for the disklabel: This facility is OBE.
First of all, we cannot sensibly implement this in a properly stacked
environment.
Second, if we did, it would confuse the heck out of users who
wouldn't be able to "start from scratch" by dd(8)'ing /dev/zero
onto /dev/da0.
Third, the offered protection is not comprehensive: no other software
would respect it.
Fourth and finally, the disklabel is already protected against
tampering if it controls open partitions.
Uselessness of these options discussed with: peter
answer for the euid. As a result, fix it such that setuid scripts or
programs may call route(8) to do work on their behalf.
Reviewed by: ru
MFC after: 3 days
Submitted by: bde
Do not constantify maximum payload size. It is 65467 with -R
(record route), and 65507 without it.
Reviewed by: silence on -net
Proposed by: bde
I am going to MFC rev.1.77 - 1.81 ping.c and rev.1.39 and 1.40 ping.8:
MFC after: 6 months
to create it. A small number of options are not marshalled as they are things
it would be dumb to spit out, as they are used by internal computations, and
newfs may change them, or they may not be directly apparent.
the three configuration ioctls which need a unit number.
Add a "ccd.ctl" device for config operations.
Implement ioctls on ccd.ctl which rely on the explicityly passed
unit numbers.
Update ccdconfig to use the new ccd.ctl interface.
Add code to the kernel to detect old ccdconfig binaries, and whine
about it.
Add code to ccdconfig to detect old kernels, and whine about it.
These two compatibility measures will be retained only for a limited
period since they are in the way of GEOM'ification of ccd.
the configuration of any other disk-like devices.
This is the non-DEVFS part which is normally not used in 5.x, but due
for MFC into 4.x.
PR: bin/28294, bin/32588
MFC after: 1 week
called -r but it takes 512 byte blocks instead of megabytes, and I felt a
megabytes specification would be far more useful so I did not use the same
option character.
This will *greatly* improve dump performance at the cost of possibly
missing filesystem changes that occur between passes, and does a fairly
good job making up for the loss of buffered block devices. Caching is disabled
by default to retain historical behavior.
In tests, dump performance improved by about 40% when dumping / or /usr.
Beware that dump forks and the cache may wind up being larger then you
specify, but a more complex shared memory implementation would not produce
results that are all that much better so I kept it simple for now.
MFC after: 3 days
default-to-deny firewall. Simply turning off IPFW via a preexisting
sysctl does the job. To make it more apparent (since nobody picked up
on this in a week's worth of flames), the boolean sysctl's have been
integrated into the /sbin/ipfw command set in an obvious and straightforward
manner. For example, you can now do 'ipfw disable firewall' or
'ipfw enable firewall'. This is far easier to remember then the
net.inet.ip.fw.enable sysctl.
Reviewed by: imp
MFC after: 3 days
#include <strings.h>
...
foo = (char *)strdup(...);
To:
#include <string.h>
foo = strdup(...);
because the former segfaults on an ia64 since there is no prototype
for strdup() in strings.h. Converting an "int" to a pointer is fatal.
o Expand variables correctly.
o Set variables for each event.
o rewrite event loop to execute the commands in the config file, rather
than the hard wired generic command
o better(?) debug when running -d
o sort vectors of actions so that we just have to search for the first
one to match rather than the best one that matches.
o better attempts to clear all resources used on 'restart'
o Remove now bogus comments
MFC After: 1 centiyear
swapctl functionality. The idea is to create a swapctl command that is
fairly close to the OpenBSD and NetBSD version. FreeBSD does not implement
swap priority (and it would be a mistake if we did) so we didn't bother with
that part of it.
Submitted by: Eirik Nygaard <eirikn@bluezone.no>
Augmented by: dillon (extensively)
Reviewed by: David Schultz <dschultz@uclink.Berkeley.EDU>
after -p except for the last (the ruleset file to process) to the
preprocessor for interpretation. This allows command-line options besides
-U and -D to be passed to cpp(1) and m4(1) as well as making it easier to
use other preprocessors.
Sponsored By: NTT Multimedia Communications Labs
MFC after: 1 week
Make sure sector zero is protected if it contains metadata.
Lower WARNS for gbde to 3 on non-i386 archs. rijndael-fst is evil
but appearntly does the right thing and passes the test-vectors.
MFC Candidate.
for request sizes larger than the sectorsize or for multi-key setups.
See warning mailed to current@ for details of recovery.
