Commit Graph

8865 Commits

Author SHA1 Message Date
Xin LI
7f2b7ec93c Detect and handle invalid number of FATs
If the number of FATs field in the boot sector is zero, give
an appropriate error code.

Obtained from:	Android 6c29bbe8d5%5E%21/
MFC after:	2 weeks
2018-07-13 02:02:16 +00:00
Eugene Grosbein
35b930cc2b Make dhclient(8) verify if new MTU (option 26) differs from current one and skip unneeded MTU change.
This check eliminates infinite loop of MTU change / link flap / lease verification / MTU change / link flap etc.
in case of some NIC drivers like em(4) or igb(4).

N.B.: obsolete u_int16_t is used in consistency with the rest of the file.

PR:		229432
Approved by:	mav (mentor)
MFC after:	1 week
2018-07-11 09:41:50 +00:00
Andrey V. Elsukov
f7c4fdee1a Add "record-state", "set-limit" and "defer-action" rule options to ipfw.
"record-state" is similar to "keep-state", but it doesn't produce implicit
O_PROBE_STATE opcode in a rule. "set-limit" is like "limit", but it has the
same feature as "record-state", it is single opcode without implicit
O_PROBE_STATE opcode. "defer-action" is targeted to be used with dynamic
states. When rule with this opcode is matched, the rule's action will
not be executed, instead dynamic state will be created. And when this
state will be matched by "check-state", then rule action will be executed.
This allows create a more complicated rulesets.

Submitted by:	lev
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D1776
2018-07-09 11:35:18 +00:00
Conrad Meyer
8ff3cdd1b5 Integrate SHA2-224 with userspace components
The double compilation of the kernel sources in libmd and libcrypt is
baffling, but add yet another define hack to prevent duplicate symbols.

Add documentation and SHA2-224 test cases to libmd.

Integrate with the md5(1) command, document, and add more test cases;
self-tests pass.
2018-07-09 08:19:04 +00:00
Jamie Gritton
de68a3200a Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
sockstat(1), ugidfw(8)
These are the last of the jail-aware userland utilities that didn't work
 with names.

PR:		229266
MFC after:	3 days
Differential Revision:	D16047
2018-07-03 23:47:20 +00:00
Ruslan Bukin
7d729cedcc Revert 335888 ("Ensure va_list is declared by including stdarg.h.")
The issue was caused by header pollution brought by GCC 8.1.

We now have to remove include-fixed headers in the GCC installation
directory.

Sponsored by:	DARPA, AFRL
Pointed out by:	jhb
2018-07-03 15:48:34 +00:00
Ruslan Bukin
ab40f58ccf o Ensure va_list is declared by including stdarg.h.
o Also move printf.h to go after it since it does require declaration
  of va_list.

This fixes build with latest RISC-V GNU Toolchain with GCC 8.1

Sponsored by:	DARPA, AFRL
2018-07-03 13:53:54 +00:00
Kristof Provost
7a2bf4c52e pfctl: Don't retrieve interface list if '-n' is set
If '-n' is set we don't use the list of skip interfaces, so don't retrieve it.
This fixes issues if 'pfctl -n' is used before the pf module is loaded. This
was broken by r333181.

Reported by:	Jakub Chromy <hicks AT cgi.cz>
MFC after:	1 week
2018-07-03 08:50:49 +00:00
Michael Tuexen
294b242d80 Allow three digits of module id without breaking table alignment. 2018-07-02 09:14:00 +00:00
Michael Tuexen
6130efe458 Keep table aligned when address pointer is not of max length. 2018-07-02 09:11:30 +00:00
Michael Tuexen
e4450a19d4 Improve consistency of indentation. Whitespace change only. 2018-07-02 09:09:07 +00:00
Andrey V. Elsukov
0df37a208c Remove extra "ipfw" from example.
MFC after:	1 week
2018-06-28 09:42:30 +00:00
Kyle Evans
af74661403 ifconfig(8): Attempt to render non-printable sequences w/ UTF-8 Environment
Currently ifconfig(8) only prints the hex representation of ssid names
with non-ASCII characters. Many modern terminals are able to properly render
non-ASCII characters. This change checks if the terminal charmap is UTF-8,
and if so, will render the characters, rather than the hex value.

This behavior is circumvented by running ifconfig(8) in a non-UTF8 locale;
e.g. C or POSIX.

It was pointed out by kp@ during the review that APs have the option to
broadcast whether their SSIDs may be interpreted as UTF-8. Ideally, we would
honor this and only attempt this behavior if it's so-broadcasted by the AP.

However, a sample survey showed that hostapd will advertise this if
indicated in config but it doesn't seem to be so common in the AP market, so
this would be effectively useless as we'll rarely know if the SSID should be
renderable as UTF-8.

Despite this, it was decided to be OK with this anyways- there's a
straightforward path to doing it the right way based on advertisement by AP
if we need to go that route, and one can revert to old behavior easily
enough at runtime if we get it wrong.

Submitted by:	Farhan Khan <khanzf@gmail.com>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D15922
2018-06-28 03:37:15 +00:00
Warner Losh
95cbefb3bf We're not, yet, at C++11 capable on all our plaforms.
Use a possibly slower, but C++98 compatibe way to iterate through the
string.

Noticed by: g++ 4.2.1 and Mark Millard
2018-06-28 01:45:53 +00:00
Warner Losh
54aa407625 Safely quote all variable expansions.
When expanding a variable set by a message from the kernel, safely
quote all arguments expanded when creating a command line for the
shell.

Reviewd by: Shawn Webb, Oliver Pinter, brd@
Sponsored by: Netflix
2018-06-27 23:44:37 +00:00
Edward Tomasz Napierala
a6c0b9d085 Fix description for the "autoconf" ifconfig(8) flag; it's an address
property, not something you set for an interface.

MFC after:	2 weeks
2018-06-27 19:28:37 +00:00
Xin LI
48f3bd63b9 Revert Makefile@335696 that sneaked into the commit.
X-MFC with:	335696
MFC after:	2 weeks
2018-06-27 06:50:24 +00:00
Xin LI
6f0f107256 Detect exFAT filesystems and abort if found and tighten BPB sanity
check.

Obtained from:	Android https://android-review.googlesource.com/61827
MFC after:	2 weeks
2018-06-27 06:49:20 +00:00
Stephen J. Kiernan
a2b8acf563 Revert r335402
While useful as an example, veriexecctl, as it is, has very little practical
use, since there is nothing ensuring the integrity of the manifest of hashes.
A more appropriate set of utilities will replace it.
2018-06-26 23:19:55 +00:00
Xin LI
f7a300540f Fix division by zero when reading boot block by postponing division
until it is necessary and after we validated bytes per sector is non-
zero.

Obtained from:	Android https://android-review.googlesource.com/c/platform/external/fsck_msdos/+/36362
MFC after:	2 weeks
2018-06-26 06:18:59 +00:00
Brooks Davis
e4b0a90e77 Normalize the g(eom,cache,part,...) build.
Rather then combining hardlink creation for the geom(8) binary with
shared library build, move libraries to src/lib/geom so they are
built and installed normally.  Create a common Makefile.classes
which is included by both lib/geom/Makefile and sbin/geom/Makefile
so the symlink and libraries stay in sync.

The relocation of libraries allows libraries to be build for 32-bit
compat.  This also reduces the number of non-standard builds in
the system.

This commit is not sufficent to run a 32-bit /sbin/geom on a 64-bit
system out of the box as it will look in the wrong place for libraries
unless GEOM_LIBRARY_PATH is set appropriatly in the environment.

Reviewed by:	bdrewery
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D15360
2018-06-25 19:55:15 +00:00
Eitan Adler
b537db698c dhclient: recorrect __progname to getprogname()
A more correct way to modernize code that uses __progname is to just
replace each occurance of it with a call to getprogname(3)

Reported by:	ian
Reviewed by:	imp
2018-06-25 01:29:54 +00:00
Sean Bruno
2d0730b243 Assuming that the intent (from the white space) is that the fprintf()
be executed in the if() conditional.  If its not supposed to be printed
inside the conditional, then the braces should be removed and the extra
tabs on the fprintf() should be removed.

