Commit Graph

3328 Commits

Author SHA1 Message Date
Peter Wemm
4db5660477 Bandaid for mount_nfs segfaulting with the more obscure mount options
in /etc/fstab.  This isn't a real fix though and I'm still not sure
why it started failing.  mount(8) breaks up the nfs args into seperate
repeated '-o option=value' arguments.  But, the altflags variable that
we use to track things is incrementally built up each time we see the
next option and shows us the cumulative set of flags, not just the
flag that we are currently looking at.  As a result, the strstr hack
for looking up flags in a giant -o opt=val,opt=val, etc string was failing
and causing a segfault.  I do not know what changed recently that caused
this to suddenly break, but the code has been rather bogus for some time.
2002-09-06 19:59:29 +00:00
Matthew N. Dodd
f9cecca2d4 Add 'camcontrol load' as a complement to 'camcontrol eject'.
Approved by:	 ken
MFC after:	 4 weeks
2002-09-06 18:16:26 +00:00
Bruce Evans
23d8e0317a Removed vestiges of the -a and -d options.
Fixed other bugs in the usage message so that it matches the man page.
2002-09-06 13:16:24 +00:00
Poul-Henning Kamp
a9098c8910 Remove the -a maxcontig option, the kernel doesn't inspect fs_maxcontig
anymore.

Sponsored by:	DARPA & NAI Labs.
2002-09-06 07:59:10 +00:00
Tom Rhodes
5e152c7934 use 'file system superblock' for the error message. This will match other
disk utilities.

Discussed with:		bde
2002-08-31 21:34:54 +00:00
Giorgos Keramidas
b504cef7c5 Mention that fdisk(8) should be used to grow the containing slice
before growing partitions with growfs(8), if necessary.

PR:		docs/42148
Submitted by:	Chris S.J. Peron <maneo@bsdpro.com>
2002-08-29 08:12:09 +00:00
Ian Dowse
9c1b8868dc Add the -A flag to the usage line.
Submitted by:	Yutaka KAWASE <yutaka@mailhost.net>
MFC after:	3 days
2002-08-27 08:09:37 +00:00
Tom Rhodes
5af4935a22 Fix some 'SYNOPSIS' and 'usage' messages. 2002-08-27 00:49:27 +00:00
Tom Rhodes
277ffe6e6c Fix Synopsis 2002-08-26 18:16:39 +00:00
Ian Dowse
fd0b613a7b Unbreak the -c option by not using connect(2) for mount_nfs's
communication with the remote NFS server if this flag is specified.

PR:		bin/42003
Submitted by:	Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-08-26 13:08:23 +00:00
Tom Rhodes
a48ea64073 Print a more realistic usage message 'special_device' 'inode_number'. This
matches the synopsis given in the manual page.

MFC after:	3 days
2002-08-26 03:56:23 +00:00
Philippe Charnier
7fed38d0a0 Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:10:45 +00:00
Crist J. Clark
0b3a80af0d Check if a host argument is a IPv6 presentation format address before
going to gethostbyname2(3).

PR:		bin/31632
MFC after:	3 days
2002-08-25 05:44:13 +00:00
Peter Wemm
6bc11ae00c Make this compile without needing NO_WERROR. 2002-08-25 02:51:13 +00:00
Warner Losh
0b0fe61dfb Use '0' instead of NULL when we mean the integer constant 0 and not a
"null pointer expression".
2002-08-21 18:52:32 +00:00
Tom Rhodes
ce66ddb763 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
Warner Losh
9d010543f4 Don't use NULL where you really mean 0 to sysctlbyname. 2002-08-21 15:15:15 +00:00
Luigi Rizzo
f0ac20f7d2 Whoops, the manpage lied... ipfw2 has always accepted addr:mask
specifications.
2002-08-21 05:57:41 +00:00
Johan Karlsson
72abe188fb Take care of WARNS=3 warnings by using unsigned/signed variable
as needed.

Approved by:	ken, sheldonh (mentor)
2002-08-20 20:54:03 +00:00
Maxim Sobolev
ffb079be0c Implement user-setable promiscuous mode (a new `promisc' flag for ifconfig(8)).
Also, for all interfaces in this mode pass all ethernet frames to upper layer,
even those not addressed to our own MAC, which allows packets encapsulated
in those frames be processed with packet filters (ipfw(8) et al).

