Commit Graph

8865 Commits

Author SHA1 Message Date
Eugene Grosbein
a9dea3d2ba mount_msdosfs: do not fail mounts requiring locale name conversion table
that is already present in a kernel statically.

For example, the command "mount_msdosfs -L ru_RU.KOI8-R" fails with error
"mount_msdosfs: msdosfs_iconv: File exists" for a kernel having
options LIBICONV and MSDOSFS_ICONV. After this change, it mounts successfully.

MFC after:		1 month
Differential Revision:	https://reviews.freebsd.org/D16951
2018-10-27 16:41:34 +00:00
Eugene Grosbein
2814116849 route(8): correctly return exit status when "-q" flag is used.
Previously, route returned 1 in case of error  properly signalling failure
but "route -q" it returned 0 for same case. Fix it.

PR:		186333
MFC after:	1 month
2018-10-27 07:59:19 +00:00
Conrad Meyer
0fb8835bcf dumpon.8: Significantly revamp page
Start with a short summary and cover the options in a standard list style.

Organize sections by common focus and prioritize more useful information
closer to the top.

Flesh out authors, history, caveats, and security considerations sections.

Reviewed by:	markj, eadler (previous version)
Differential Revision:	https://reviews.freebsd.org/D17679
2018-10-26 20:03:59 +00:00
Conrad Meyer
f27d255c59 dumpon(8): Provide seatbelt against weak RSA keys
The premise of dumpon -k foo.pem is that dump contents will be confidential
except to anyone holding the corresponding RSA private key.

This guarantee breaks down when weak RSA keys are used.  Small RSA keys
(e.g. 512 bits) can be broken on a single personal computer in tractible
time.  Marginal RSA keys (768 bits) can be broken by EC2 and a few dollars.
Even 1024 bit keys can probably be broken by sophisticated and wealthy
attackers.

NIST SP800-57 (2016) recommends a minimum of 2048 bit RSA keys, and
estimates this provides 112 bits of security.

It would also be good to protect users from weak values of 'e' (i.e., 3) and
perhaps sanity check that their public key .pem does not accidentally
contain their private key as well.  These considerations are left as future
work.

Reviewed by:	markj, darius AT dons.net.au (previous version)
Discussed with:	bjk
Differential Revision:	https://reviews.freebsd.org/D17678
2018-10-26 19:53:59 +00:00
Andrey V. Elsukov
427dc1f755 Use correct format specificator to print setdscp action.
PR:		232642
MFC after:	3 days
2018-10-25 18:06:23 +00:00
Rodney W. Grimes
554e6a7563 Allow fdisk(8) to deal with sectors larger than 2048
especially for 4Kn drives with PMBR's

Approved by:    bde (mentor)
MFC:            3 days
2018-10-25 12:13:13 +00:00
Kirk McKusick
ec888383cf Continuing efforts to provide hardening of FFS, this change adds a
check hash to the superblock. If a check hash fails when an attempt
is made to mount a filesystem, the mount fails with EINVAL (Invalid
argument). This avoids a class of filesystem panics related to
corrupted superblocks. The hash is done using crc32c.

Check hases are added only to UFS2 and not to UFS1 as UFS1 is primarily
used in embedded systems with small memories and low-powered processors
which need as light-weight a filesystem as possible.

Reviewed by:  kib
Tested by:    Peter Holm
Sponsored by: Netflix
2018-10-23 21:10:06 +00:00
Kristof Provost
db2380870c pf tests: Fix incorrect test for PR 231323
Fix r339466.  The test result file did not list the rdr rule.
Additionally, the route-to rule needs a redirection address.

X-MFC-with:	339466
2018-10-22 23:33:48 +00:00
Kristof Provost
4a8e4793ed pfctl: Fix line numbers when \ is used inside ""
PR:		201520
Obtained from:	OpenBSD
MFC after:	2 weeks
2018-10-22 04:12:51 +00:00
Andrey V. Elsukov
aa2715612c Retire IPFIREWALL_NAT64_DIRECT_OUTPUT kernel option. And add ability
to switch the output method in run-time. Also document some sysctl
variables that can by changed for NAT64 module.

NAT64 had compile time option IPFIREWALL_NAT64_DIRECT_OUTPUT to use
if_output directly from nat64 module. By default is used netisr based
output method. Now both methods can be used, but they require different
handling by rules.

Obtained from:	Yandex LLC
MFC after:	3 weeks
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D16647
2018-10-21 16:29:12 +00:00
Andrey V. Elsukov
094d6f8d75 Add IPFW_RULE_JUSTOPTS flag, that is used by ipfw(8) to mark rule,
that was added using "new rule format". And then, when the kernel
returns rule with this flag, ipfw(8) can correctly show it.

