driver_data.h
file that's on the order of 15MB in size, and gcc consumes enormous
amounts of virtual memory while trying to compile it. On my laptop,
with 128MB of RAM and 256MB of swap space, gcc consumed all available
VM and crashed without being able to compile if_ndis.o.
By emitting the array as assembler, we bypass the C compiler and consume
much less memory. I was able to easily test compile if_ndis.ko with the
centrino driver on my laptop after this change.
This is merely a convenience, and should not have any operational effect
on the NDISulator itself.
definitions for more than one device (usually differentiated by
the PCI subvendor/subdevice ID). Each device also has its own tree
of registry keys. In some cases, each device has the same keys, but
sometimes each device has a unique tree but with overlap. Originally,
I just had ndiscvt(8) dump out all the keys it could find, and we
would try to apply them to every device we could find. Now, each key
has an index number that matches it to a device in the device ID list.
This lets us create just the keys that apply to a particular device.
I also added an extra field to the device list to hold the subvendor
and subdevice ID.
Some devices are generic, i.e. there is no subsystem definition. If
we have a device that doesn't match a specific subsystem value and
we have a generic entry, we use the generic entry.
mostly used on 80x25 displays, and the actual window is about ten
characters narrower than that, resulting in the need for horizontal
scrolling. No functional change.
RELENG_5_2 candidate.
needed to be statically populated with device nodes. The first two are no
longer true, which makes the third pretty moot. In fact, we don't seem to
put device node bits into the distribution archives at all anymore.
So..... remove the god-aweful nasty hack that force unmounted devfs during
installation so that static device nodes could land in /dev. Now that the
vnode cleaner handles this case better this isn't strictly needed, but
axeing code in sysinstall is almost always benficial. Thanks to Don Lewis
for pointing out this attribute of sysinstall.
the case where there's an entry in the manufacturer's device list but
no corresponding installation section (and hence no AddReg assignments),
i.e. if dev = find_assign(sname, "AddReg"); returns NULL, then
don't try to dereference dev.
There is a fundamental problem with the handling of .INF files that
contain definitions for multiple devices: right now we dump all the
AddReg sections that we find, but don't distinguish what device they
belong to. This often results in duplicate keys.
Yes, it's what you think it is. Yes, you should run away now.
This is a special compatibility module for allowing Windows NDIS
miniport network drivers to be used with FreeBSD/x86. This provides
_binary_ NDIS compatibility (not source): you can run NDIS driver
code, but you can't build it. There are three main parts:
sys/compat/ndis: the NDIS compat API, which provides binary
compatibility functions for many routines in NDIS.SYS, HAL.dll
and ntoskrnl.exe in Windows (these are the three modules that
most NDIS miniport drivers use). The compat module also contains
a small PE relocator/dynalinker which relocates the Windows .SYS
image and then patches in our native routines.
sys/dev/if_ndis: the if_ndis driver wrapper. This module makes
use of the ndis compat API and can be compiled with a specially
prepared binary image file (ndis_driver_data.h) containing the
Windows .SYS image and registry key information parsed out of the
accompanying .INF file. Once if_ndis.ko is built, it can be loaded
and unloaded just like a native FreeBSD kenrel module.
usr.sbin/ndiscvt: a special utility that converts foo.sys and foo.inf
into an ndis_driver_data.h file that can be compiled into if_ndis.o.
Contains an .inf file parser graciously provided by Matt Dodd (and
mercilessly hacked upon by me) that strips out device ID info and
registry key info from a .INF file and packages it up with a binary
image array. The ndiscvt(8) utility also does some manipulation of
the segments within the .sys file to make life easier for the kernel
loader. (Doing the manipulation here saves the kernel code from having
to move things around later, which would waste memory.)
ndiscvt is only built for the i386 arch. Only files.i386 has been
updated, and none of this is turned on in GENERIC. It should probably
work on pc98. I have no idea about amd64 or ia64 at this point.
This is still a work in progress. I estimate it's about %85 done, but
I want it under CVS control so I can track subsequent changes. It has
been tested with exactly three drivers: the LinkSys LNE100TX v4 driver
(Lne100v4.sys), the sample Intel 82559 driver from the Windows DDK
(e100bex.sys) and the Broadcom BCM43xx wireless driver (bcmwl5.sys). It
still needs to have a net80211 stuff added to it. To use it, you would
do something like this:
# cd /sys/modules/ndis
# make; make load
# cd /sys/modules/if_ndis
# ndiscvt -i /path/to/foo.inf -s /path/to/foo.sys -o ndis_driver_data.h
# make; make load
# sysctl -a | grep ndis
All registry keys are mapped to sysctl nodes. Sometimes drivers refer
to registry keys that aren't mentioned in foo.inf. If this happens,
the NDIS API module creates sysctl nodes for these keys on the fly so
you can tweak them.
An example usage of the Broadcom wireless driver would be:
# sysctl hw.ndis0.EnableAutoConnect=1
# sysctl hw.ndis0.SSID="MY_SSID"
# sysctl hw.ndis0.NetworkType=0 (0 for bss, 1 for adhoc)
# ifconfig ndis0 <my ipaddr> netmask 0xffffff00 up
Things to be done:
- get rid of debug messages
- add in ndis80211 support
- defer transmissions until after a status update with
NDIS_STATUS_CONNECTED occurs
- Create smarter lookaside list support
- Split off if_ndis_pci.c and if_ndis_pccard.c attachments
- Make sure PCMCIA support works
- Fix ndiscvt to properly parse PCMCIA device IDs from INF files
- write ndisapi.9 man page
PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
such that 'ispcvt' can build. Unforunately 'ispcvt' is needed in order for
/etc/rc.d/syscons to run. This fixes the bug where I could not get my
keymap effective at boot.
it returns. This allows it to connect to the server side again, which
has been listening on IPv6 addresses exclusively for more than 2 years.