Emphatically requested by:	Anton Turygin <pa3op@ukr-link.net>
Valuable suggestions by:	fenner
2002-08-19 15:16:38 +00:00
Luigi Rizzo
5a155b405e One more (hopefully the last one) step in cleaning up the syntax,
following Julian's good suggestion: since you can specify any match
pattern as an option, rules now have the following format:

	[<proto> from <src> to <dst>] [options]

i.e. the first part is now entirely optional (and left there just
for compatibility with ipfw1 rulesets).

Add a "-c" flag to show/list rules in the compact form
(i.e. without the "ip from any to any" part) when possible.
The default is to include it so that scripts processing ipfw's
canonical output will still work.
Note that as part of this cleanup (and to remove ambiguity), MAC
fields now can only be specified in the options part.

Update the manpage to reflect the syntax.

Clarify the behaviour when a match is attempted on fields which
are not present in the packet, e.g. port numbers on non TCP/UDP
packets, and the "not" operator is specified. E.g.

	ipfw add allow not src-port 80

will match also ICMP packets because they do not have port numbers, so
"src-port 80" will fail and "not src-port 80" will succeed. For such
cases it is advised to insert further options to prevent undesired results
(e.g. in the case above, "ipfw add allow proto tcp not src-port 80").

We definitely need to rewrite the parser using lex and yacc!
2002-08-19 12:36:54 +00:00
Maxim Sobolev
3471c917ec Fix last-minute typo which breaks the world.
Submitted by:	many
2002-08-19 08:59:20 +00:00
Luigi Rizzo
e706181ba6 Major cleanup of the parser and printing routines in an attempt to
render the syntax less ambiguous.

Now rules can be in one of these two forms

	<action> <protocol> from <src> to <dst> [options]
	<action> MAC dst-mac src-mac mac-type [options]

however you can now specify MAC and IP header fields as options e.g.

	ipfw add allow all from any to any mac-type arp
	ipfw add allow all from any to any { dst-ip me or src-ip me }

which makes complex expressions a lot easier to write and parse.
The "all from any to any" part is there just for backward compatibility.

Manpage updated accordingly.
2002-08-19 04:52:15 +00:00
Johan Karlsson
0319a6a43b Remove unused variable. camcontrol is now WARNS=2 clean on i386.
Approved by: 	ken, sheldonh (mentor)
2002-08-18 21:46:32 +00:00
John Polstra
92fd901869 Clarify the explanation of the behavior for setuid programs by
noting that the restrictions do not apply if the user invoking the
program is also the owner of the program.

Also, capitalize a section header properly.

PR:		misc/41180
2002-08-18 18:11:38 +00:00
Bruce Evans
7309e024bf Include <nlist.h> for nlist interfaces instead of depending on namespace
pollution in <kvm.h>.
2002-08-18 17:57:08 +00:00
Maxim Sobolev
62f7648682 Increase size of ifnet.if_flags from 16 bits (short) to 32 bits (int). To avoid
breaking application ABI use unused ifreq.ifru_flags[1] for upper 16 bits in
SIOCSIFFLAGS and SIOCGIFFLAGS ioctl's.

Reviewed by:	-hackers, -net
2002-08-18 07:05:00 +00:00
Bosko Milekic
b35e69503a Fix more breakage due to FSTYPENAMES/DKTYPENAMES split.
Also submitted by: David Wolfskill <david@catwhisker.org>
2002-08-16 16:08:36 +00:00
Luigi Rizzo
654399a477 Complete list of differences between ipfw1 and ipfw2. 2002-08-16 14:27:22 +00:00
Luigi Rizzo
99e5e64504 sys/netinet/ip_fw2.c:
Implement the M_SKIP_FIREWALL bit in m_flags to avoid loops
    for firewall-generated packets (the constant has to go in sys/mbuf.h).

    Better comments on keepalive generation, and enforce dyn_rst_lifetime
    and dyn_fin_lifetime to be less than dyn_keepalive_period.

    Enforce limits (up to 64k) on the number of dynamic buckets, and
    retry allocation with smaller sizes.

    Raise default number of dynamic rules to 4096.