Noted by cross compilation with gcc-mips.
2018-06-24 21:19:08 +00:00
Eitan Adler
71c6c44d8d dhclient: build with WARNS=6
- add static in a number of places
- initialize __progname rather than rely on magical extern values
- use nitems() instead of manually spelling it out
- unshadow 'idi'
- teach 'error' that it is '__dead2'
- add missing 'break'
2018-06-24 13:23:27 +00:00
Eitan Adler
aa571745a6 Makefiles: remove outdated comments 2018-06-24 09:39:40 +00:00
Eitan Adler
4b3dd106e6 newfs: clean up warnings
- remove param: unused since r95357.
- correct definition of usage
- add explicit fallthrough notice. The existing one doesn't work with
our selection of "implicit-fallthrough" strictness.

This results in WARNS=6 building on amd64, but not other arches
2018-06-24 05:40:42 +00:00
Kristof Provost
150182e309 pf: Support "return" statements in passing rules when they fail.
Normally pf rules are expected to do one of two things: pass the traffic or
block it. Blocking can be silent - "drop", or loud - "return", "return-rst",
"return-icmp". Yet there is a 3rd category of traffic passing through pf:
Packets matching a "pass" rule but when applying the rule fails. This happens
when redirection table is empty or when src node or state creation fails. Such
rules always fail silently without notifying the sender.

Allow users to configure this behaviour too, so that pf returns an error packet
in these cases.

PR:		226850
Submitted by:	Kajetan Staszkiewicz <vegeta tuxpowered.net>
MFC after:	1 week
Sponsored by:	InnoGames GmbH
2018-06-22 21:59:30 +00:00
Xin LI
b7d6282aae Don't bail out when we find primary and secondary bootblocks miscompare.
We do not have code to fix this situation, and the mismatch does not
prevent the kernel driver from consuming the file system, and some factory
formatted SD cards seem to have a garbage backup block.

This makes the code match to its comments (replacing pfatal with pwarn).

Inspired by:	NetBSD r1.13
Inspired by:	b47b16353f
MFC after:	2 weeks
2018-06-22 16:18:19 +00:00
Stephen J. Kiernan
ce16585796 This application (veriexecctl) handles reading a fingerprints file
containing paths, fingerprints, and optional option flags which in turn
get pushed into the MAC/veriexec meta-data store via the veriexec device.

The format of the fingerprints file is as follows:
path type fingerprint options

The type of fingerprint supported depends on what MAC/veriexec fingerprint
modules have been loaded into the system. The veriexecctl application is
able to determine which ones are available by consulting the
security.mac.veriexec.algorithms sysctl.

The following options are currently supported in MAC/veriexec and by the
veriexecctl application:

indirect
  If this option is set then the executable cannot be invoked directly, it
  can only be used as an interpreter in shell scripts.
file
  Indicates that the fingerprint is associated with a file, not an
  executable. Files have their fingerprints verified during open(2) and are
  automatically made read only. This option may be used to verify shared
  libraries have not been tampered with.
no_ptrace
  If this option is set then the executable cannot be traced with the
  ptrace(2) process tracing and debugging call.
trusted
  If this option is set then the executable is allowed to write to the
  mem(4) devices. By default, when verified execution is enforced, no
  process is allowed to write to the mem(4) devices.

The options are not case sensitive.

Reviewed by:	jtl, wblock
Obtained from:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D8575
2018-06-20 01:08:54 +00:00
Mariusz Zaborski
7672a0148f Convert cap_enter() < 0 && errno != ENOSYS to caph_enter() < 0.
No functional change intended.
2018-06-19 23:43:14 +00:00
Ed Maste
76db6c8773 gpart: add EFI alias for MBR partition scheme
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15870
2018-06-17 20:10:48 +00:00
Eitan Adler
9fdff46b42 gvinum: revert WARNS change in Makefile
Architectures that passed on a local build universe, failed on
tinderbox. Revert the number change for now while I investigate.
2018-06-17 01:39:22 +00:00
Eitan Adler
5d9573acf2 ddb: unbreak ppc
usr/src/powerpc.powerpcspe/tmp/usr/include/strings.h:62:
warning: shadowed declaration is here
2018-06-17 00:00:24 +00:00
Eitan Adler
37e18df37d quotacheck: build with WARNS=3
WARNS++

Tested with amd64, arm64, i386, mips
2018-06-16 23:47:59 +00:00
Eitan Adler
e567c750ff gvinum: build with WARNS=6
This also removes an unused and uninitialized variable.

Tested with amd64, arm64, i386, mips
2018-06-16 23:45:59 +00:00
Eitan Adler
b33abb34b8 ddb: build with WARNS=6
Tested with amd64, arm64, i386, mips
2018-06-16 23:44:18 +00:00
Xin LI
0531ab7253 Added option to cluster-align the start of the root directory.
Obtained from:	Android
Obtained from:	052f275621
Obtained from:	8218b6aae9
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D15672
2018-06-15 06:03:40 +00:00
John Baldwin
44a230cd92 Exit with an error if a linker hints file can't be found.
Continuing with a NULL hints variable just triggers a segfault later on.
The other error cases in this function all exit for an error rather than
warning.

Reviewed by:	imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D15579
2018-06-14 22:31:30 +00:00
Warner Losh
f0f8a1af01 NVME support is only for x86 and powerpc64.
Implement MK_NVME now that the expression for where NVMe is
complicated. Default it to "yes" for x86 and powerpc64 and
no everywhere else. Use it in camcontrol to define WITH_NVME
for those platforms where we support nvme.

This should fix the newly introduced nvme files to camcontrol
which were building everywhere.

Pointy Hat To: imp
Sponsored by: Netflix
2018-06-14 01:15:19 +00:00
Warner Losh
6ee13c54da Make camcontrol identify work with nda devices
Both ATA and NVME have an identify command. They are completely
different, but to the user they are the same. Leverage nvmecontrol's
print_controller code to provide that functionality to camcontrol
identify. Query the path to see what kind of protocol it supports, and
send the most appropriate command down. Refactor nvme_print_dev a
little to make it easy to get the nvme cdata.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D15371
2018-06-13 22:00:08 +00:00
Warner Losh
e505b7eced Make it possible to use print_controller from another program
Rename print_controller to nvme_print_controller. Put it in its
own file for easy inclusion. Move util.c to be nc_util.c to not
conflict with camcontrol. add nvecontrol_ext.h to define shared
interfaces.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D15371
2018-06-13 22:00:02 +00:00
Eitan Adler
3330a6d984 dumpon(8): improve the examples a bit
While here, remove extraneous extraneous Pp

Reviewed by:	jhb (older version)
2018-06-13 09:28:47 +00:00
Li-Wen Hsu
22e6ecf367 Follow r333233, add fat32lba description to gpart(8)
Reviewed by:	emaste
MFC after:	3 days
X-MFC with:	r333233
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15767
2018-06-12 01:50:58 +00:00
Warner Losh
37d6a8f458 Revert size limits.
The size limits came from a flawed understanding of dump records.
The real issue was that dump was bogusly interpreting c_count
sometimes. r334978 fixes that.
2018-06-11 20:38:30 +00:00
Warner Losh
b9c7cba522 Fix a bug in the counting of blks.
We shouldn't count the bytes set in c_addr for TS_CLRI and TS_BITS
nodes. Those block overload c_count to communicate how many blocks
follow, not now many c_addr spaces are used. Dump would dump core
(now) because memory layout moved around and we'd access elements past
the end to make a count.

Reviewed by: kib@
2018-06-11 20:38:26 +00:00
Warner Losh
e26ce92b55 Don't initialize c_count. We don't need to. 2018-06-11 19:35:41 +00:00
Warner Losh
a86534e007 Minor style polishing.
Declare c_count and initialize it with other ints.

Reported by: mjg@
2018-06-11 19:32:49 +00:00
Warner Losh
94e18833a8 Document the newly enforced 524288 inode restriction. 2018-06-11 19:32:45 +00:00
Warner Losh
2d518c6518 Add asserts to prevent overflows of c_addr.
Add some asserts that prevents the overflows of c_addr. This can't
happen, absent bugs. However, certain large filesystems can cause
problems. These have been prevented by r334968, but a solution
is needed. These asserts will help assure that solution is correct.

PR: 228807
Reviewed by: db
2018-06-11 19:32:36 +00:00
Diane Bruce
803fec5fdf Large file systems with inodes > 512K have been silently overflowing
c_addr in spcl. So check before we start dumping otherwise we can
end up with a corrupted dump.