Found by: Marcus Reid <marcus@blazingdot.com>
bandwidth for other processes. Since the sleeping is done from
userland, this avoids the locking issues that affected the kernel
version.
The algorithm used here is to measure a moving average of the times
taken by a sample of read operations and then delay 1 in 8 reads
by 16 times the measured average. This should correspond to a factor
of 3 slowdown, but in practice the factor is larger (3.5 to 4) due
to hz rounding effects.
Reviewed by: mckusick
Approved by: re
o improve parsing and lexing
o create data structures based on the parsed file now.
o Still need to rewrite main loop and add regex (still uses hard coded
devd-generic)
o minor man page updates.
# There should be one more commit before rc2
Approved by: re (blanket)
live filesystem. To obtain a consistent dump image, dump takes
a snapshot of the filesystem and then does a dump of the snapshot.
The snapshot is removed when the dump is complete.
Also add an operator warning that the `L' option should be used
if dump is run on a live filesystem without the `L' option being
specified. The alternative would be to silently use a snapshot
any time that a live filesystem is dumped, but this change in
dump semantics seemed too drastic at this time.
Sponsored by: DARPA & NAI Labs.
Approved by: re
only preallocates a small number of inodes. The dump program tries
to scan through all the allocated inodes on a filesystem which
causes bad behavior if they have never been allocated. Thus dump
must calculate the set of inodes that have actually been allocated
and scan only those inodes.
Sponsored by: DARPA & NAI Labs.
other partitiosns. This is necessary when migrating conventional
partitions to Vinum and was broken by recent more stringent overlap
checks. This is arguably the wrong way to do it. A better method
would be to have the loader understand a subset of Vinum partitioning
and allow an install directly to Vinum, but until then, this is the
best we have.
Reviewed by: jhb
Approved by: re (rwatson)
so that fsck does not complain with `SUMMARY BLK COUNT(S) WRONG IN
SUPERBLK' the first time it is run on a new filesystem.
Reported by: Poul-Henning Kamp <phk@freebsd.org>
Sponsored by: DARPA & NAI Labs.
trying to use them. Set a minimum value for numdirs when using an
alternate superblock to avoid spurious numdirs == 0 error. Calculate
new fields when using an alternate superblock from a UFS1 filesystem
to avoid segment faulting.
Sponsored by: DARPA & NAI Labs.
a PMBR. Make sure the create command creates a PMBR as well
(if not already present).
o When parsing the MBR, explicitly check for a PMBR and create
a PMBR map node if one is found.
o When parsing the MBR, recurse to handle extended partitions.
This allows us to flatten nested MBRs when migrating to a
GPT.
o Have the migrate command bail out if it encounters a partition
it doesn't know how to migrate. This avoids data loss.
o Change the output of the show command so that the UUIDs of the
GPT partitions fit on the same line.
o Show when partitions are extended partitions and add the PMBR
type.
Approved by: re (blanket)
of an argument name collision with -O, use -v, and default to whatever
the newfs default is for the platform (generally, UFS1). This is
required to support diskless workstations that use UFS2 for their
mdmfs file systems.
Reviewed by: dd, bmah
Approved by: re (bmah)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
UUIDs can then be limited to those cases when an alias doesn't exist.
This greatly increases the likelyhood that a sysadmin finishes the
partitioning without intermittent mental breakdowns. Current aliases
are "efi", "swap" and "ufs".
While here, staticize global variables and expand the usage message.
Approved by: re (blanket)
that the kernel will refuse to mount. Specifically it now enforces
the MAXBSIZE blocksize limit. This update also fixes a problem where
newfs could segment fault if the selected fragment size was too large.
PR: bin/30959
Submitted by: Ceri Davies <setantae@submonkey.net>
Sponsored by: DARPA & NAI Labs.
the old 8-bit fs_old_flags to the new location the first time that the
filesystem is mounted by a new kernel. One of the unused flags in
fs_old_flags is used to indicate that the flags have been moved.
Leave the fs_old_flags word intact so that it will work properly if
used on an old kernel.
Change the fs_sblockloc superblock location field to be in units
of bytes instead of in units of filesystem fragments. The old units
did not work properly when the fragment size exceeeded the superblock
size (8192). Update old fs_sblockloc values at the same time that
the flags are moved.
