doing the MNT_RELOAD, pass in "ro" and "update"
string mount options to nmount() instead of MNT_RDONLY and MNT_UPDATE flags.
Due to the complexity of the mount parsing code especially
with respect to the root file system, passing in MNT_RDONLY and MNT_UPDATE
flags would do weird things and would cause fsck to convert the root
file system from a read-only mount to read-write.
To test:
- boot into single user mode
- show mounted file systems with: mount
- root file system should be mounted read-only
- fsck /
- show mounted file systems with: mount
- root file system should still be mounted read-only
PR: 120319
MFC after: 1 month
Reported by: yar
the limit in bytes) hard coded into both the kernel and userland.
Make both these limits a sysctl, so it is easy to change the limit.
If the userland part of ipfw finds that the sysctls don't exist,
it will just fall back to the traditional limits.
(100 packets is quite a small limit these days. If you want to test
TCP at 100Mbps, 100 packets can only accommodate a DBP of 12ms.)
Note these sysctls in the man page and warn against increasing them
without thinking first.
MFC after: 3 weeks
number read from cylinder group. Chances that we read a smarshed
cylinder group, and we can not 100% trust information it has
supplied. fsck_ffs(8) will crash otherwise for some cases.
processing the information. chk1 is more prone to crash when insane
information is provided by the on-disk inode, and does not even work
if the inode is being smarshed badly.
whether fs_bsize is larger than MINBSIZE, which is larger than the
value that is used to compared with fs_bsize, the sizeof fs, so the
check followed, will be always true.
By inspecting the code and some old commit log, I believe that the
check must be that *fs_sbsize* is larger than sizeof fs. We round
up the size to nearest dev_bsize, as the smallest accepted fs_sbsize,
personally, I think this can be even changed to equal, because this
number is mostly an invariant in file systems.
With this check, fsck_ffs(8) will be more picky and has better
chance rejecting bad first superblock rather than referring to bad
value it supplied, thus gives better chance for it to check the
filesystem carefully.
table 'values' as IP addresses, use an explicit argument (-i).
This is a 'POLA' issue. This is a low risk change and should be MFC'd
to RELENG_6 and RELENG 7. it might be put as an errata item for 6.3.
(not sure about 6.2).
Fix suggested by: Eugene Grosbein
PR: 120720
MFC After: 3 days
NFS root r/w.
The real solution would be to bring the whole nmount(2)
framework, including FS drivers and userland tools, into
a consistent state at last; but things should work in the
meantime, too.
Reported by: kris
historical relic, and are no longer appropriate for either LAN or WAN
mounting. At modern (gigabit and 10 gigabit) LAN speeds packet loss
from socket buffer fill events is common, and sequence numbers wrap
quickly enough that data corruption is possible. TCP solves both of
these problems without imposing significant overhead.
MFC after: 1 month
Add a MULTIPLE INSTANCES section which provides an example of
setting up natd in multi-instance mode (based on the notes.natd
file from phk@).
Submitted by: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Reviewed by: ru
process parallel checks in the same way as fsck, since fsck supports
pass numbers other than 0, 1 or 2. Without this, quotacheck would
ignore file systems with pass numbers > 2.
The -l (maxrun) option is now deprecated and can be tuned with pass
numbers in /etc/fstab if needed.
exposing them to all consumers of ip_fw.h. These structures are
used in both ipfw(8) and ipfw(4), but not part of the user<->kernel
interface for other applications to use, rather, shared
implementation.
MFC after: 3 days
Reported by: Paul Vixie <paul at vix dot com>
on a filesystem if the quota data files reside on a different
filesystem (e.g. the userquota=/somepath,groupquota=/somepath2
options are specified in /etc/fstab to place the quota files
somewhere other than the default location).
Fix quotacheck to only skip accounting if the quota data file
actually resides on the filesystem being checked.
rather than the memcmp() which is used for regular dumps: the
textdump string is one character shorter, so we need to stop
comparing at the end of the string.
Use independent version checking logic for architecture-specific
version number vs. textdump version number, as the version sequences
may (someday) differ.
Run into by: rrs
managed from userspace. It is largely a wrapper for sysctl()
calls, but because the sysctls for adding and removing scripts
are awkward to use directly, this provides an easier-to-use
interface.