PR: 59369
(Lite Edition) respectively. These "lite" packages are streamlined to
provide users with the core essentials for each desktop and to fit on the
release disc 1.
Approved by: re (scottl)
permitting the administrator to select a securelevel top operate
at. Include a helpfile summarizing some of the information from
init(8). This allows for explicit configuration of securelevels,
which was previously implicit in Security Profile selection.
Currently, there are no checkboxes for the active securelevel,
because sysinstall's facilities for deriving "current settings"
from rc.conf may use only one variable, not two, and I opted for
the simplest approach at this point.
Approved by: re (scottl)
selection is used to drive two configuration parameters:
(1) Default enable/disable for sshd
(2) Default enable/disable for securelevels
Replace this with an explicit choice to enable/disable sshd. A
follow-up commit will add a configuration option to the Security
post-install configuration menu to set the securelevel in rc.conf
explicitly. This should reduce the level of foot-shooting associated
with accidental enabling of securelevels, make the nature and
implications of the securelevel configuration options more explicit,
as well as make the choice to enable/disable sshd more explicit.
Approved by: re (scottl)
(1) Document the notion of using jail(8) to run "virtual servers" or
just to constrain specific applications. If only running specific
applications, some configuration steps are unnecessary (such as
editing rc.conf).
(2) Add some more subsection headers to break up the bigger chunks of
text.
(3) Clarify the problems associated with applications binding all IP
addresses in the host, and attempt to be more specific about
potential application problems. Document how to force sshd to
bind the the right socket.
(4) Suggest that in a jailed application scenario, you might want to
have the host syslogd listen on the socket in the jail, rather
than running syslogd in the jail.
(5) Catch another reference to /stand/sysinstall.
Approved by: re (bmah implicitly)
check if it's already loaded or compiled into the kernel, and only try to
load it if it isn't.
PR: bin/59368
Submitted by: Jens Rehsack <rehsack@liwing.de>
is possible for an error to occur while trying to log an error, and
this can result in infinite recursion (or at least until we run out
of stack).
Rather than this, we ignore requests to log an error while logging an
error.
PR: 51253
MFC after: 2 weeks
Avoid implicit function calls by adding the proper include files.
Use const char copyright.
Fix some fprint formatting.
In the manual page:
Use the .Pa macro for filenames and locations.
Kill hard setence breaks.
Make use of the .Tn and .Dq macros.
Add some to text to the otherwise blank HISTORY section (taken from CVS).
constants NG_*SIZ that include the trailing NUL byte. This change
is mostly mechanical except for the replacement of a couple of snprintf()
and sprintf() calls with strlcpy.
- simplify by strdup.
- set ai_protocol in hints to TCP.
- g/c FAITH_NS (no description, not maintained for years)
- warn if connection from IPv4 mapped is reached.
- IPV6_V6ONLY if possible.
- unifdef -UFAITH4.
- drop rsh/rlogin support.
- deal with negative return value from wait3.
Obtained from: KAME
- realloc pedant.
- set sin6_scope_id before sending (link-local/multicast) packets
- removed an incorrect comment
- don't age non-gateway host routes.
- not remove global addresses on loopback interface from routing table
by route aging.
Obtained from: KAME
a SEMICOLON token (a newline or semicolon, or one of these preceded
by a comment and/or whitespace). The input stream was switched too
early and the parser was expecting a SEMICOLON in the included file
instead of after the filename in the include directive.
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
Kept alive by: Adam C. Migus <adam@migus.org>
ums module, and allow for up to five attempts to open the device, with
two-second pauses in between, to allow time for USB controllers and
devices to probe and attach. My Gigabyte P4 Titan 848P motherboard has
a total of 15 ports on four hubs hanging off four controllers, and needs
at least half of that ten-second allowance to get ready.
MFC after: 7 days
deraadt NOTE: -I needs to take an arg (there's no way we can take no
arg/an arg with a single option)
- sscanf overrun
- no variable name on prototype.
- u_int32_t may not be u_long.
- skipped non-host route when printing neighbor cache entries.
- valid and preferred lifetimes are unsigned.
- wording.
Obtained from: KAME
- be more picky about argument parsing - like ERANGE.
- use u_long for args, not to lose accuracy/prevent overflow.
- socklen_t audit.
- Add -I (use icmp) option.
- warn if multiple addresses are present for dest.
- no need to pass tz.
- type pedant. check -p range.
- grab hlim from sysctl.
- typo in port number setting.
Obtained from: KAME
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
is specified.
- changed the syntax how to define a policy of a ICMPv6 type and/or a
code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none;
- random cleanup in parser.
- use yyfatal, or return -1 after yyerror.
- deal with strdup() failure.
- permit scope notation in policy string (-P
esp/tunnel/foo%scope-bar%scope/use)
- simplify /prefix and [port].
- g/c some unused symbols.
Obtained from: KAME
no matter where in the directory structure it may be. Use this and the "-k"
flag in the generated gdbinit files so that the "getsyms" function in gdb
requires no user intervention to run and will find every module if they're
in the kernel build's module directory. This is still quite useful for
cases where gdb knows that the path for some modules is /boot/kernel and
others are in the object directory for /usr/src/sys/$ARCH/compile/kernel.
Approved by: grog
a partition size on ia64. It's not true.
o Ask for a mountpoint for EFI partitions as well and check that it
isn't "/".
o On ia64 we may need to add EFI partitions. Make sure we pass the
right arguments to Create_Chunk_DWIM() in that case.