PR:		228807
Submitted by:	db
Reviewed by:	imp
Approved by:	imp
2018-06-11 19:12:50 +00:00
Kirk McKusick
db9cb3e823 Ensure proper initialization of superblock.
Submitted by: Diane Bruce
2018-06-07 20:49:01 +00:00
Justin Hibbits
8244d89ce3 Build nvmecontrol on powerpc64
The nvme driver is compiled for powerpc64 already, and the one fix required
to build nvmecontrol on powerpc64 was fixed in r334754.
2018-06-07 04:03:19 +00:00
Justin Hibbits
2bac48c266 Print Maximum Data Transfer Size as a long rather than int
PowerPC has PAGE_SIZE as a long, not an int.  This causes the compiler to throw
a format mismatch warning on this print.  To work around the difference, print
it as a long instead of an int, and force the argument to a long.

Reviewed By: imp
Differential Revision: https://reviews.freebsd.org/D15653
2018-06-07 04:02:09 +00:00
Kristof Provost
fa1d4439f9 pf: Return non-zero from 'status' if pf is not enabled
In the pf rc.d script the output of `/etc/rc.d/pf status` or `/etc/rc.d/pf
onestatus` always provided an exit status of zero. This made it fiddly to
programmatically determine if pf was running or not.

Return a non-zero status if the pf module is not loaded, extend pfctl to have
an option to return an error status if pf is not enabled.

PR:		228632
Submitted by:	James Park-Watt <jimmypw AT gmail.com>
MFC after:	1 week
2018-06-06 19:36:37 +00:00
Conrad Meyer
f93497fe64 dhclient(8): allow to supersede interface-mtu option
In some cases broken DHCP servers might send invalid MTU value, so allow to
use 'supersede' in dhclient.conf to override this. When superseded value is
0, MTU value is not updated at all.

PR:		206721
Submitted by:	novel@
Reported by:	<jimp AT pfsense.org>
MFC after:	37 minutes (if you care about 11, please MFC to 11.2)
Relnotes:	yes (potentially surprising behavior change w/ broken dhcpd mtu)
Differential Revision:	https://reviews.freebsd.org/D15484
2018-05-31 19:36:24 +00:00
Sean Bruno
21a8e0b1d5 dumpon(8)
- fix the WITHOUT_CRYPTO buildworld case.  Its rare, but some of us do
  build this way.

Sponsored by:	Limelight Networks
2018-05-29 21:52:13 +00:00
Mark Johnston
fe1ba25039 The extension for zstd-compressed files is ".zst".
Reported by:	manu
2018-05-29 16:04:53 +00:00
Eitan Adler
73d1ecdc98 kldstat: align "Size" to the right
This change also makes alignment and spacing an explicit number rather
than a bunch of spaces.

Reviewed by:	mmacy
Requested by:	Yuri Pankov <yuripv@yuripv.net>
2018-05-26 05:15:07 +00:00
Matt Macy
3741a56c31 devd: drop WARNS back down to 3 until 6 actually works with GCC 2018-05-24 01:12:06 +00:00
Eitan Adler
f405a1bea1 devd: Move variable declaration to header
Reminder by:	imp
2018-05-23 13:48:16 +00:00
Eitan Adler
d14732d366 kldstat: align size to the right
This makes it easier to compare numbers directly.

PR:		215747
Submitted by:	"Alexander von Gernler" <grunk@pestilenz.org>
2018-05-23 12:10:16 +00:00
Eitan Adler
aa677d07a1 md5: perform compare case-insenstive
md5 generates a md5 hash lowercase, but it might be provided in
uppercase. Allow this.

PR:		205598
Reported by:	ohauer
MFC After:	2 weeks
2018-05-23 11:45:46 +00:00
Eitan Adler
6d6e62dcc3 dumpon: point to better kernel debug symbols.
The objdir is temporary, and the current example points to GENERIC.
Instead point to the installed location of the debug symbols that are
supposed to match the kernel you are using.

PR:		223993
Submitted by:	Trond.Endrestol@ximalas.info
2018-05-23 10:45:32 +00:00
Eitan Adler
695a3b29ff devd: Unbreak build
I'm not quite sure why this wasn't caught before. Most likely due to
some generated file not being properly cleaned.

Fix build by just hiding the warnings that `-i` was supposed to fix.

Tested with clang, gcc9, gcc7
2018-05-23 10:03:09 +00:00
Eitan Adler
e8d9a1edb3 devd: allow build to complete using g++ 2018-05-23 07:44:50 +00:00
Eitan Adler
0bc60783da devd: compile at WARNS=6
Verified with "make universe TARGETS='amd64 arm arm64 i386 sparc64'"
2018-05-23 07:39:05 +00:00
Eitan Adler
958160f3ec devd: correct two warnings
- catching a polymorphic type by value
- "output between 16 and 95 bytes into a destination of size 80"
2018-05-23 07:39:02 +00:00
Andrey V. Elsukov
7a07dfbc7c Make the name of option that toggles IFCAP_HWRXTSTMP capability to
match the name of this capability. It was added recently and is not merged
to stable branch, so I hope it is not too late to change the name.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D15475
2018-05-18 12:12:24 +00:00
Ed Maste
408c1ff8f4 Clarify that boot_mute / boot -m mutes kernel console only
Perhaps RB_MUTE could mute user startup (rc) output as well, but right
now it mutes only kernel console output, so make the documentation match
reality.

PR:		228193
Sponsored by:	The FreeBSD Foundation
2018-05-16 02:15:18 +00:00
Ed Maste
c44e7d2f2f gpart.8: list all options in table form for each command
Previously gpart's man page listed some command options in prose, and
some in table form, which made it more difficult to use as a reference.

Reviewed by:	bcr
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15135
2018-05-11 12:58:36 +00:00
Ed Maste
6c967db174 gpart.8: sort suboptions per mdoc(7)
Alphabetical order, uppercase before lowercase for each letter and with
no regard to whether an option takes an argument.

Sponsored by:	The FreeBSD Foundation
2018-05-11 12:57:25 +00:00
Andrey V. Elsukov
51d5442fef Fix the printing of rule comments.
Change uint8_t type of opcode argument to int in the print_opcode()
function. Use negative value to print the rest of opcodes, because
zero value is O_NOP, and it can't be uses for this purpose.

Reported by:	lev
MFC after:	1 week
2018-05-10 12:25:01 +00:00
Mariusz Zaborski
31f7586d73 Introduce the 'n' flag for the geli attach command.
If the 'n' flag is provided the provided key number will be used to
decrypt device. This can be used combined with dryrun to verify if the key
is set correctly. This can be also used to determine which key slot we want to
change on already attached device.

Reviewed by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D15309
2018-05-09 20:53:38 +00:00
Mariusz Zaborski
c2ac0fc5e0 Change option dry-run from 'n' to 'C' in geli attach command.
'n' is used in other commands to define the key index.
We should be consistent with that.
'C' option is used by patch(1) to perform dryrun so lets use that.

Reviewed by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D15308
2018-05-09 20:51:16 +00:00
Warner Losh
0272270a8d nda protocol rate reporting
Report the NVMe spec, number of lanes (and max) as well as the PCIe
generation we're negotiated at (and max) for the camcontrol rate
command.

Reviewed by: scottl (the output, not the code)
Sponsored by: Netflix
2018-05-09 18:41:04 +00:00
Andrey V. Elsukov
c54e0abbc6 Update NAT64 documentation, now we support any IPv6 prefixes.
MFC after:	1 month
2018-05-09 12:25:23 +00:00
Andrey V. Elsukov
782360dec3 Bring in some last changes in NAT64 implementation:
o Modify ipfw(8) to be able set any prefix6 not just Well-Known,
  and also show configured prefix6;
o relocate some definitions and macros into proper place;
o convert nat64_debug and nat64_allow_private variables to be
  VNET-compatible;
o add struct nat64_config that keeps generic configuration needed
  to NAT64 code;
o add nat64_check_prefix6() function to check validness of specified
  by user IPv6 prefix according to RFC6052;
o use nat64_check_private_ip4() and nat64_embed_ip4() functions
  instead of nat64_get_ip4() and nat64_set_ip4() macros. This allows
  to use any configured IPv6 prefixes that are allowed by RFC6052;
o introduce NAT64_WKPFX flag, that is set when IPv6 prefix is
  Well-Known IPv6 prefix. It is used to reduce overhead to check this;
o modify nat64lsn_cfg and nat64stl_cfg structures to use nat64_config
  structure. And respectivelly modify the rest of code;
o remove now unused ro argument from nat64_output() function;
o remove __FreeBSD_version ifdef, NAT64 was not merged to older versions;
o add commented -DIPFIREWALL_NAT64_DIRECT_OUTPUT flag to module's Makefile
  as example.