Reported by:	lev
MFC after:	3 weeks
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D17373
2018-10-21 15:10:59 +00:00
Andrey V. Elsukov
edcc075398 Fix grammar.
Reported by:	yuripv
MFC after:	3 weeks
2018-10-21 14:48:40 +00:00
Andrey V. Elsukov
5c88595e07 Do not allow use create keyword as hostname when ifconfig(8) is invoked
for already existing interface.

It appeared, that ifconfig(8) assumes `create` keyword as hostname and
tries to resolve it, when `ifconfig ifname create` invoked for already
existing interface. This can produce some unexpected results, when hostname
resolving has successfully happened. This patch adds check for such case.
When an interface is already exists, and create is only one argument,
return error message. But when there are some other arguments, just remove
create keyword from the arguments list.

Obtained from:	Yandex LLC
MFC after:	3 weeks
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D17171
2018-10-21 14:40:45 +00:00
Conrad Meyer
594fb8f519 mdmfs(8): Check for other types of helper-program failure
Exiting with a signal should not be treated the same as successful exit with
zero status.

Return signal exit information to the callers via negative integers, to
enable distinction from normal exit statuses.  (All consumers that check for
errors don't care what the exact non-zero exit value is -- in such a case
they print a diagnostic message and either continue or bail.)

Additionally, check for unexpected sources of waitpid() wakeup and bail if
we encounter them.

Reported by:	lev@
Reviewed by:	kib, lev, markj (earlier version)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D17035
2018-10-20 21:33:00 +00:00
Warner Losh
102cb8b907 Fix typo
The vendor name wds should have been wdc. Add wdc and keep the wds for
script compat.

MFC after: 3 days
2018-10-20 21:13:57 +00:00
Kristof Provost
63488b6e4e pfctl tests: Basic test case for PR 231323
PR:		231323
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D17508
2018-10-20 18:18:28 +00:00
Kristof Provost
a2a90d6ee5 pfctl: Dup strings
When we set the ifname we have to copy the string, rather than just keep
the pointer.

PR:		231323
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D17507
2018-10-20 18:11:46 +00:00
Bjoern A. Zeeb
69b468b9ed Fix spelling of an error message and add warning to another error
case in tunefs(8).

Reviewed by:		imp (2017 version of the same diff)
Approved by:		re (gjb)
Differential Revision:	https://reviews.freebsd.org/D10046
2018-10-17 16:54:13 +00:00
Bjoern A. Zeeb
0696600c41 Move the rc framework out of sbin/init into libexec/rc.
The reasons for this are forward looking to pkgbase:
 * /sbin/init is a special binary; try not to replace it with
   every package update because an rc script was touched.
   (a follow-up commit will make init its own package)
 * having rc in its own place will allow more easy replacement
   of the rc framework with alternatives, such as openrc.

Discussed with:		brd (during BSDCam), kmoore
Requested by:		cem, bz
PR:			231522
Approved by:		re (gjb)
2018-10-17 16:49:11 +00:00
Glen Barber
fc3f42d80f MFH r339206-r339212, r339215-r339239
Sponsored by:	The FreeBSD Foundation
2018-10-08 18:06:40 +00:00
Danilo G. Baio
877a050958 Fix information about $firewall_myservices
After r273201 it is supported "/{udp,tcp,proto}" suffix into
$firewall_myservices, and in the rc.conf the information is outdated.

Reviewed by:	bcr, rgrimes
Approved by:	re (gjb), doc (bcr), src (rgrimes)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D17338
2018-10-05 20:35:43 +00:00
Glen Barber
01d4e2149e MFH r338661 through r339200.
Sponsored by:	The FreeBSD Foundation
2018-10-05 17:53:47 +00:00
Kirk McKusick
7462fc7f56 Add missing newline in pwarn message.
Reported by: Mark Millard <marklmi@yahoo.com>
Approved by: re (kib)
2018-10-02 13:45:25 +00:00
John Baldwin
fe35316fed Run 32-bit compat ldconfig on mips64.
mips64 supports COMPAT_FREEBSD32 (for o32 binaries), so run the 32-bit
compat ldconfig on it as well.