Suggested by: BOUWSMA Barry <freebsd-misuser@netscum.dyndns.dk>
Sponsored by: DARPA & NAI Labs.
prob 0.5 pipe NN ....
due to the generation of an invalid ipfw instruction sequence.
No ABI change, but you need to upgrade /sbin/ipfw to generate the
correct code.
Approved by: re
to net.inet.ip.fw.one_pass.
Add to notes to explain the exact behaviour of "prob xxx" and "log"
options.
Virtually approved by: re (mentioned in rev.1.19 of ip_fw2.c)
It seems a common corruption to have them -ve (I've seen it several times)
and if fsck doesn't fix it, it leads to a kernel pagefault.
Reviewd by: kirk
Submitted by: Eric Jacobs <eaja@erols.com> and me independently.
MFC in: 2 days
PR: bin/40967
Approved by: re
the error "quotacheck: bad inode number 1 to nextinode".
Sponsored by: DARPA & NAI Labs.
Reported-by: Franky <franky@jasna.tarnow.pl> and Matthew Kolb <muk@msu.edu>
take unsigned values.
his allows one to label disk with the number of blocks > 31 bits
(though less then 32 bits)
e.g.
# size offset fstype [fsize bsize bps/cpg]
c: 3125755904 0 unused 0 0 # (Cyl. 0 - 194569*)
d: 3125755840 64 unused 0 0 # (Cyl. 0*- 194569*)
which is needd to test UFS2
<sys/gpt.h>. This avoids having to include both <sys/uuid.h> and
<uuid.h>, which is considered by your friendly committer to be
aestheticly displeasing (= ballyhoo barf barf :-)
Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.
Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.
This code has still not been stared at for 10 years by a gang of
hard-core cryptographers. Discretion advised.
NB: These changes result in the on-disk format changing: dump/restore needed.
Sponsored by: DARPA & NAI Labs.
getdiskinfo(). For the fixed-disk case, bpb->hid probably isn't
handled correctly, but I'm not sure if this is a serious problem since
the primary use of this program is to format floppy disks.
Reviewed by: phk
o Use DCE compliant UUID functions and provide local
implementations if they don't exist,
o Move dumping of the map to show.c and print the
partition type,
o Some cleanups and rearrangements.
The default GPT partition type is UFS. When no starting block
or size are specified, the tool will create a partition in the
first free space it find (or that fits, depending on the size).
code is directly copied from migrate.c. The intend is to express
migrate in terms of create and add. The functionality to add
partitions is not yet there.
Quoting luigi:
In order to make the userland code fully 64-bit clean it may
be necessary to commit other changes that may or may not cause
a minor change in the ABI.
Reviewed by: luigi
regarding 802.1 MAC and Mandatory Access Control (MAC). Some
potential for confusion remains further in other areas of the
system regarding Message Authentication Codes (MAC).
Requested by: wollman
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
interfaces using the 'mac' argument. Without MAC support in the
kernel, this does not change the behavior of ifconfig.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
result of an incomplete migration. An incomplete migration is
one where the MBR is not turned into a PMBR after creating the
GPT. This early in the game it's more convenient to allow the
inconsistency, because that avoids that we have to destroy the
MBR partitioning for now.
arbitrary commands when devices come and go in the device tree (which is
different than the /dev directory).
This is an initial version. Much of the planned power isn't here.
Instead of doing the full matching, we always run /etc/devd-generic.
/etc/devd.generic will go away at some point, I think.
I'm committing it in this early state so I can start getting feedback
from early adapters.
Approved by: re
o Fix some punctuation and wording
o Wording consistency in command-line option documentation
o Make use of mdoc's markup a bit more (quoting and the like)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
command, permitting it to set FS_ACLS and FS_MULTILABEL administrative
flags on UFS file systems.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
when using '-p' with reboot, and the power down action failds, reboot
the system normally. The behaviour of 'halt -p' and of shutdown(8) is
unchanged.
Approved by: roberto
'-p' is used on the reboot(8) command line.
This is intended for use when you want to attempt a power down
action, but you want the system to reboot (not halt) if the
power down action fails.
This is typically useful when the power-off action performed by
the kernel consists in signalling an uninterrupted power supply
that it should shut down its inverter if mains power has not returned.
The behaviour of shutdown(8) and init(8) is not modified;
only the behaviour of invoking 'reboot -p' manually is
modified, and then only in the case when a power-down action
fails.
Sounded reasonable to: phk
Approved by: roberto (mentor)
