Commit Graph

7876 Commits

Author SHA1 Message Date
Xin LI
1ae1bd497f Use arc4random_buf(). While there, unifdef the code for HAVE_ARC4RANDOM.
MFC after:	2 weeks
2015-08-16 23:23:58 +00:00
Dimitry Andric
dbe90f04b4 In ipfw2, avoid left-shifting negative integers, which is undefined.
While here, make some other arguments to htonl(3) unsigned too.

MFC after:	3 days
2015-08-12 21:07:57 +00:00
Hiren Panchasara
0e02b43a07 Make LAG LACP fast timeout tunable through IOCTL.
Differential Revision:	D3300
Submitted by:		LN Sundararajan <lakshmi.n at msystechnologies>
Reviewed by:		wblock, smh, gnn, hiren, rpokala at panasas
MFC after:		2 weeks
Sponsored by:		Panasas
2015-08-12 20:21:04 +00:00
Christian Brueffer
99d43aee11 Fix a few mandoc warnings.
MFC after:	1 week
2015-08-12 10:34:05 +00:00
Mark Felder
f5846f166c sbin/ipfw fix typo: info -> into
example:

DEPRECATED: inserting data into non-existent table sshguard. (auto-created)

Approved by:	bdrewery
2015-08-10 22:02:01 +00:00
Pawel Jakub Dawidek
445bda3f4f Allow to disable BIO_DELETE passthru in fstab for swap-on-geli devices by
passing 'notrim' option.

PR:		198863
Submitted by:	Matthew D. Fuller fullermd at over-yonder dot net
2015-08-08 09:57:38 +00:00
Pawel Jakub Dawidek
46e3447026 Enable BIO_DELETE passthru in GELI, so TRIM/UNMAP can work as expected when
GELI is used on a SSD or inside virtual machine, so that guest can tell
host that it is no longer using some of the storage.

Enabling BIO_DELETE passthru comes with a small security consequence - an
attacker can tell how much space is being really used on encrypted device and
has less data no analyse then. This is why the -T option can be given to the
init subcommand to turn off this behaviour and -t/T options for the configure
subcommand can be used to adjust this setting later.

PR:		198863
Submitted by:	Matthew D. Fuller fullermd at over-yonder dot net

This commit also includes a fix from Fabian Keil freebsd-listen at
fabiankeil.de for 'configure' on onetime providers which is not strictly
related, but is entangled in the same code, so would cause conflicts if
separated out.
2015-08-08 09:51:38 +00:00
Edward Tomasz Napierala
3bb6078985 Whoops, wrong flag.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2015-08-06 07:49:34 +00:00
Edward Tomasz Napierala
6be30a3001 Tweak mdconfig(8) manual page, in particular revise the EXAMPLES
section.  This removes stuff that doesn't really belong there,
and simplifies examples for the basic operations.

Reviewed by:	wblock@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3198
2015-08-06 07:47:13 +00:00
Xin LI
b07d93f538 Fix a bug which could make routed(8) daemon exit by sending a special RIP
query from a remote machine, similar to SA-14:21.routed.

Submitted by:	hrs
2015-08-05 22:04:56 +00:00
Alexander V. Chernikov
0b501d960c Fix ipfw range deletion.
Spotted by:	ian,julian
2015-08-03 14:31:06 +00:00
George V. Neville-Neil
afd010c196 Add support for keys that include 4 byte SALT values,
including GCM and ICM/CTR modes for AES.

Reviewed by:	jmg
MFC after:	1 week
Sponsored by:	Rubicon Communications (Netgate)
2015-07-31 23:40:18 +00:00
George V. Neville-Neil
2deb37542b Summary: Remove unsupported 3des-deriv encryption algorithm from documentation. 2015-07-31 17:41:53 +00:00
Warner Losh
aa255ef6dd Teach sysctl about the new optional suffix after IK to specify
precision. Update input as well. Add IK to the manual (it was missing
completely).

Differential Revision: https://reviews.freebsd.org/D3181
2015-07-29 02:34:25 +00:00
Edward Tomasz Napierala
ef159a1b45 Add missing SIGUSR1 description.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2015-07-24 18:14:57 +00:00
Conrad Meyer
773e56519d mount_nfs: Be more clear on nmount(2) error with errmsg unset
Differential Revision:	https://reviews.freebsd.org/D3147
Reviewed by:	rmacklem
Approved by:	markj (mentor)
MFC after:	2 weeks
Sponsored by:	EMC / Isilon Storage Division
2015-07-22 22:53:40 +00:00
Jim Harris
628683cb81 nvmecontrol: read controller identify data before any log page operations
MFC after:	3 days
Sponsored by:	Intel
2015-07-22 16:10:29 +00:00
Andrey V. Elsukov
109f7a27c4 lseek() allows an offset to be set beyond the end of file. Using
it to check that partition has enough space to write bootcode doesn't
work. Use the known size of provider instead.