MFC after: 3 months
Implement -E option which will erase the filesystem sectors before
making the new filesystem. Reserved space in front of the superblock
(bootcode) is not erased.
NB: Erasing can take as long time as writing every sector sequentially.
This is relevant for all flash based disks which use wearlevelling.
section (if nothing had been specified, or if the auto type had
been specified, a default layout is used).
PR: docs/116047
Submitted by: Ian Smith <smithi at nimnet dot asn dot au>
Minor modifications by me.
return -1 on error while any other return value from it can
indicate success. (See RETURN VALUE in our ioctl(2) manpage
and the POSIX spec.)
- Avoid assumptions about the state of the data buffer after
ioctl(2) failure.
Add a new option to newfs(8), -r, to specify reserved space at the
end of the device. It can be useful, e.g., when the device is to
become a member of a gmirror array later w/o losing the file system
on it.
Document the new option in the manpage.
While I'm here, improve error handling for -s option, which is
syntactically similar to -r; and document the fact that -s0 selects
the default fs size explicitly, which can be useful, e.g., in a
menu-based wrapper around newfs(8) requiring some value be entered
for the fs size.
Also fix a small typo in the help line for -s (missing space).
Idea and initial implementation by: marck
Discussed on: -fs
Critical review by: bde
Tested with: cmp(1)
- refer to the dummynet(4) man page only once, later use rather
the .Nm macro.
- use .Va macro when refering to the sysctl variables
- grammar and markup fixes
Reviewed by: keramida, trhodes, ru (roughly)
MFC-after: 1 week
If it is set to zero value (default) dummynet module will try to emulate
real link as close as possible (bandwidth & latency): packet will not leave
pipe faster than it should be on real link with given bandwidth.
(This is original behaviour of dummynet which was altered in previous commit)
If it is set to non-zero value only bandwidth is enforced: packet's latency
can be lower comparing to real link with given bandwidth.
- Document recently introduced dummynet(4) sysctl variables.
Requested by: luigi, julian
MFC after: 3 month
with ACCESSPERMS. Document in mount_ntfs(8) only the nine
low-order bits of mask are used (taken from mount_msdosfs(8)).
PR: kern/114856
Submitted by: Ighighi
MFC after: 1 month
interface. Once the limit is reached packets with unknown source addresses are
dropped until an existing host cache entry expires or is removed. Useful to
use with the STICKY cache option.
Sponsored by: miniSuperHappyDevHouse NZ
a valid PMBR. Without this fix, if label a disk with a GPT, then relabel
it with an MBR the GPT tables are still present. If you then try to create
a GPT with 'gpt create', gpt(8) will fail to open the device because the
partitions in the stale GPT overlap with the slices in the MBR.
MFC after: 1 week
disk devices have to consist of a block of sectors. Thus, when writing
gptboot to the boot partition, round the size of the gptboot file up to a
sector boundary, pre-zero it, and write out the full buffer to disk.
command would add incorrect routing entries if network numbers weren't
fully "spelled" out according to their class. For example:
# route add 128.0/16 (works)
# route add 128/16 (doesn't work)
# route add 193.0.0/24 (works)
# route add 193/24 (doesn't work)
Also, rework the way a netmask is deduced from network number if
it [netmask] is not specified.
Submitted by: Nuno Antunes <nuno.antunes@gmail.com> (mostly)
MFC after: 1 week
on i386 and amd64 machines. The overall process is that /boot/pmbr lives
in the PMBR (similar to /boot/mbr for MBR disks) and is responsible for
locating and loading /boot/gptboot. /boot/gptboot is similar to /boot/boot
except that it groks GPT rather than MBR + bsdlabel. Unlike /boot/boot,
/boot/gptboot lives in its own dedicated GPT partition with a new
"FreeBSD boot" type. This partition does not have a fixed size in that
/boot/pmbr will load the entire partition into the lower 640k. However,
it is limited in that it can only be 545k. That's still a lot better than
the current 7.5k limit for boot2 on MBR. gptboot mostly acts just like
boot2 in that it reads /boot.config and loads up /boot/loader. Some more
details:
- Include uuid_equal() and uuid_is_nil() in libstand.