Reported by:	brooks
Reviewed by:	brooks, kib
Approved by:	re (gjb)
Differential Revision:	https://reviews.freebsd.org/D17342
2018-09-28 17:01:43 +00:00
Guangyuan Yang
c049e7c448 Add description, parameters, options, sysctl and examples of using AQMs to ipfw man page. CoDel, PIE, FQ-CoDel and FQ-PIE AQM for Dummynet exist in FreeBSD 11 and 10.3.
Submitted by:	ralsaadi@swin.edu.au
Reviewed by:	AllanJude
Approved by:	re (gjb)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D12507
2018-09-27 18:14:01 +00:00
Konstantin Belousov
dcf55de22a Remove -m (update) from ldconfig -32 & -soft invocation on startup.
Since r154114 which introduced ldconfig_local32_dirs, ldconfig -32 was
called with -m. This means that ld-elf32.so.hints paths set is not
cleared for compat32 on boot, unlike ld,so,hints.  Same -m was used in
r294295 for ld-elf-soft.so.hints on arm.  The patch fixes the
asymmetry.

Noted by:	Andreas Longwitz <longwitz@incore.de>
Reviewed by:	brooks, emaste, imp
Discussed with:	bdrewery
Sponsored by:	The FreeBSD Foundation
Approved by:	re (gjb)
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D17331
2018-09-27 14:31:41 +00:00
Andrey V. Elsukov
c5bf4b1bc6 Add "src-ip" or "dst-ip" keyword to the output, when we are printing the
rest of rule options.

Reported by:	lev
Approved by:	re (gjb)
MFC after:	1 week
2018-09-26 15:37:48 +00:00
Mateusz Piotrowski
8251b8b87e sysctl(8): Add a standard exit status section.
Reviewed by:	bcr
Approved by:	re (gjb), krion (mentor)
Differential Revision:	https://reviews.freebsd.org/D17147
2018-09-24 20:46:45 +00:00
Andrey V. Elsukov
068273571b Update ifr_name before invoking IPSECSREQID ioctl, this fixes the case,
when `ifconfig ipsec create reqid N` command invoked without interface
unit number. The "name" global variable is updated after interface
cloning in the ifclonecreate() and contains actual interface name.

Reported by:	lev
Approved by:	re (kib)
MFC after:	1 week
2018-09-22 16:30:48 +00:00
Warner Losh
6577e8c44b We don't need shell protection for when we're expanding matches.
Don't add it. This should fix when we do regepx matches against
variables we've set and fix wifi bring up.

PR: 231441
Approved by: re@ (kib)
Differential Revision: https://reviews.freebsd.org/D17267
2018-09-22 15:32:53 +00:00
Jung-uk Kim
3548eb3aab Make decryptcore(8) buildable. 2018-09-19 07:07:03 +00:00
Brad Davis
a0bc3b5965 Move disktab to sbin/bsdlabel/
This leverages CONFS to handle the install.

Approved by:	re (blanket, pkgbase), will (mentor)
Differential Revision:	https://reviews.freebsd.org/D17217
2018-09-18 20:52:24 +00:00
Brad Davis
62e23a4781 Move dhclient.conf to sbin/dhclient/.
This also leverages CONFS for handling config files.

Approved by:	re (gjb), will (mentor)
Differential Revision:	https://reviews.freebsd.org/D17160
2018-09-18 00:11:45 +00:00
Brad Davis
9f1e4c08ce Remove dhclient.conf from here in prep for the move of it from etc/.
This is being done a separate step to ease importing into other VCSes.

Approved by:	re (gjb), will (mentor)
Differential Revision:	https://reviews.freebsd.org/D17160
2018-09-18 00:10:29 +00:00
Eric van Gyzen
6760585add Fix "fasthalt" to halt instead of reboot
fasthalt has behaved like reboot, instead of like halt, since r228408
(2011, 10.0-RELEASE).  Fix it.  One wonders if anyone will notice.

Approved by:	re (kib)
MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2018-09-14 18:12:30 +00:00
Edward Tomasz Napierala
6a02738229 Add the "-t" option to geom(8) utility, to display geoms hierarchy.
Sample output:

% geom -t
Geom             Class      Provider
da0              DISK       da0
  da0            PART       da0s1
    da0s1        PART       da0s1a
      ffs.da0s1a VFS
      da0s1a     DEV
    da0s1        DEV
  da0            DEV
da1              DISK       da1
  swap           SWAP
  da1            DEV
cd0              DISK       cd0
  cd0            DEV

Reviewed by:	oshogbo
Approved by:	re (kib)
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D17151
2018-09-14 15:29:45 +00:00
Edward Tomasz Napierala
0f73f7016b Add new option to the geom(8) utility, "-p". It makes it easy to look up
the GEOM class instance from the provider name.

Reviewed by:	oshogbo, 0mp
Approved by:	re (kib)
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D17116
2018-09-13 14:06:01 +00:00
Mateusz Guzik
9696ba7fc0 umount: remove sync(2) call when used with -f
It completely unnecessarily iterates over all filesystems and happens
to be executed a lot e.g. by synth.