Obtained from:	Yandex LLC
MFC after:	1 month
Sponsored by:	Yandex LLC
2018-05-09 11:59:24 +00:00
Mark Johnston
0ff40d3d29 Add netdump support to dumpon(8).
A new usage is added so that parameters for netdump may be specified.
Specifically, one configures an interface for netdump with:

# dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name>

Reviewed by:	bdrewery, cem (earlier versions), sbruno
MFC after:	1 month
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
Alexander Motin
ba405bc811 Add NVMe Namespace Management support to nvmecontrol(8).
This allows create/delete/attach/detach namespaces on new NVMe controllers.
This is only a first user-level part of the bigger change set.  Kernel part
required to detect and handle the configuration changes without reboot is
completely independent and will be added separately.

Submitted by:	Matt Williams <mffbsdw@gmail.com> (original version)
Differential Revision:	https://reviews.freebsd.org/D11399
2018-05-05 20:08:03 +00:00
Xin LI
3e855e9c21 Don't bail out from the check if readboot() returns !FSFATAL.
This can happen when the fsinfo signature is invalid, and the
user have choose to fix it, in which case the code would return
FSBOOTMOD (not FSOK but not FSFATAL either).

All other (fatal) cases would return FSFATAL.

Obtained from:	Android Open Source Project
Obtained from:	d8775a29ea
MFC after:	2 weeks
2018-04-30 05:57:55 +00:00
Kristof Provost
c5e105655b pfctl: Don't break connections on skipped interfaces on reload
On reload we used to first flush everything, including the list of skipped
interfaces.  This can lead to termination of these connections if they send
packets before the new configuration is applied.

Note that this doesn't currently happen on 12 or 11, because of special EACCES
handling introduced in r315514. This special behaviour in tcp_output() may
change, hence the fix in pfctl.

PR:		214613
2018-04-28 13:16:58 +00:00
Brooks Davis
4204224162 Finish removing FDDI and tokenring media support.
This fixes media display for 802.11 wireless devices.

Software outside the base system that uses these media types and
defines should use #ifdef IFM_FDDI or IFM_TOKEN to include or remove
support.

Reported by:	zeising
Reviewed by:	emaste, kib, zeising
Tested by:	zeising
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D15170
2018-04-23 21:10:33 +00:00
Andrew Gallatin
47528c67ef Make lagg creation more fault tolerant
- Warn, don't exit, when SIOCSLAGGPORT returns an error.

When we exit with an error during lagg creation, a single
failed NIC (which no longer attaches) can prevent lagg
creation and other configuration, such as adding an IPv4
address, and thus leave a machine unreachable.

- Preserve non-EEXISTS errors for exit status from SIOCSLAGGPORT,
  in case scripts are looking for it. Hopefully this can be
  extended if other parts of ifconfig can allow a "soft" failure.

- Improve the warning message to mention what lagg and what
  member are problematic.

Reviewed by: jtl, glebius
Sponsored by: Netflix
Differential Revision:	https://reviews.freebsd.org/D15046
2018-04-17 12:54:58 +00:00
Brooks Davis
eec02418d8 Remove support for FDDI and token ring media types in userland utilities.
Reviewed by:	kib
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D15077
2018-04-16 18:07:51 +00:00
Andrey V. Elsukov
0f71e509e5 Fix indenting in ipv6.c file, use tabs instead of mixing tabs and spaces.
MFC after:	1 week
2018-04-12 20:05:26 +00:00
Andrey V. Elsukov
bd32e33552 Remove printing of "not" keyword from print_ip6() function.
After r331668 handling of F_NOT flag done in one place by
print_instruction() function. Also remove unused argument from
print_ip[6]() functions.

MFC after:	1 week
2018-04-12 19:44:04 +00:00
Andrey V. Elsukov
09a6be91bc Remove printing of "not" keyword from print_ip() function.
After r331668 handling of F_NOT flag done in one place by
print_instruction() function.

MFC after:	1 week
2018-04-12 19:34:35 +00:00
Brooks Davis
0437c8e3b1 Remove support for FDDI networks.
Defines in net/if_media.h remain in case code copied from ifconfig is in
use elsewere (supporting non-existant media type is harmless).

Reviewed by:	kib, jhb
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D15017
2018-04-11 17:28:24 +00:00
Oleg Bulyzhin
e5e8324fea Fix typo.
MFC after:	1 week
2018-04-11 11:17:57 +00:00
Mariusz Zaborski
8f1c45c20a Introduce dry run option for attaching the device.
This will allow us to verify if passphrase and key is valid without
decrypting whole device.

Reviewed by:	cem@, allanjude@
Differential Revision:	https://reviews.freebsd.org/D15000
2018-04-10 13:22:48 +00:00
Edward Tomasz Napierala
f0bbdd70ad Strip trailing whitespace.
MFC after:	2 weeks
2018-04-10 08:13:59 +00:00
Kirk McKusick
2a36aee276 When using the fsdb `blocks' command, replace the long and ugly list of
blocks with the much more concise and readable block list shown by the
prtblknos() function imported from tools/diag/prtblknos.
2018-04-08 07:06:12 +00:00
Rodney W. Grimes
2e23ded5c4 Exit with usage when extra arguments are on command line
preventing mistakes such as "halt 0p" for "halt -p".
Approved by:	bde (mentor), phk (mentor)
MFC after:	1 week
2018-04-05 15:00:08 +00:00
Alexander V. Chernikov
2d5832444f Fix memory leaks in route(8).
Submitted by:	Tom Rix (trix_juniper.net)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D9676
2018-03-31 15:06:14 +00:00
Andrey V. Elsukov
aed0267989 Rework ipfw rules parsing and printing code.
Introduce show_state structure to keep information about printed opcodes.
Split show_static_rule() function into several smaller functions. Make
parsing and printing opcodes into several passes. Each printed opcode
is marked in show_state structure and will be skipped in next passes.
Now show_static_rule() function is simple, it just prints each part
of rule separately: action, modifiers, proto, src and dst addresses,
options. The main goal of this change is avoiding occurrence of wrong
result of `ifpw show` command, that can not be parsed by ipfw(8).
Also now it is possible to make some simple static optimizations
by reordering of opcodes in the rule.

PR:		222705
Discussed with:	melifaro
MFC after:	2 weeks
Sponsored by:	Yandex LLC
2018-03-28 12:44:28 +00:00
Edward Tomasz Napierala
0457d75c14 Bump .Dd after r331113.
Reported by:	oshogbo@
MFC after:	2 weeks
2018-03-27 16:38:32 +00:00
Konstantin Belousov
f137973487 Allow to specify PCP on packets not belonging to any VLAN.
According to 802.1Q-2014, VLAN tagged packets with VLAN id 0 should be
considered as untagged, and only PCP and DEI values from the VLAN tag
are meaningful.  See for instance
https://www.cisco.com/c/en/us/td/docs/switches/connectedgrid/cg-switch-sw-master/software/configuration/guide/vlan0/b_vlan_0.html.

Make it possible to specify PCP value for outgoing packets on an
ethernet interface.  When PCP is supplied, the tag is appended, VLAN
id set to 0, and PCP is filled by the supplied value.  The code to do
VLAN tag encapsulation is refactored from the if_vlan.c and moved into
if_ethersubr.c.

Drivers might have issues with filtering VID 0 packets on
receive.  This bug should be fixed for each driver.

Reviewed by:	ae (previous version), hselasky, melifaro
Sponsored by:	Mellanox Technologies
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D14702
2018-03-27 15:29:32 +00:00
Andriy Gapon
31260bf042 vfs_donmount: in certain cases try r/o mount if r/w mount fails
If the operation is not an update, if neither r/w nor r/o mode is
explicitly requested, if the error code hints at the possibility of the
media being read-only, and if the fallback is allowed, then we can try
to automatically downgrade to the readonly mode.

This is especially useful for auto-mounting of removable media that
sometimes can happen to be write-protected.

The fallback to r/o is not enabled by default.  It can be requested on a
per-mount basis with a new mount option, 'autoro'.  Or it can be
globally allowed by setting vfs.default_autoro.

Reviewed by:	cem, kib
MFC after:	3 weeks
Relnotes:	yes
Differential Revision: https://reviews.freebsd.org/D13361
2018-03-27 14:31:42 +00:00
Andrey V. Elsukov
b43b604b30 Remove note that fwd tablearg is supported only by IPv4. IPv6 is
supported too.