- Add a new 'boot' command to gpt(8) which makes a GPT disk bootable using
/boot/pmbr and /boot/gptboot. Note that the disk must have some free
space for the boot partition.
- This required exposing the backend of the 'add' function as a
gpt_add_part() function to the rest of gpt(8). 'boot' uses this to
create a boot partition if needed.
- Don't cripple cgbase() in the UFS boot code for /boot/gptboot so that
it can handle a filesystem > 1.5 TB.
- /boot/gptboot has a simple loader (gptldr) that doesn't do any I/O
unlike boot1 since /boot/pmbr loads all of gptboot up front. The
C portion of gptboot (gptboot.c) has been repocopied from boot2.c.
The primary changes are to parse the GPT to find a root filesystem
and to use 64-bit disk addresses. Currently gptboot assumes that the
first UFS partition on the disk is the / filesystem, but this algorithm
will likely be improved in the future.
- Teach the biosdisk driver in /boot/loader to understand GPT tables.
GPT partitions are identified as 'disk0pX:' (e.g. disk0p2:) which is
similar to the /dev names the kernel uses (e.g. /dev/ad0p2).
- Add a new "freebsd-boot" alias to g_part() for the new boot UUID.
MFC after: 1 month
Discussed with: marcel (some things might still change, but am committing
what I have so far)
for kldstat(2).
This allows libdtrace to determine the exact file from which
a kernel module was loaded without having to guess.
The kldstat(2) API is versioned with the size of the
kld_file_stat structure, so this change creates version 2.
Add the pathname to the verbose output of kldstat(8) too.
MFC: 3 days
(it is established practice) and ``-o whiteout=whenneeded'' is less
disk-space using mode especially for resource restricted environments
like embedded environments. (Contributed by Ed Schouten. Thanks)
Submitted by: Masanori Ozawa <ozawa@ongs.co.jp> (unionfs developer)
Reviewed by: jeff, kensmith
Approved by: re (kensmith)
MFC after: 1 week
This commit includes the following core components:
* sample configuration file for sensorsd
* rc(8) script and glue code for sensorsd(8)
* sysctl(3) doc fixes for CTL_HW tree
* sysctl(3) documentation for hardware sensors
* sysctl(8) documentation for hardware sensors
* support for the sensor structure for sysctl(8)
* rc.conf(5) documentation for starting sensorsd(8)
* sensor_attach(9) et al documentation
* /sys/kern/kern_sensors.c
o sensor_attach(9) API for drivers to register ksensors
o sensor_task_register(9) API for the update task
o sysctl(3) glue code
o hw.sensors shadow tree for sysctl(8) internal magic
* <sys/sensors.h>
* HW_SENSORS definition for <sys/sysctl.h>
* sensors display for systat(1), including documentation
* sensorsd(8) and all applicable documentation
The userland part of the framework is entirely source-code
compatible with OpenBSD 4.1, 4.2 and -current as of today.
All sensor readings can be viewed with `sysctl hw.sensors`,
monitored in semi-realtime with `systat -sensors` and also
logged with `sensorsd`.
Submitted by: Constantine A. Murenin <cnst@FreeBSD.org>
Sponsored by: Google Summer of Code 2007 (GSoC2007/cnst-sensors)
Mentored by: syrinx
Tested by: many
OKed by: kensmith
Obtained from: OpenBSD (parts)
it would return true on a partial match where it would think the edsc module
was already present by having a positive match on 'ed'. This changes it so
that it compares the full string including the nul terminators.
This also fixes a buffer overflow in the ifkind variable where the length of
the interface name in *argv wasnt checked for size.
Reviewed by: brooks
Approved by: re (gnn)
the threading libraries is built. This simplifies the
logic in makefiles that need to check if the pthreads
support is present. It also fixes a bug where we would
build a threading library that we shouldn't have built:
for example, building with WITHOUT_LIBTHR and the default
value of DEFAULT_THREADING_LIB (libthr) would mistakenly
build the libthr library, but not install it.
Approved by: re (kensmith)
$ ipfw -n add 1 allow layer2 not mac-type ip
00001 allow ip from any to any layer2 not not mac-type 0x0800
PR: bin/115372
Submitted by: Andrey V. Elsukov
Approved by: re (hrs)
MFC after: 3 weeks
providers with limited physical storage and add physical storage as
needed.