Reviewed by:	kib
Approved by:	re (gjb)
Differential Revision:	https://reviews.freebsd.org/D17143
2018-09-13 13:57:42 +00:00
Edward Tomasz Napierala
112adef8ca Minor usability improvements to geom(8).
Approved by:	re (kib)
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2018-09-11 16:46:28 +00:00
Ed Maste
2c208ed867 Allow dhclient and ping to build WITHOUT_DYNAMICROOT
dhclient and ping normally use libcasper services.  These are not
available in statically-linked binaries, so when WITHOUT_DYNAMICROOT is
set disable libcasper use, as with rescue builds.  Also emit a warning
as it's undesirable to build this way.

Reported by:	Michael Dexter
Reviewed by:	rgrimes
Tested by:	Michael Dexter
Approved by:	re (kib)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17074
2018-09-09 17:26:44 +00:00
Konstantin Belousov
7404ab5ba9 Improve handling of the EFI map types[] array.
Use nitems(), do not assume EFI_MD_TYPE_ contiguous allocation, in
particular, switch to use designated array initializers.

Reviewed by:	jhb (previous version)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	re (gjb)
2018-09-08 18:57:05 +00:00
Konstantin Belousov
d4bdf8ed9a Teach sysctl(8) about the Persistent memory type.
Add PersistentMemory to the list of sysctl's known memory types
when decoding an EFI memory map.

Submitted by:	D Scott Phillips <d.scott.phillips@intel.com>
MFC after:	1 week
Approved by:	re (rgrimes)
2018-09-07 15:09:56 +00:00
Konstantin Belousov
e1372c0e6d Trim whitespace.
Approved by:	re (gjb)
2018-09-07 14:37:44 +00:00
Brad Davis
966f2a6f27 Move etc/ttys to sbin/init/.
And simplify this a little by flattening the directory structure.

Approved by:	re (gjb), will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16955
2018-09-04 15:48:13 +00:00
Warner Losh
4a82f36851 Add in a missing newline
In the conversion, the newline got stripped. It worked fine when there
was only one module, but not when there are many. Add back the missing
newline.

Approved by: re@ (kib)
PR: 230868
Differential Revision: https://reviews.freebsd.org/D16895
2018-08-25 15:47:52 +00:00
Kyle Evans
8369ba427a libbe(3)/bectl(8): Make consistent with beadm
vermaden (maintainer of beadm) points out the following inconsistencies:
- "missing command" is not printed prior to usage if the error is simply a
   missing command; this should be obvious from the context
- "bectl rename" isn't using the "don't unmount" flag (zfs rename -u), so
   the active BE can't be renamed. It doesn't make sense in our context to
   *not* use -u, so use it.

Documentation updates reflect the above and note an inconsistency with the
'destroy' command that is consistent with other parts of the base system.

A fix for libbe(3) not properly being installed to /lib is included.
SHLIBDIR should have been added when it was moved in r337995.

Approved by:	re (kib)
2018-08-24 20:44:58 +00:00
Alex Richardson
4635180ea7 Allow bootstrapping md5 on Linux, MacOS and FreeBSD < 12
In order to build on a Linux host we need to bootstrap md5 since the Linux
md5sum command produces output in a different format.

Reviewed By:	emaste
Approved By:	brooks (mentor)
Differential Revision: https://reviews.freebsd.org/D16846
2018-08-23 18:19:01 +00:00
Patrick Kelsey
ef9afde438 Fix warning about crossing INT32_MAX boundary in computation of constant value. 2018-08-23 17:41:39 +00:00
Patrick Kelsey
ff7b3f731a Extend tbrsize heuristic in pfctl(8) to provide a sensible value for
higher bandwidth interfaces.  The new value is used above 2.5 Gbps,
which is the highest standard rate that could be used prior to
r338209, so the default behavior for all existing systems should
remain the same.

The value of 128 chosen is a balance between being big enough to
reduce potential precision/quantization effects stemming from frequent
bucket refills over small time intervals and being small enough to
prevent a greedy driver from burst dequeuing more packets than it has
available hardware ring slots for whenever altq transitions from idle
to backlogged.

Reviewed by:	jmallett, kp
MFC after:	2 weeks
Sponsored by:	RG Nets
Differential Revision: https://reviews.freebsd.org/D16852
2018-08-23 16:10:28 +00:00
Warner Losh
8a317ce4b3 Implement blacklisting for devmatch
devmatch_blacklist is a space separated list of modules (w/o the .ko
or full path) to exclude from devmatch's processing.

Differential Revision: https://reviews.freebsd.org/D16735
2018-08-23 05:06:27 +00:00