MFC after:	1 week
2018-03-19 10:50:27 +00:00
Edward Tomasz Napierala
7dc5b4402b Xr crashinfo(8) from savecore(8).
MFC after:	2 weeks
2018-03-17 21:58:41 +00:00
Ed Maste
d8ba45e213 Revert r313780 (UFS_ prefix) 2018-03-17 12:59:55 +00:00
Ed Maste
1e2b9afca9 Prefix UFS symbols with UFS_ to reduce namespace pollution
Followup to r313780.  Also prefix ext2's and nandfs's versions with
EXT2_ and NANDFS_.

Reported by:	kib
Reviewed by:	kib, mckusick
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D9623
2018-03-17 01:48:27 +00:00
Kirill Ponomarev
29c29cbb40 Extend SSID maximum string length to 32 chars to support longer SSID
names.

Approved by:	adrian
Differential Revision:	https://reviews.freebsd.org/D14710
2018-03-16 16:56:56 +00:00
Alexander Motin
011bbaa513 Add some argument checks to be more user-friendly.
MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2018-03-13 15:29:13 +00:00
Alexander Motin
635c517ae9 Add nvmecontrol format subcommand.
It allows to change namespace parameters, such as block size, metadata,
protection information, etc. and/or erase the data.

MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2018-03-13 03:02:09 +00:00
Alexander Motin
01c1be35e0 Print fuses and fna fields in identify data.
MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2018-03-12 16:31:25 +00:00
Andrey V. Elsukov
12c080e613 Do not try to reassemble IPv6 fragments in "reass" rule.
ip_reass() expects IPv4 packet and will just corrupt any IPv6 packets
that it gets. Until proper IPv6 fragments handling function will be
implemented, pass IPv6 packets to next rule.

PR:		170604
MFC after:	1 week
2018-03-12 09:40:46 +00:00
Alexander Motin
3fa5467a06 Add new identify data structures fields from NVMe 1.3a.
Some of them are already supported by existing hardware, so reporting
them `nvmecontrol identify` can be useful.
2018-03-11 05:09:02 +00:00
John Baldwin
2365fe5616 Permit sysctl(8) to set an array of numeric values for a single node.
Most sysctl nodes only return a single value, but some nodes return an
array of values (e.g. kern.cp_time).  sysctl(8) understand how to display
the values of a node that returns multiple values (it prints out each
numeric value separated by spaces).  However, until now sysctl(8) has
only been able to set sysctl nodes to a single value.  This change
allows sysctl to accept a new value for a numeric sysctl node that contains
multiple values separated by either spaces or commas.  sysctl(8) parses
this list into an array of values and passes the array as the "new" value
to sysctl(2).

Reviewed by:	rpokala
MFC after:	1 week
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D14569
2018-03-09 23:37:19 +00:00
Warner Losh
0b8c33590a Remove decade's old whine about msdos vs msdosfs.
Retain the compatibility silently though.

Reviewed by: cem@, kevans@, emaste@ (and many others in the past)
2018-03-09 21:32:07 +00:00
Conrad Meyer
4e0a8b6105 ipfw(8): Fix endianness for Legacy and Ipv4 table hostname values
The lookup_host() helper subroutine emits a struct in_addr value in network
byte order via caller passed pointer.  However, the table value is expected
to be stored in host byte order.  On little-endian machines, this produced a
reversed endian table value for Legacy or IPv4 table types when the value
was a hostname (instead of a plain IP address).

Fix by using ntohl() on the output 32-bit address.

While here, avoid some aliasing violations by storing the lookup_host()
output in an intermediate object of the correct type.

PR:		226429
Reported by:	bugs.freebsd.org AT mx.zzux.com (also: Tested by)
Security:	ipfw hostname table rules could potentially not act as admin intended
Sponsored by:	Dell EMC Isilon
2018-03-08 17:23:18 +00:00
Warren Block
21b386d516 Clarify and clean up some language, and add an explicit example.
Sponsored by:	iXsystems
Differential Revision:	https://reviews.freebsd.org/D12336
2018-03-02 19:07:32 +00:00
David Bright
3acf1760b7 dhclient violates RFC2131 when sending early DHCPREQUEST message to re-obtain old IP
When dhclient first starts, if an old IP address exists in the
dhclient.leases file, dhclient(8) sends early DHCPREQUEST message(s)
in an attempt to re-obtain the old IP address again. These messages
contain the old IP as a requested-IP-address option in the message
body (correct) but also use the old IP address as the packet's source
IP (incorrect).

RFC2131 sec 4.1 states:

  DHCP messages broadcast by a client prior to that client obtaining
  its IP address must have the source address field in the IP header
  set to 0.

The use of the old IP as the packet's source address is incorrect if
(a) the computer is now on a different network or (b) it is on the
same network, but the old IP has been reallocated to another host.

Fix dhclient to use 0.0.0.0 as the source IP in this circumstance
without removing any existing functionality. Any previously-used old
IP is still requested in the body of an early DHCPREQUEST message.

PR:		199378
Submitted by:	J.R. Oldroyd <fbsd@opal.com>
Reported by:	J.R. Oldroyd <fbsd@opal.com>
Reviewed by:	cem, asomers, vangyzen
MFC after:	1 week
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D14527
2018-02-27 21:59:23 +00:00
Alan Somers
6ef82c0ae2 fix typo in ipfw(8). No functional change.
Submitted by:	zxzharmlesszxz
Pull Request:	https://github.com/freebsd/freebsd/pull/132
2018-02-27 17:12:33 +00:00
Edward Tomasz Napierala
1cde387c83 Improve missing tty handling in init(8). This removes a check that did
nothing - it was checking for ENXIO, which, with devfs, is no longer
returned - and was badly placed anyway, and replaces it with similar
one that works, and is done just before starting getty, instead of being
done when rereading ttys(5).

From the practical point of view, this makes init(8) handle disappearing
terminals (eg /dev/ttyU*) gracefully, without unneccessary getty restarts
and resulting error messages.

Reviewed by:	imp@
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14307
2018-02-27 10:54:15 +00:00
Eugene Grosbein
0d41f9c9f0 route(8): make it possible to manually delete pinned route
Reported by:	Andreas Longwitz <longwitz@incore.de>
Approved by:	avg (mentor)
MFC after:	1 week
2018-02-24 21:25:56 +00:00
Alan Somers
deeec7728b nvmecontrol: fix build on amd64/clang
Broken by:	329824
Sponsored by:	Spectra Logic Corp
2018-02-22 17:47:16 +00:00
Wojciech Macek
0d787e9b35 NVMe: Add big-endian support
Remove bitfields from defined structures as they are not portable.
Instead use shift and mask macros in the driver and nvmecontrol application.

NVMe is now working on powerpc64 host.

Submitted by:          Michal Stanek <mst@semihalf.com>
Obtained from:         Semihalf
Reviewed by:           imp, wma
Sponsored by:          IBM, QCM Technologies
Differential revision: https://reviews.freebsd.org/D13916
2018-02-22 13:32:31 +00:00
Wojciech Macek
ea1d5fd117 Add bsdlabel and fdisk to powerpc64
Submitted by:          Wojciech Macek <wma@semihalf.org>
Obtained from:         Semihalf
Sponsored by:          IBM, QCM Technologies
2018-02-22 12:31:28 +00:00
Alan Somers
79a1d19516 dhclient: raise WARNS to 4
Mostly const-correctness fixes. There were also some variable-shadowing,
unused variable, and a couple of sockaddr type-correctness changes. I also had
trouble with cast-align warnings. I was able to prove that one of them was a
false positive. But ultimately I had to disable the warning program-wide to
deal with the others.

Reviewed by:	cem
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D14460
2018-02-21 21:13:08 +00:00
Kirk McKusick
12487c7243 Fix a read past the end of a buffer in fsck.
To minimize the time spent scanning all of the directories in pass 2
(Check Pathnames), fsck uses a search order based on the location
of their first block. Zero length directories have no first block,
so the array being used to hold the block numbers of directory
inodes was of zero length. Thus a lookup was done past the end of
the array getting at best a random value and at worst a segment
fault.  For zero length directories, this change allocates a one
element block array and initializes it to zero. The effect is that
all zero length directories are handled first in pass 2.

Reviewed by: brooks
Differential Revision: https://reviews.freebsd.org/D14163
2018-02-21 20:32:23 +00:00
Ryan Stone
9ec35e3cb4 Fix route manpage to show correct flush syntax
The current route(8) manpage shows that "flush" is an argument to
the optional -n flag, rather than a separate subcommand.  Correct
this to properly show flush as a route subcommand.

MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Reviewed by: rgrimes
Differential Revision: https://reviews.freebsd.org/D14401
2018-02-21 19:13:27 +00:00
Ryan Stone
b3b6ff23e7 Allow route change requests to not specify the gateway.
Only require a gateway to be specified on a route add request.  On
a route change request that does not specify the gateway, the
gateway will remain the same.  This allows changing other route
parameters without having to re-specifying the gateway, like in
"route change 10.0.0.0/8 -mtu 9000".

Update the route(8) manpage to explicitly call out this usage
as being supported.

MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Reviewed By: eugen (rtsock.c change), rgrimes
Differential Revision: https://reviews.freebsd.org/D14291
2018-02-21 19:13:23 +00:00
Warner Losh
c798d98e75 More verbose output. 2018-02-20 05:35:00 +00:00
Warner Losh
bbd4852a9b Print more info for -v runs and temp hack for usb vs uhub
Despite best efforts to regularize, there's a few tables in the system
that still report they are for bus usb when they are really for bus
uhub (where usb devices attach). Add a temporary workaround for this
until these places have been eliminated (likely my fault).

Second, when running verbose, describe what we're doing when
searching. This output can be quite long, but says exactly what's
going on (this output is to stdout, so it's useless for scripting).
2018-02-18 23:16:16 +00:00
Hans Petter Selasky
201c73815f Fix USB driver matching in devmatch(8).
Multiple drivers can match on the same USB device and the order of loading
decides which driver gets the device. Use the supplied mask value as an
indication of priority, so that vendor specific device drivers are loaded
before more generic ones.

Sponsored by:	Mellanox Technologies
2018-02-17 14:34:47 +00:00
Warner Losh
3fa2c0489b Implement --hints to read hints file directly
In testing, it's often useful to copy a few files into a directory and
kldxref them to ensure that particular cases are handled correctly.
Add --hints (-h) to facilitate this testing and enable future
automated testing.

Sponsored by: Netflix
2018-02-17 06:57:43 +00:00
Warner Losh
d38a8a7aa5 Add option to parse NOMATCH event and suggest modules to load
Add --nomatch/-p to search for individual drivers based on a NOMATCH
event from devd.

Submitted by: hps (earlier version)
Sponsored by: Netflix
2018-02-17 06:57:34 +00:00
Warner Losh
5e0195c8f5 Tweak the 'I' flagged value
'I' was omitting 'zero' values. This is not quite correct, and was put
in as a hack but not documented. Remove it. If we find what the hack
was really needed for, we'll either fix the need for it, or invent a
new flagged value type.

Submitted by: hps@
Sponsored by: Netflix
2018-02-17 06:57:30 +00:00
Warner Losh
b9c40202d8 Implement 'T' field matching.
Implement 'T' field matching. This is needed to prevent false
positives. However, it's not general enough. It only handles one field
and there's a ton of edge cases even with that it likely wouldn't
handle. To do it more generally and also eliminate a lot of the
hackiness that's in this program now, we'd need to creating
directories for lookups ala awk, pearl, python, etc. It appears to be
sufficient, though, to get my keyboard loaded on boot.

Sponsored by: Netflix
2018-02-17 06:57:25 +00:00
Warner Losh
a164a319eb Warn when we encounter unknown PNP field specifiers.
The 'T' field went unimplemented for months due to a lack of warning.
Add a warnings to detect mistakes sooner.

Sponsored by: Netflix
2018-02-17 06:57:12 +00:00
Mike Silbersack
b761400b51 Prevent savecore from reading bounds from the current directory.
Rev 244218 removed the requirement that you provide a dump
directory when checking if there is a coredump ready to be written.
That had the side-effect of causing the bounds file to be read
from the current working directory instead of the dump directory.
As the bounds file is irrelevant when just checking, the simplest
fix is to not read the bounds file when checking.

Reviewed by:	markj
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D14383
2018-02-16 06:51:39 +00:00
Eitan Adler
dacbef689d devd: don't pass &fds in useless parameters to select(2)
select(2) should be declared as restrict. In addition the only fd in
the fdset is open O_RDONLY, and it's not a socket that can provide OOB
notifications,

Reviewed by:	ian, imp, vangyzen
2018-02-15 03:22:53 +00:00
Mark Johnston
6026dcd7ca Add support for zstd-compressed user and kernel core dumps.
This works similarly to the existing gzip compression support, but
zstd is typically faster and gives better compression ratios.

Support for this functionality must be configured by adding ZSTDIO to
one's kernel configuration file. dumpon(8)'s new -Z option is used to
configure zstd compression for kernel dumps. savecore(8) now recognizes
and saves zstd-compressed kernel dumps with a .zst extension.

Submitted by:	cem (original version)
Relnotes:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D13101,
			https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
Nick Hibma
9ea81ab56a DSCP values passed to setdscp need to be lowercase.
See definition of f_ipdscp values. They are compared against using bcmp
which is case sensitive.

MFC after:	1 week
2018-02-13 10:11:39 +00:00
Conrad Meyer
487340b004 devmatch.8: Link to MODULE_PNP_INFO(9)
Sponsored by:	Dell EMC Isilon
2018-02-12 22:43:47 +00:00
Warner Losh
590682b6e6 Move devmatch to sbin from usr/sbin.
Since we want to use devmatch in context before a split /,/usr system
has mounted /usr, move devmatch to /sbin.

Sponsored by: Netflix
2018-02-12 14:44:21 +00:00
Conrad Meyer
b42712a8b7 Add GUID and alias for Apple APFS partition
PR:		225813
Submitted by:	James Wright <james.wright AT jigsawdezign.com>
2018-02-11 06:57:20 +00:00
Kirk McKusick
31461aa2f1 Include files missed in 329051. 2018-02-08 23:14:24 +00:00
Kirk McKusick
068beacf21 The goal of this change is to prevent accidental foot shooting by
folks running filesystems created on check-hash enabled kernels
(which I will call "new") on a non-check-hash enabled kernels (which
I will call "old). The idea here is to detect when a filesystem is
run on an old kernel and flag the filesystem so that when it gets
moved back to a new kernel, it will not start getting a slew of
check-hash errors.

Back when the UFS version 2 filesystem was created, it added a file
flag FS_INDEXDIRS that was to be set on any filesystem that kept
some sort of on-disk indexing for directories. The idea was precisely
to solve the issue we have today. Specifically that a newer kernel
that supported indexing would be able to tell that the filesystem
had been run on an older non-indexing kernel and that the indexes
should not be used until they had been rebuilt. Since we have never
implemented on-disk directory indicies, the FS_INDEXDIRS flag is
cleared every time any UFS version 2 filesystem ever created is
mounted for writing.

This commit repurposes the FS_INDEXDIRS flag as the FS_METACKHASH
flag. Thus, the FS_METACKHASH is definitively known to have always
been cleared. The FS_INDEXDIRS flag has been moved to a new block
of flags that will always be cleared starting with this commit
(until they get used to implement some future feature which needs
to detect that the filesystem was mounted on a kernel that predates
the new feature).

If a filesystem with check-hashes enabled is mounted on an old
kernel the FS_METACKHASH flag is cleared. When that filesystem is
mounted on a new kernel it will see that the FS_METACKHASH has been
cleared and clears all of the fs_metackhash flags. To get them
re-enabled the user must run fsck (in interactive mode without the
-y flag) which will ask for each supported check hash whether it
should be rebuilt and enabled. When fsck is run in its default preen
mode, it will just ignore the check hashes so they will remain
disabled.

The kernel has always disabled any check hash functions that it
does not support, so as more types of check hashes are added, we
will get a non-surprising result. Specifically if filesystems get
moved to kernels supporting fewer of the check hashes, those that
are not supported will be disabled. If the filesystem is moved back
to a kernel with more of the check-hashes available and fsck is run
interactively to rebuild them, then their checking will resume.
Otherwise just the smaller subset will be checked.

A side effect of this commit is that filesystems running with
cylinder-group check hashes will stop having them checked until
fsck is run to re-enable them (since none of them currently have
the FS_METACKHASH flag set). So, if you want check hashes enabled
on your filesystems after booting a kernel with these changes, you
need to run fsck to enable them. Any newly created filesystems will
have check hashes enabled. If in doubt as to whether you have check
hashes emabled, run dumpfs and look at the list of enabled flags
at the end of the superblock details.
2018-02-08 23:06:58 +00:00
Adrian Chadd
93e98f5f14 [etherswitchcfg] print the switch MAC address if provided. 2018-02-06 08:35:09 +00:00
Alan Somers
f5b4099e6b geom: don't write stack garbage in disk labels
Most consumers of g_metadata_store were passing in partially unallocated
memory, resulting in stack garbage being written to disk labels. Fix them by
zeroing the memory first.

gvirstor repeated the same mistake, but in the kernel.