PR:		201504
MFC after:	1 week
2015-07-21 06:18:42 +00:00
George V. Neville-Neil
a413464757 Only report the lack of ALTQ support if pfctl is using verbose (-v) mode.
PR:		194935
Submitted by:	Jim Thompson
MFC after:	2 weeks
2015-07-20 23:24:25 +00:00
Edward Tomasz Napierala
4a2a044965 Document suspend/resume notification in devd.conf(5).
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2015-07-18 12:24:54 +00:00
Edward Tomasz Napierala
cdff99588e Add CARP events description to devd.conf(5).
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2015-07-18 12:17:59 +00:00
Marcelo Araujo
c283159997 Fix contraction spotted by igor(1) and remove 2 .Ed spotted by mandoc(1).
Also, don't capitalize "module" and remove a redundant phrase introduced
in my previous commit.

Differential Revision:	D3112
Reviewed by:		wblock
Sponsored by:		gandi.net
2015-07-18 03:14:49 +00:00
Marcelo Araujo
a8d65cade5 Describe how to load gmultipath at boot time.
Differential Revision:	D3112
Reviewed by:		allanjude, bapt
Sponsored by:		gandi.net
2015-07-17 06:34:46 +00:00
John-Mark Gurney
57198f08d3 fix the docs, the number of frags per inode (NFPI) changed in r228794
to 2 from 4, but the man page didn't get updated...

other minor changes to make igor happy...

MFC after:	3 days
2015-07-15 21:35:09 +00:00
Allan Jude
ce808c7ad8 Add a new option to gpart(8) to fix Lenovo BIOS boot issue
PR:		184910
Reviewed by:	ae, wblock
Approved by:	marcel
MFC after:	3 days
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3065
2015-07-15 02:23:55 +00:00
Christian Brueffer
b29fdbd8ea Cleanup; mostly language with a little bit of mdoc style.
MFC after:	1 week
2015-07-14 14:01:33 +00:00
Christian Brueffer
74a2f2e85c Unbreak ggatec and ggatel on i386 after r238119, which added two more
'struct g_gate_ctl_create' fields.

While the behaviour was technically undefined on other architectures
as well, on the reporter's amd64 systems the uninitialized bytes the
kernel cares about were always zero so everything worked as expected.

PR:		197309, 199559
Submitted by:	ota@j.email.ne.jp, Fabian Keil
Reviewed by:	pjd
MFC after:	1 week
2015-07-14 10:49:36 +00:00
Christian Brueffer
b4a355e2f3 If ggated's exports_find() fails, the connection is removed before
(trying to) report the problem to the client.

sendfail() is called with an already closed socket and thus it
fails to inform the client about the problem.

Fix this by calling sendfail() before connection_remove().

PR:		195944
Submitted by:	Fabian Keil
Reviewed by:	pjd
MFC after:	1 week
2015-07-14 09:25:10 +00:00
Rick Macklem
c088e62e34 Since the case where secflavor < 0 indicates the security flavor is
to be negotiated, it could be a Kerberized mount. As such, filling
in the "principal" argument using the canonized host name makes sense.
If it is negotiated as AUTH_SYS, the "principal" argument is meaningless
but harmless.

Requested by:	masato@itc.naist.jp
Tested by:	masato@itc.naist.jp
PR:		201073
MFC after:	1 month
2015-07-07 23:41:25 +00:00
Marcelo Araujo
a6c4189636 Remove unused variable flags reported by clang. The function zygote_clone()
always receive the flags with value 0 and this flags is never checked on
zygote_main().

Differential Revision:	D2689
Reviewed by:		rodrigc, oshogbo
2015-07-04 17:38:56 +00:00
George V. Neville-Neil
7c160e33d7 Update the date on the manual page.
Noticed by: bz
2015-07-03 20:42:31 +00:00
George V. Neville-Neil
987de84445 New AES modes for IPSec, user space components.
Update setkey and libipsec to understand aes-gcm-16 as an
encryption method.

A partial commit of the work in review D2936.

Submitted by:	eri
Reviewed by:	jmg
MFC after:	2 weeks
Sponsored by:	Rubicon Communications (Netgate)
2015-07-03 20:09:14 +00:00
Mariusz Zaborski
c36e54bb32 Let the nv.h and dnv.h includes be only in sys directory.
Change consumers to include those files from sys.
Add duplicated files to ObsoleteFiles.

Approved by:	pjd (mentor)
2015-07-02 21:58:10 +00:00
Christian Brueffer
fa6e0e5334 Add -b to the devlist usage info, forgotten in r260059.
PR:		195094
Submitted by:	robin.hahling@gw-computing.net
MFC after:	1 week
2015-07-02 13:57:26 +00:00
Christian Brueffer
faf2d8305c Fix an obviously wrong boolean operator.
PR:		200983
Submitted by:	David Bindeman
MFC after:	1 week
2015-07-02 12:14:48 +00:00
Pawel Jakub Dawidek
edaa9008ff Allow to omit keyfile number for the first keyfile. 2015-07-02 10:55:32 +00:00
George V. Neville-Neil
54bf2ef806 Fix support for the null encryption algorithm which now requires
a key.