    Improved handling of set of rules -- now you can atomically
    enable/disable multiple sets, move rules from one set to another,
    and swap sets.

sbin/ipfw/ipfw2.c:

    userland support for "noerror" pipe attribute.

    userland support for sets of rules.

    minor improvements on rule parsing and printing.

sbin/ipfw/ipfw.8:

    more documentation on ipfw2 extensions, differences from ipfw1
    (so we can use the same manpage for both), stateful rules,
    and some additional examples.
    Feedback and more examples needed here.
2002-08-16 10:31:47 +00:00
Alfred Perlstein
ef6fc683c6 No need to include sys/time.h, this unbreaks a c89 warning about long long
constants as well.
2002-08-16 08:19:15 +00:00
Alfred Perlstein
b42db77473 Don't '#define DKTYPENAMES', we don't use the variable it exposes from
the header file.
2002-08-16 07:34:19 +00:00
Maxime Henrion
eddb9a0d78 Don't depend on namespace pollution in sys/mount.h and
include sys/uio.h.
2002-08-13 16:07:39 +00:00
Ruslan Ermilov
a654c53e16 mdoc(7) police: Removed redundant .Ns calls. 2002-08-13 16:07:28 +00:00
Ruslan Ermilov
e091d0c2ac can not -> cannot. 2002-08-13 14:10:36 +00:00
Ruslan Ermilov
3c5bd3e3ca mdoc(7) police: laundry. 2002-08-13 13:31:54 +00:00
Ruslan Ermilov
3e40554f06 mdoc(7) police: Consistently name options' arguments in the SYNOPSIS and DESCRIPTION sections.. 2002-08-13 13:13:20 +00:00
Ruslan Ermilov
aa7998d4a1 mdoc(7) police: canonize FreeBSD in e-mail address. 2002-08-13 12:07:40 +00:00
Ruslan Ermilov
9acd9d0118 mdoc(7) police: missing markup bits. 2002-08-13 12:03:35 +00:00
Ruslan Ermilov
a61d9c47fe mdoc(7) police: KAMEism in rev. 1.56, nits in rev. 1.58. 2002-08-13 11:51:03 +00:00
Ruslan Ermilov
3ef61a2086 mdoc(7) police: Use the .Ud macro. 2002-08-13 11:47:56 +00:00
Ruslan Ermilov
80c9c8be99 Improve wording even more. 2002-08-13 11:39:38 +00:00
Ruslan Ermilov
1eee97b7bd mdoc(7) police: kill hard sentence break. 2002-08-13 11:29:42 +00:00
Warner Losh
d8f2e345b9 Warn that hex keys are the most portable.
Submitted by: Gregory Bond <gnb@itga.com.au>
Pr: 40872
2002-08-12 06:59:04 +00:00
Juli Mallett
60b9ade019 Simplify some things to use libufs-provided functionality here, such as the
version of UFS on a disk, and bread() instead of other types of idiocy.

Obtained from:	jmallett_libufs Perforce branch.
2002-08-11 15:38:51 +00:00
Maxime Henrion
5abe205798 Update manpage to match the code, we don't use
vfsload() here anymore.
2002-08-11 15:18:41 +00:00
Maxime Henrion
26fbf78be1 Update the manpage to match the code. The mount utilities
now don't try to load the filesystem module, the kernel takes
care of this.
2002-08-11 15:17:01 +00:00
Maxime Henrion
3dc4256892 The kldload() system call doesn't return 0 when it succeeded,
so compare the return value against -1 to see if it failed
instead of simply doing if (kldload("nfs")).
2002-08-11 11:32:02 +00:00
Maxime Henrion
5965373e69 - Introduce a new struct xvfsconf, the userland version of struct vfsconf.
- Make getvfsbyname() take a struct xvfsconf *.
- Convert several consumers of getvfsbyname() to use struct xvfsconf.
- Correct the getvfsbyname.3 manpage.
- Create a new vfs.conflist sysctl to dump all the struct xvfsconf in the
  kernel, and rewrite getvfsbyname() to use this instead of the weird
  existing API.
- Convert some {set,get,end}vfsent() consumers to use the new vfs.conflist
  sysctl.
- Convert a vfsload() call in nfsiod.c to kldload() and remove the useless
  vfsisloadable() and endvfsent() calls.
- Add a warning printf() in vfs_sysctl() to tell people they are using
  an old userland.

After these changes, it's possible to modify struct vfsconf without
breaking the binary compatibility.  Please note that these changes don't
break this compatibility either.