Also, glabel's label contained a fixed-size string that wasn't
initialized to zero.

PR:		222077
Reported by:	Maxim Khitrov <max@mxcrypt.com>
Reviewed by:	cem
MFC after:	3 weeks
X-MFC-With:	323314
X-MFC-With:	323338
Differential Revision:	https://reviews.freebsd.org/D14164
2018-02-04 14:49:55 +00:00
Kirk McKusick
8bd0b5ce0a Check and report error returns from sbput(3) calls.
Convert to using cgput(3) for writing cylinder groups.
Check and report error returns from cgput(3).

Submitted by: Bruce Evans <bde@freebsd.org>
2018-02-02 23:26:52 +00:00
Adrian Chadd
138952cfc7 [etherswitchcfg] add atu flush and atu dump commands.
Extend the argc/argv handling to include variable length commands (like flush all,
flush port X).
2018-02-02 22:08:35 +00:00
Mariusz Zaborski
3169840599 Use daemonfd(3) in the dhclient(8).
Reviewed by:	brooks@
Differential Revision:	https://reviews.freebsd.org/D13603
2018-02-02 18:11:56 +00:00
Kirk McKusick
26772fefc1 Use sbput(3) rather than sbwrite(3) to ensure that the updated copy of
the superblock gets written.

Reported by: Mark Johnston <markj@FreeBSD.org>
2018-02-02 00:07:38 +00:00
Mariusz Zaborski
8586c17750 Bump date after r328535.
Submitted by:	def@
2018-01-29 09:27:32 +00:00
Konrad Witaszczyk
02670b9048 Fix misspelling of encryptedcore.
PR:		223991
Submitted by:	Trond Endrestol <Trond.Endrestol@ximalas.info>
Approved by:	pjd (mentor)
2018-01-29 09:21:08 +00:00
Pedro F. Giffuni
e2d84d5adc pfctl(8): Fix two wrong conditions.
Caught by gcc80's -Wtautological-compare option.

MFC after:	5 days
Approved by:	kp
Obtained from:	DragonFlyBSD (git e3cdbf6c)
Differential Revision:	https://reviews.freebsd.org/D14083
2018-01-27 22:57:01 +00:00
Eitan Adler
7548968ac2 devd: readd virtual
- my C++ knowledge is old and rusty. re-add virtual
2018-01-26 05:03:37 +00:00
Eitan Adler
510a8c88f0 devd: minor nits
- mark usage as noreturn
- config does not need a virtual destructor
2018-01-26 04:40:41 +00:00
Kirk McKusick
dffce2150e Refactoring of reading and writing of the UFS/FFS superblock.
Specifically reading is done if ffs_sbget() and writing is done
in ffs_sbput(). These functions are exported to libufs via the
sbget() and sbput() functions which then used in the various
filesystem utilities. This work is in preparation for adding
subperblock check hashes.

No functional change intended.

Reviewed by: kib
2018-01-26 00:58:32 +00:00
Li-Wen Hsu
af89fcf725 Fix architectures where pointer and u_int have different sizes
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D14049
2018-01-25 08:36:19 +00:00
Kirk McKusick
a6bbdf81b5 More throughly integrate libufs into fsck_ffs by using its cgput()
routine to write out the cylinder groups rather than recreating the
calculation of the cylinder-group check hash in fsck_ffs.

No functional change intended.
2018-01-24 23:57:40 +00:00
Scott Long
19641ce893 Revert ABI breakage to CAM that came in with MMC/SD support in r320844.
Make it possible to retrieve mmc parameters via the XPT_GET_ADVINFO
call instead.  Convert camcontrol to the new scheme.

Reviewed by:	imp. kibab
Sponsored by:	Netflix
Differential Revision:	D13868
2018-01-19 15:32:27 +00:00
Alan Somers
6f7f85e0e1 gnop(8): add the ability to set a nop provider's physical path
While I'm here, expand the existing tests a bit.

MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D13579
2018-01-18 05:57:10 +00:00
Kirk McKusick
72f854ce8f Correct fsck journal-recovery code to update a cylinder-group
check-hash after making changes to the cylinder group. The problem
was that the journal-recovery code was calling the libufs bwrite()
function instead of the cgput() function. The cgput() function updates
the cylinder-group check-hash before writing the cylinder group.

This change required the additions of the cgget() and cgput() functions
to the libufs API to avoid a gratuitous bcopy of every cylinder group
to be read or written. These new functions have been added to the
libufs manual pages. This was the first opportunity that I have had
to use and document the use of the EDOOFUS error code.

Reviewed by: kib
Reported by: emaste and others
2018-01-17 17:58:24 +00:00
Dimitry Andric
2d3c3a5038 Fix buildworld after r328075, by also renaming cgget to cglookup in
fsdb.

Reported by:	ohartmann@walstatt.org,david@catwhisker.org
Pointy hat to:	mckusick
2018-01-17 13:19:37 +00:00
Kirk McKusick
957fc241ec Rename cgget => cglookup to clear name space for new libufs function cgget.
No functional change.
2018-01-17 06:31:21 +00:00
David Bright
469759f8e4 Exit fsck_ffs with non-zero status when file system is not repaired.
When the fsck_ffs program cannot fully repair a file system, it will
output the message PLEASE RERUN FSCK. However, it does not exit with a
non-zero status in this case (contradicting the man page claim that it
"exits with 0 on success, and >0 if an error occurs."  The fsck
rc-script (when running "fsck -y") tests the status from fsck (which
passes along the exit status from fsck_ffs) and issues a "stop_boot"
if the status fails. However, this is not effective since fsck_ffs can
return zero even on (some) errors. Effectively, it is left to a later
step in the boot process when the file systems are mounted to detect
the still-unclean file system and stop the boot.

This change modifies fsck_ffs so that when it cannot fully repair the
file system and issues the PLEASE RERUN FSCK message it also exits
with a non-zero status.

While here, the fsck_ffs man page has also been updated to document
the failing exit status codes used by fsck_ffs. Previously, only exit
status 7 was documented. Some of these exit statuses are tested for in
the fsck rc-script, so they are clearly depended upon and deserve
documentation.

Reviewed by:	mckusick, vangyzen, jilles (manpages)
MFC after:	1 week
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D13862
2018-01-15 19:25:11 +00:00
Warner Losh
3922493a21 Report CG checksum mismatches. These errors are non-fatal. The
previous behavior is preserved (the CG checksum is fixed). We're just
noisy about it now.

Reviewed by: kirk@
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D13884
2018-01-14 16:55:14 +00:00
Alan Somers
066ebd56c1 dhclient(8): add missing include
stdbool is technically needed, though we can get away without it due to
header pollution.

MFC after:	3 days
2018-01-12 04:26:40 +00:00
Scott Long
f2592b12e9 Refactor code related to 'camcontrol devlist'
Obtained from:	Netflix
2018-01-10 05:52:24 +00:00
Scott Long
c371df4f47 Implement the ability to query NVME for its controller data so that it will
be shown when issueing the 'camcontrol devlist' command.

Obtained from:	Netflix
2018-01-10 05:29:02 +00:00
Eitan Adler
d85e65cb35 ldconfig(8): use .Nm instead of 'ldconfig' 2018-01-09 06:51:41 +00:00
Eitan Adler
f0c0c1daec ldconfig(8): clarify language for files
The previous language did not make it clear that 'Files' are
the files specified above. Clarify it.

Reported by:	dana <dana@dana.is>
Reviewed by:	dana <dana@dana.is>
MFC After:	1 week
2018-01-07 05:38:53 +00:00
Warner Losh
783d8ed04e Only call close if fd and fd1 are not -1.
CID: 1384018, 1384017
2018-01-05 05:34:14 +00:00
Eitan Adler
7d3df1907a shutdown: Fix r327476 by adding init
Initialize maybe_today. While here sort.