Sponsored by: Rubicon Communications (Netgate)
2015-06-25 18:38:58 +00:00
Ermal Luçi
a5b789f65a ALTQ FAIRQ discipline import from DragonFLY
Differential Revision:  https://reviews.freebsd.org/D2847
Reviewed by:    glebius, wblock(manpage)
Approved by:    gnn(mentor)
Obtained from:  pfSense
Sponsored by:   Netgate
2015-06-24 19:16:41 +00:00
Rick Macklem
1e68ee21e0 Document that a forced dismount of an NFSv3 mount when the
NLM (rpc.lockd) is running can crash the system.
Unfortunately this is not easy to fix, but I have left
PR#200585 open.

PR:		200585
MFC after:	3 days
2015-06-17 23:24:46 +00:00
Simon J. Gerraty
2ef6d5a7b9 new depends 2015-06-16 23:37:19 +00:00
Baptiste Daroussin
18b2ee82db Revert r284417 it is not necessary anymore 2015-06-15 19:28:07 +00:00
Baptiste Daroussin
4232f82668 Enforce overwritting SHLIBDIR
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.

This makes /lib being populated again.

Reported by:	many
2015-06-15 15:34:20 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Christian Brueffer
0031bf7501 Add a missing word, should have been in r284290.
Submitted by:	Fabian Keil
2015-06-12 15:03:59 +00:00
Christian Brueffer
7ff1ea8bdd Improve grammar.
PR:		200673
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
2015-06-11 23:05:49 +00:00
Christian Brueffer
c06d629a24 Consistently use trailing whitespace in passphrase prompts.
PR:		193496
Submitted by:	Fabian Keil
MFC after:	1 week
2015-06-11 00:24:33 +00:00
Simon J. Gerraty
8bbb3bbab5 Revert unneeded change 2015-06-10 13:57:11 +00:00
Kenneth D. Merry
5672fac935 Add support for reading MAM attributes to camcontrol(8) and libcam(3).
MAM is Medium Auxiliary Memory and is most commonly found as flash
chips on tapes.

This includes support for reading attributes and decoding most
known attributes, but does not yet include support for writing
attributes or reporting attributes in XML format.

libsbuf/Makefile:
	Add subr_prf.c for the new sbuf_hexdump() function.  This
	function is essentially the same function.

libsbuf/Symbol.map:
	Add a new shared library minor version, and include the
	sbuf_hexdump() function.

libsbuf/Version.def:
	Add version 1.4 of the libsbuf library.

libutil/hexdump.3:
	Document sbuf_hexdump() alongside hexdump(3), since it is
	essentially the same function.

camcontrol/Makefile:
	Add attrib.c.

camcontrol/attrib.c:
	Implementation of READ ATTRIBUTE support for camcontrol(8).

camcontrol/camcontrol.8:
	Document the new 'camcontrol attrib' subcommand.

camcontrol/camcontrol.c:
	Add the new 'camcontrol attrib' subcommand.

camcontrol/camcontrol.h:
	Add a function prototype for scsiattrib().

share/man/man9/sbuf.9:
	Document the existence of sbuf_hexdump() and point users to
	the hexdump(3) man page for more details.

sys/cam/scsi/scsi_all.c:
	Add a table of known attributes, text descriptions and
	handler functions.

	Add a new scsi_attrib_sbuf() function along with a number
	of other related functions that help decode attributes.

	scsi_attrib_ascii_sbuf() decodes ASCII format attributes.

	scsi_attrib_int_sbuf() decodes binary format attributes, and
	will pass them off to scsi_attrib_hexdump_sbuf() if they're
	bigger than 8 bytes.

	scsi_attrib_vendser_sbuf() decodes the vendor and drive
	serial number attribute.

	scsi_attrib_volcoh_sbuf() decodes the Volume Coherency
	Information attribute that LTFS writes out.

sys/cam/scsi/scsi_all.h:
	Add a number of attribute-related structure definitions and
	other defines.

	Add function prototypes for all of the functions added in
	scsi_all.c.

sys/kern/subr_prf.c:
	Add a new function, sbuf_hexdump().  This is the same as
	the existing hexdump(9) function, except that it puts the
	result in an sbuf.

	This also changes subr_prf.c so that it can be compiled in
	userland for includsion in libsbuf.

	We should work to change this so that the kernel hexdump
	implementation is a wrapper around sbuf_hexdump() with a
	statically allocated sbuf with a drain.  That will require
	a drain function that goes to the kernel printf() buffer
	that can take a non-NUL terminated string as input.
	That is because an sbuf isn't NUL-terminated until it is
	finished, and we don't want to finish it while we're still
	using it.

	We should also work to consolidate the userland hexdump and
	kernel hexdump implemenatations, which are currently
	separate.  This would also mean making applications that
	currently link in libutil link in libsbuf.

sys/sys/sbuf.h:
	Add the prototype for sbuf_hexdump(), and add another copy
	of the hexdump flag values if they aren't already defined.

	Ideally the flags should be defined in one place but the
	implemenation makes it difficult to do properly.  (See
	above.)

Sponsored by:	Spectra Logic Corporation
MFC after:	1 week
2015-06-09 21:39:38 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Baptiste Daroussin
d5ce1c7713 Remove useless WARNS 2015-06-06 13:49:54 +00:00