When bp will have updated mount_smbfs(8) with the patch I sent him, there
will be no more consumers of the {set,get,end}vfsent(), vfsisloadable()
and vfsload() API, and I will promptly delete it.
2002-08-10 20:19:04 +00:00
Luigi Rizzo
8ed2d7497b Fix one parsing bug introduced by last commit, and correct parsing
and printing of or-blocks in address, ports and options lists.
2002-08-10 15:10:15 +00:00
Luigi Rizzo
ac4ed01f56 Major revision of the ipfw manpage, trying to make it up-to-date
with ipfw2 extensions and give examples of use of the new features.

This is just a preliminary commit, where i simply added the basic
syntax for the extensions, and clean up the page (e.g. by listing
things in alphabetical rather than random order).
I would appreciate feedback and possible corrections/extensions
by interested parties.

Still missing are a more detailed description of stateful rules
(with keepalives), interaction with of stateful rules and natd (don't do
that!), examples of use with the recently introduced rule sets.

There is an issue related to the MFC: RELENG_4 still has ipfw as a
default, and ipfw2 is optional. We have two options here: MFC this
page as ipfw(8) adding a large number of "SORRY NOT IN IPFW" notes,
or create a new ipfw2(8) manpage just for -stable users.  I am all
for the first approach, but of course am listening to your comments.
2002-08-10 15:04:40 +00:00
Luigi Rizzo
43405724ec One bugfix and one new feature.
The bugfix (ipfw2.c) makes the handling of port numbers with
a dash in the name, e.g. ftp-data, consistent with old ipfw:
use \\ before the - to consider it as part of the name and not
a range separator.

The new feature (all this description will go in the manpage):

each rule now belongs to one of 32 different sets, which can
be optionally specified in the following form:

	ipfw add 100 set 23 allow ip from any to any

If "set N" is not specified, the rule belongs to set 0.

Individual sets can be disabled, enabled, and deleted with the commands:

	ipfw disable set N
	ipfw enable set N
	ipfw delete set N

Enabling/disabling of a set is atomic. Rules belonging to a disabled
set are skipped during packet matching, and they are not listed
unless you use the '-S' flag in the show/list commands.
Note that dynamic rules, once created, are always active until
they expire or their parent rule is deleted.
Set 31 is reserved for the default rule and cannot be disabled.

All sets are enabled by default. The enable/disable status of the sets
can be shown with the command

	ipfw show sets

Hopefully, this feature will make life easier to those who want to
have atomic ruleset addition/deletion/tests. Examples:

To add a set of rules atomically:

	ipfw disable set 18
	ipfw add ... set 18 ...		# repeat as needed
	ipfw enable set 18

To delete a set of rules atomically

	ipfw disable set 18
	ipfw delete set 18
	ipfw enable set 18

To test a ruleset and disable it and regain control if something
goes wrong:

	ipfw disable set 18
	ipfw add ... set 18 ...         # repeat as needed
	ipfw enable set 18 ; echo "done "; sleep 30 && ipfw disable set 18

    here if everything goes well, you press control-C before
    the "sleep" terminates, and your ruleset will be left
    active. Otherwise, e.g. if you cannot access your box,
    the ruleset will be disabled after the sleep terminates.

I think there is only one more thing that one might want, namely
a command to assign all rules in set X to set Y, so one can
test a ruleset using the above mechanisms, and once it is
considered acceptable, make it part of an existing ruleset.
2002-08-10 04:37:32 +00:00
Peter Wemm
11bad678c6 Fix the broken "avoid unaligned data" fix. The problem is that the builtin
gcc memcpy "knows" about types that are supposed to be actually already
aligned and triggers alignment errors doing the memcpy itself.
"Fix" this by changing it to a bcopy().  In this case, we had:
  struct timeval *tp;
  struct timeval tv1;
  memcpy(&tv1,tp,sizeof(tv1));
.. and since gcc *knows* that a pointer to a timeval is longword aligned
and that tv1 is longword aligned, then it can use an inline that assumes
alignment.  The following works too:
  cp = (char *)tp;
  memcpy(&tv1,cp,sizeof(tv1));
Simply casting (char *)tp  for the memcpy doesn't work. :-(
This affected different 64 bit platforms in different ways and depends
a lot on gcc as well.  I've seen this on alpha and ia64 at least, although
alpha isn't doing it right now.
2002-08-10 03:00:55 +00:00
Poul-Henning Kamp
563b79eff4 Fixup preen.c to match its new residence.
The blockcheck() function is still pulled from fsck_ffs, it probably should
live in libufs.
2002-08-09 16:25:32 +00:00
Poul-Henning Kamp
9b32d51a51 preen.c was a stragler after the fsck/fsck_ffs divorce.
fsck_ffs did not need it, but quotacheck did include it from fsck_ffs.