Submitted by: Ivan Voras
Sponsored by: Google Summer of Code 2006
Approved by: re (kensmith)
This allows to use numbers in human-readable form in many geom(8)
utilities. Such a simple change and makes live so much nicer.
Some examples:
gstripe label -s 16k
gmirror label -s 4k
gnop create -o 1g -s 128m -S 2k
gjournal label -s 2g
geli label -i 128k -s 4k
Approved by: re (kensmith)
declaring the return value used by the routines in preen.c as a pointer
type, instead of "int", which was causing the pointer to be truncated.
Tested by: marck
Approved by: re (bmah)
will automatically issue the 16 byte verison of read capacity if the device
in question is larger than 2TB.
There are also a number of output options here (last block, number of
blocks, human readable) that should meet most needs, and also aid in
scripting.
Approved by: re (bmah)
MFC after: 1 week
pack a set number correctly.
Submitted by: oleg
o Plug a memory leak.
Submitted by: oleg and Andrey V. Elsukov
Approved by: re (kensmith)
MFC after: 1 week
detailed status on each of the backing subdisks. This allows userland
to see which subdisks are online, failed, missing, or a hot spare.
MFC after: 1 week
Approved by: re (bmah)
Reviewed by: sos
read-only, so we can't simply exit right after calling gjournal_check(),
instead we need to ask about super block reload.
Submitted by: Niki Denev <niki@totalterror.net>
PR: misc/113889
Approved by: re (kensmith)
Also rename the related functions in a similar way.
There are no functional changes.
For a packet coming in with IPsec tunnel mode, the default is
to only call into the firewall with the "outer" IP header and
payload.
With this option turned on, in addition to the "outer" parts,
the "inner" IP header and payload are passed to the
firewall too when going through ip_input() the second time.
The option was never only related to a gif(4) tunnel within
an IPsec tunnel and thus the name was very misleading.
Discussed at: BSDCan 2007
Best new name suggested by: rwatson
Reviewed by: rwatson
Approved by: re (bmah)
communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the
same way as using firewall rules but scales better and is generally easier as
firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans
bridged with a server network. All the vlans are marked private, they can all
communicate with the server network unhindered, but can not exchange any
traffic whatsoever with each other.
Approved by: re (rwatson)
included man pages on how to use it. This code is still somewhat experimental
but has been successfully tested on a number of targets. Many thanks to
Danny for contributing this.
Approved by: re
NET_NEEDS_GIANT, which will shortly be removed. This is done in a
away that it may be easily reattached to the build before 7.1 if
appropriate locking is added. Specifics:
- Don't install netatm include files
- Disconnect netatm command line management tools
- Don't build libatm
- Don't include ATM parts in rescue or sysinstall
- Don't install sample configuration files and documents
- Don't build kernel support as a module or in NOTES
- Don't build netgraph wrapper nodes for netatm
This removes the last remaining consumer of NET_NEEDS_GIANT.
Reviewed by: harti
Discussed with: bz, bms
Approved by: re (kensmith)
This was needed during the IPSEC->FAST_IPSEC->IPSEC transition
period to not break the build after picking up netipsec header
files. Now that the FAST_IPSEC kernel option is gone and the
default is IPSEC again those defines are superfluous.
Approved by: re (rwatson)
- to show a specific set: ipfw set 3 show
- to delete rules from the set: ipfw set 9 delete 100 200 300
- to flush the set: ipfw set 4 flush
- to reset rules counters in the set: ipfw set 1 zero
PR: kern/113388
Submitted by: Andrey V. Elsukov
Approved by: re (kensmith)
MFC after: 6 weeks
removed, which will cause problems on architectures where
longs are longer than ints, for instance,
"mknod foo c 0 0xffff00ff"
would fail in such cases.
Use a proper cast instead.
Prompted by: bde
bridged, previously legitimate traffic was not passed as the bridge could not
tell that it was on a different Ethernet segment.