PR:				32411
Additionally reported by:	rgrimes, ian
2018-01-02 09:02:42 +00:00
Eitan Adler
cb1101afd7 shutdown: Assume absolute time is in the future
The original bug describes it best:

When an absolute time is specified to shutdown, the program's
behavior depends on whether that time has passed during the
current calendar day.  POLA would suggest that for shutdown,
whose time argument is always supposed to be in the future,
absolute times specified without a specific date should refer
to the next occurrence of that time, rather than erroring out
if that time has already passed during the current day.

PR:		32411
Submitted by:	wollman@khavrinen.lcs.mit.edu
Submitted on:	2001-11-30 20:30:01 UTC
Reviewed by:	asmodai (at time of bug submission)
2018-01-01 22:33:57 +00:00
Bryan Venteicher
33e0d8f057 Add support for IPv6 scoped addresses to vxlan
MFC after:	2 weeks
2017-12-30 04:03:53 +00:00
Pedro F. Giffuni
02547822f3 ccdconfig: Move VCS tags to be more consistent with our style.
Update a now-bogus SPDX tag while here.
2017-12-30 00:26:42 +00:00
Pedro F. Giffuni
9a827f1751 ccdconfig: Update licensing terms to match NetBSD.
The code originated in NetBSD which has since removed Clauses 3 and 4.

Approved by:	phk (concerning his own copyright)
Obtained from:	NetBSD (CVS ccdconfig.c 1.47, ccdconfig.8 1.24)
2017-12-30 00:22:47 +00:00
Xin LI
5a8ad265c9 The fix in r327273 turns a memory leak into freeing wild pointer.
Fix this by freeing only the initialized pointer.
2017-12-29 06:22:05 +00:00
Warner Losh
5539da566e When bind fails, make sure we closed the socket we tried to bind the
address to.

CID: 978244
2017-12-28 05:34:24 +00:00
Warner Losh
cd4461513c Close fd and fd1 before returning now that we're done with them.
CID: 978234, 978236
2017-12-28 05:34:19 +00:00
Warner Losh
0bebba31d3 Plug memory leak by freeing wantedblk{32,64}.
CID: 273655, 273656
2017-12-28 05:34:08 +00:00
Warner Losh
076950009f Free path before returnig.
CID: 977827
2017-12-28 05:33:54 +00:00
Eitan Adler
837fe32558 Fix a few more speelling errors
Reviewed by:		bjk
Reviewed by:		jilles (incl formal "accept")
Differential Revision:	https://reviews.freebsd.org/D13650
2017-12-28 01:31:28 +00:00
Kirk McKusick
a770ae06ed In preparation for converting to libufs to read the superblock,
change conflicting function names:

	getino => getinode
	bread => blkread

No functional change.
2017-12-27 22:18:56 +00:00
Pedro F. Giffuni
3a7c4a1c83 ccdconfig: Update licensing terms.
The code originate in NetBSD and there are the copyright notes have been
assigned to the NetBSD Foundation. Update the files up to the point where
we started diverging.

Further relaxation of the licensing terms are possible after we
check the NetBSD updates, and contact the local authors.

In the case of ccdconfig.8 this reinstates the 3rd clause but since the
code is not directly from Berkeley, the change was bogus.

Obtained from:	NetBSD
2017-12-27 20:09:50 +00:00
Eitan Adler
9914452050 other: Fix several typos and minor errors
- duplicate words
- typos
- references to old versions of FreeBSD

Reviewed by:	imp, benno
2017-12-27 03:23:58 +00:00
Andrey V. Elsukov
c690824a91 Fix rule number truncation, use uint16_t type to specify rulenum.
PR:		224555
MFC after:	1 week
2017-12-24 01:55:12 +00:00
Pedro F. Giffuni
33d72c30f1 Revert r327005 - SPDX tags for license similar to BSD-2-Clause.
After consultation with SPDX experts and their matching guidelines[1],
the licensing doesn't exactly match the BSD-2-Clause. It yet remains to be
determined if they are equivalent or if there is a recognized license that
matches but it is safer to just revert the tags.

Let this also be a reminder that on FreeBSD, SPDX tags are only advisory
and have no legal value (but IANAL).

Pointyhat to:	pfg
Thanks to:	Rodney Grimes, Gary O'Neall

[1] https://spdx.org/spdx-license-list/matching-guidelines
2017-12-20 20:25:28 +00:00
Warner Losh
8c0fa2cc56 Flesh out the reason for the need for tmpfs a little.
Sponsored by: Netflix
2017-12-20 16:02:11 +00:00
Brad Davis
71688f3b71 Save others some forehead damange by noting that -r require tmpfs.
Reviewed by:	bapt
2017-12-20 15:21:29 +00:00
Pedro F. Giffuni
d17aef79bb SPDX: These are fundamentally BSD-2-Clause.
They just omit the introductory line and numbering.
2017-12-19 22:40:16 +00:00
Alan Somers
afe6f8358e dhclient(8): raise WARNS to 3
Mostly had to fix a lot of signed/unsigned comparison warnings

MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-12-14 15:41:32 +00:00
Alan Somers
5f28c51db6 dhclient(8): Don't shift through the sign bit of a signed int
PR:		208007
Submitted by:	Michael McConville <mmcco@mykolab.com>
MFC after:	3 weeks
2017-12-13 20:48:20 +00:00
Edward Tomasz Napierala
b8ea5b468b Tone down the description for the growfs "-y" flag.
MFC after:	2 weeks
2017-12-13 14:08:33 +00:00
Bryan Venteicher
f53d97231b Use consistent name for the vxlan VNI parameter name and provide shorthand
Submitted by:	hrs
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D2868
2017-12-07 04:55:31 +00:00
Eric Joyner
b0f3e715fa ifconfig(8): Display extended compliance code string for SFP transceivers
- Updates tables in affected files with new entries from newer spec
revisions of SFF-8472, SFF-8024, and SFF-8636

- Change ifconfig to read and display the extended compliance code for
SFP media if the extended compliance code is not 0. This was being displayed
for QSFP transceivers only, but SFP28 media uses this to report 25G
capability.

Reviewed by:	melifaro, sbruno
Sponsored by:	Intel Corporation
Differential Revision:	https://reviews.freebsd.org/D13286
2017-12-05 18:42:07 +00:00
Mark Johnston
3384cf0b45 Document gmirror sysctls.
MFC after:	2 weeks
2017-11-30 20:37:12 +00:00
Pedro F. Giffuni
64de3fdd58 SPDX: use the Beerware identifier. 2017-11-30 20:33:45 +00:00
Xin LI
aa031ef4a3 Prevent OOB access on corrupted msdos directories.
Submitted by:	Veo Zhang <veo live com>
MFC after:	2 weeks
2017-11-30 08:28:17 +00:00
Pedro F. Giffuni
1de7b4b805 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
Michael Tuexen
665c8a2ee5 Add to ipfw support for sending an SCTP packet containing an ABORT chunk.
This is similar to the TCP case. where a TCP RST segment can be sent.

There is one limitation: When sending an ABORT in response to an incoming
packet, it should be tested if there is no ABORT chunk in the received
packet. Currently, it is only checked if the first chunk is an ABORT
chunk to avoid parsing the whole packet, which could result in a DOS attack.

Thanks to Timo Voelker for helping me to test this patch.
Reviewed by: bcr@ (man page part), ae@ (generic, non-SCTP part)
Differential Revision:	https://reviews.freebsd.org/D13239
2017-11-26 18:19:01 +00:00
Konstantin Belousov
41c0f8d354 Improve sysctl(8) pretty printing of some structures.
S_vmtotal:
Use unsigned format to print unsigned memory counters from struct
vmtotal.
Remove unneeded cast, style locals declarations.

S_efi_map:
Make printing of the memory regions descriptions less MD by
using uintmax_t formats.

Noted by and discussed with:	bde
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2017-11-26 10:02:43 +00:00
Alan Somers
8d68f9d430 Print ZAC device type in "camcontrol identify" output
ZAC (Zoned-device ATA Command set) is the standard for addressing SMR
(shingled magnetic recording) devices over SATA.  Drives indicate their
support for ZAC in their IDENTIFY block. Print whether and how a drive
supports ZAC in the output of "camcontrol identify".

Reviewed by:	ken, imp
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D13171
2017-11-20 21:56:25 +00:00
Pedro F. Giffuni
8a16b7a18f General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:49:47 +00:00
Pedro F. Giffuni
df57947f08 spdx: initial adoption of licensing ID tags.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

Initially, only tag files that use BSD 4-Clause "Original" license.

RelNotes:	yes
Differential Revision:	https://reviews.freebsd.org/D13133
2017-11-18 14:26:50 +00:00