A repocopy has now moved the fsck_ffs/preen.c file to quotacheck/preen.c

quotacheck and fsck should probably use the same checkfstab() function
and it should possibly live in libufs.

Trouble is: they have diverged in the meantime.

At least now fsck_ffs is not in the equation anymore.

Sponsored by:	DARPA & NAI Labs.
2002-08-09 14:41:37 +00:00
Semen Ustimenko
7ed000f774 Fix -o ac(reg|dir)(min|max) options. The appropriate flags weren't
translated from ALTF_* to NFSMNT_* thus these options weren't accepted
by kernel.

PR:		bin/30334
MFC after:	1 week
2002-08-06 20:26:30 +00:00
Luigi Rizzo
b985a624a3 Fix generation of check-state rules, which i broke in last commit. 2002-08-04 05:16:19 +00:00
Maxime Henrion
c005cd89e1 Small diffs that p4 didn't catch when I extracted
the diffs from my branch.
2002-08-03 17:06:51 +00:00
Maxime Henrion
7b333193e0 This should have been committed too, I have no idea
why p4 didn't gave me this diff too.
2002-08-03 17:05:14 +00:00
Maxime Henrion
1f083b1e3d I should have committed this ages ago...
Convert init(8) to use nmount() instead of mount() when
it has to mount devfs.  This doesn't happen normally,
since the kernel is supposed to mount devfs itself.
2002-08-03 16:21:33 +00:00
Maxime Henrion
526ba6d32b Now that the kernel is able to load modules itself,
remove all the code which was trying to do so.
This code was nasty in several ways, it was hiding
the kernel bug where the kernel was unable to properly
load a module, and it was quitting if it wasn't able
to load the module.  The consequence is that an ABI
breakage of the vfsconf API would have broken *every*
mount utility.
2002-08-03 16:03:21 +00:00
Robert Watson
ba0fbe9637 Introduce support for Mandatory Access Control and extensible
kernel access control.

Teach mount(8) to understand the MNT_MULTILABEL flag, which is used
to determine whether a file system operates with individual per-vnode
labels, or treats the entire file system as a single object with a
single (mount) label.  The behavior here will probably evolve some
now that nmount(2) is available and can more flexibly support mount
options.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 07:02:51 +00:00
Luigi Rizzo
6136001211 Forgot this one: properly initialize an address set when the set
size is less than 32 bits (/28 mask or more).
Also remove a debugging fprintf().
2002-07-31 22:42:08 +00:00
Luigi Rizzo
52bc23ab8a Two bugfixes:
+ the header file contains two different opcodes (O_IPOPTS and O_IPOPT)
    for what is the same thing, and sure enough i used one in the kernel
    and the other one in userland. Be consistent!

  + "keep-state" and "limit" must be the last match pattern in a rule,
    so no matter how you enter them move them to the end of the rule.
2002-07-31 22:31:47 +00:00
Søren Schmidt
cc6666dc21 Also print the serial # on atacontrol cap .... 2002-07-31 18:30:38 +00:00
Maxime Henrion
84fc0d7e7f Fix a bunch of format string warnings which broke
the sparc64 build.

Tested on:	sparc64, i386
2002-07-31 12:01:14 +00:00
Poul-Henning Kamp
a490e80ce6 Remove some additional paranoia which Kirk forgot to remove from his
UFS2 commit.

These bits in essence made any instance of "softupdates expected
corrution", (ie blocks marked allocated but not referenced by an
inode etc) result in a exit value for fsck_ffs of 2.

2 is part of the magic and appearantly undocumented protocol between
fsck_FOO and fsck and means "dump into single user mode ASAP.

Sponsored by:	DARPA & NAI Labs.
2002-07-30 20:49:29 +00:00
Poul-Henning Kamp
599304a42f Warning cleanup.
Format changes by peter
2002-07-30 13:01:25 +00:00
Mike Barcroft
90007bc6e7 Don't depend on pollution in <machine/limits.h> (by way of
<sys/param.h>) for definition of <stdint.h> macros.
2002-07-29 17:09:21 +00:00
Ruslan Ermilov
d2893b161b Drop support for COPY, -c has been the default mode of install(1)
for a long time now.