All non-tagged traffic is treated as vlan1 as per IEEE 802.1Q-2003
previous commit:
Remove IPX over IP tunneling support, which allows IPX routing over IP
tunnels, and was not MPSAFE. The code can be easily restored in the
event that someone with an IPX over IP tunnel configuration can work
with me to test patches.
This removes one of five remaining consumers of NET_NEEDS_GIANT.
Approved by: re (kensmith)
Spotted by: Artem Naluzhny <tutat nhamon dot com dot ua>
It only provides inet_aton(), which is already provided by the libc. This
causes multiple symbol definitions when linking statically.
Reviewed by: darrenr
a warning, return 1 instead of 0 to indicate that we didn't print
anything, so that top-level callers don't print a spurious newline.
This is mainly to fix output formatting when stderr is redirected. It
also helps in some cases when stderr is interleaved with stdout,
depending on the details of the interleaving (this program has the
usual null explicit support for syncing stderr with stdout).
Return 1 instead of -1 after printing the "malloc failed" warning, since
the return value is boolean.
o revised channel handling support; ifconfig now queries the kernel to
find the list of available channels and handles channel promotion;
channel attributes can be specified as part of the channel; e.g. 36:a
for channel 36 in 11a (as opposed to turbo A or HT A)
o use channel list to map between freq and IEEE channel #; this eliminates
all knowledge of how the mapping is done and fixes handling of cases
where channels overlap in the IEEE channel # space but are distinct in
the frequency+attributes space (e.g. PSB)
o add new knobs: bgscan, ff (Atheors fast frames), dturbo (Atheros
Dynamic Turbo mode), bgscanidle, bgscanintvl, scanvalid, roam:rssi11a,
roam:rssi11b, roam:rssi11g, roam:rate11a, roam:rate11b, roam:rate11g
(roaming parameters), burst, doth (forthcoming 11h support)
o print contents of WME, ATH, WPA, RSN, information elements with -v option
o print signal strength in dBm
o print noise floor in dBm
o add list txpow to print tx power caps/channel
o change default channel display in status to be more informative
value into a variable of the right type and then printing it via
an intmax_t. This makes avoids some duplication and makes it easy
to add a new integer format Q for printing things of type CTLTYPE_QUAD.
correct place on large sector disks. The boot signature should be at
offset 0x1fe in the BPB; newfs_msdos currently stores it 2 bytes from
the end of the sector.
Taken from: NetBSD
previous commit and that introduced optional parameters.
Existing classes (like geli(8)) use empty strings by default
and expect the parameter to be passed to the kernel as such.
Also, the default value of a string argument can be NULL.
Fix both cases by making the optional parameter conditional
upon gc_argname being set and making sure to test for NULL
before dereferencing the pointer.
Reported by: brueffer@
In order to support gpart(8), geom(8) needs to support a named
argument. Also, optional string parameters are a requirement.
Both have been added to the infrastructure. The former required
all existing classes to be adjusted.
specifying rotational-positions, reflect that in the command arguments.
PR: bin/110178
Submitted by: Alex Kozlov <spam at rm-rf dot kiev dot ua>
Approved by: imp (mentor)
Before:
$ ipfw -n add 100 count icmp from any to any mac-type 0x01
00100 count icmp 0x0001
$ ipfw -n add 100 count icmp from any to any mac any any
00100 count icmp MAC any any any
After:
$ ipfw -n add 100 count icmp from any to any mac-type 0x01
00100 count icmp from any to any mac-type 0x0001
$ ipfw -n add 100 count icmp from any to any mac any any
00100 count icmp from any to any MAC any any
PR: bin/112244
Submitted by: Andrey V. Elsukov
MFC after: 1 month
Rationale:
We are interested in the current (last) element of the argv array
there, not in its first element. The if construct is there because
we want to avoid adding empty (zero-length) arguments to argv, so
we just don't advance argvp if the current argument is empty, and
it gets overwritten at the next iteration. Note that strsep(3)
doesn't treat consecutive delim characters as a single separator,
it returns empty fields between such characters, and it's up to the
caller to handle them this or that way.
Also add a comment that the argv array ends up null-terminated in
any case (it's due to the design of the for loop) as an answer to
a possible question why the whole argv isn't zero-filled.
Submitted by: yongari
Tested by: yongari
MFC after: 3 days