Approved by:	bde
2002-07-29 09:40:17 +00:00
Dima Dorfman
9ffb7cd974 Nuke whitespace at EOL. 2002-07-28 06:59:40 +00:00
Dima Dorfman
5159643adc What we're actually passing around is an ioctl request, not a command,
and it's an unsigned long, not an int.
2002-07-28 06:57:13 +00:00
Dima Dorfman
134cd96fec This compiles cleanly with WARNS=5 on i386 and alpha, so try to make
sure that doesn't change.
2002-07-28 06:52:47 +00:00
Dima Dorfman
072af15128 Implement this (quoted from the updated man page): If the first token
of a rule specification is a single dash (``-''), rules are read from
the standard input and the rest of the specification is ignored.
2002-07-28 06:45:30 +00:00
Dima Dorfman
014c2ea5cd Use more standard section names in an attempt to unconfuse new users
(and make it easier to find stuff for the old ones).  I originally put
everything under one "RULE SUBSYSTEM" so it didn't look like devfs(8)
is dedicated to the rule subsystem, but since nobody has any idea what
else might go here, it's not worth confusing people just to save a
little time for someone that might add something rule-unrelated to
devfs(8) in a few years.

Suggested by:	sheldonh, phk
2002-07-28 03:58:12 +00:00
Bill Fenner
05ad4a57d8 Fix spacing for -P (policy) examples. 2002-07-27 21:06:06 +00:00
Sheldon Hearn
b7563355f3 Add SEE ALSO references to papers handling RED. 2002-07-25 09:37:11 +00:00
Peter Wemm
84176931be Turn nfsiod back on. It is basically now just a sysctl wrapper that also
arranges a kldload of the nfs client file system code if necessary.
2002-07-24 22:14:27 +00:00
Peter Wemm
d5dd87c304 WARNS clean 2002-07-24 22:13:08 +00:00
Marc Fonvieille
a9b45e7499 s/IPSEC/IPsec according to RFCs
PR:		in part docs/38668
Reviewed by:	charnier
MFC after:	10 days
2002-07-23 08:38:03 +00:00
Peter Wemm
c037322687 Connect up gpt and mca subdirs for ia64 2002-07-20 19:32:33 +00:00
Peter Wemm
a88bafcf45 Grab a snapshot of Marcel's WIP ia64 machine check decoder.
Obtained from:  marcel
2002-07-20 19:31:11 +00:00
Peter Wemm
80643c90e3 Grab a snapshot of Marcel's gpt tool. This is still a work-in-progress
but is useful to have handy.  EFI GPT partitions are used instead of the
fdisk+disklabel combination.  They are pure 64 bit LBA, are fully
extensible, support up to 16383 partitons per disk, etc.
2002-07-20 19:27:43 +00:00
Ruslan Ermilov
0b87f79976 s/${INSTALL} -c/${INSTALL} ${COPY}/ 2002-07-18 12:07:49 +00:00
Ollivier Robert
752c7d0862 di_createtime -> di_birthtime.
Submitted by:	Udo Schweigert <Udo.Schweigert@siemens.com>
2002-07-17 10:31:38 +00:00
Kirk McKusick
fb36a3d847 Change utimes to set the file creation time (for filesystems that
support creation times such as UFS2) to the value of the
modification time if the value of the modification time is older
than the current creation time. See utimes(2) for further details.

Sponsored by:	DARPA & NAI Labs.
2002-07-17 02:03:19 +00:00
Dima Dorfman
a1dc209638 Introduce the DEVFS "rule" subsystem. DEVFS rules permit the
administrator to define certain properties of new devfs nodes before
they become visible to the userland.  Both static (e.g., /dev/speaker)
and dynamic (e.g., /dev/bpf*, some removable devices) nodes are
supported.  Each DEVFS mount may have a different ruleset assigned to
it, permitting different policies to be implemented for things like
jails.

Approved by:	phk
2002-07-17 01:46:48 +00:00
Bruce Evans
689fee8724 Fixed some print format errors. Avoid some warnings about possible
(but not actual) alignment problems.  Both of these bugs were detected
on ia64's and were fatal on ia64's due to premature setting of WARNS
to 4.
2002-07-16 23:18:29 +00:00
Ralf S. Engelschall
32f28b1541 Replace extra call to "tunefs" with the equivalent of "newfs -U".
Reviewed by:	phk
2002-07-15 11:30:21 +00:00
Philippe Charnier
490d5836b5 The .Nm utility 2002-07-14 14:47:15 +00:00
Luigi Rizzo
0a7197a83c A bunch of minor fixes:
* accept "icmptype" as an alias for "icmptypes";
* remove an extra whitespace after "log" rules;
* print correctly the "limit" masks;
* correct a typo in parsing dummynet arguments (this caused a coredump);
* do not allow specifying both "check-state" and "limit", they are
  (and have always been) mutually exclusive;
* remove an extra print of the rule before installing it;
* make stdout buffered -- otherwise, if you log its output with syslog,
  you will see one entry for each printf(). Rather unpleasant.
2002-07-13 15:57:23 +00:00
Juli Mallett
a1baa5130d Remove unused variables due to libufs(3) commit. Clean up extraneous use of
semicolon at closing paren of a function body.
2002-07-11 21:46:12 +00:00
Juli Mallett
d67caa29ef Convert dumpfs(8) to libufs(3), rather than rolling local functions for a
number of things.
2002-07-11 21:44:03 +00:00
Tom Rhodes
299f15612e Add a bit of information on FFS snapshots to the mount(8) manual page.
PR:		30139
Submitted by:	Chris Knight <chris@aims.com.au?
MFC after:	3 days
2002-07-11 21:12:45 +00:00
Matthew Dillon
3d8f797ac1 Convert old style (type foo *)0 casts to NULLs
PR:		kern/40360
Requested by:	Hiten PAndya via direct email
2002-07-11 17:54:58 +00:00
Bruce Evans
ffcaf36b2c Fixed 4 printf format errors that were fatal on alphas. %qd is not even
suitable for printing quad_t's since it is equivalent to %lld but quad_t
is unsigned long on alphas.  quad_t shouldn't be used anyway.
2002-07-11 17:49:41 +00:00
Bruce Evans
bb89ddf57b Uncommented WARNS=0. ipfw2.c is full of printf format errors that are
fatal on alphas.

Fixed setting of WARNS.  WARNS should never be set unconditionally, since
this breaks testing of different WARNS values by setting it at a higher
level (e.g., on the command line).
2002-07-11 17:33:37 +00:00
Matthew Dillon
6ff8114c79 Replace the 'at least the amount of physical memory + 64K' with a better
explanation in regards to sizing the dump device.
2002-07-09 17:27:08 +00:00
Ian Dowse
7680e41ce2 Oops, the previous revision (1.22) introduced a potential alignment
issue, since the MAXBSIZE-sized buffers are accessed as arrays of
block pointers, but were declared as char[] arrays. Use a union to
avoid this, which also makes a number of casts unnecessary.

Pointed out by:	bde
Reviewed by:		bde
2002-07-08 23:53:21 +00:00
Bruce Evans
006559a292 Fixed some world breakage caused by not updating clients when <timeconv.h>
was split off from <time.h>.  This became fatal here when -Werror was
reenabled.
2002-07-08 19:49:52 +00:00
Robert Drehmel
247ac241fa - Do not include <utmp.h> for no reason.
- Remove unneeded utmp path constant.
2002-07-08 09:02:02 +00:00
Ian Dowse
1e0276afb3 Use a fixed MAXBSIZE-size auto array instead of a static pointer
to a malloc'd buffer in dmpindir() and dirindir(). These functions
recursively call themselves to handle deeper levels of indirect
blocks, so a single static buffer was not suitable.

Bug tracked down by:	Don Lewis <dl-freebsd@catspoiler.org>
Approach suggested by:	bde
2002-07-08 01:25:54 +00:00
Ian Dowse
617dbd3c84 Replace the use of %qd with intmax_t/%jd and fix a number of -Wall
and -Wformat warnings:
 o Include timeconv.h for the time conversion functions.
 o Remove unused variables.
 o Correct a few cases where %d was used when printing longs.
2002-07-08 00:29:23 +00:00
Gordon Tetlow
1ada226485 Remove nfsd and mountd from src/sbin, look for it in src/usr.sbin 2002-07-07 22:22:16 +00:00
Gordon Tetlow
f960342bca Unhook sbin/nfsd and sbin/mountd from the build. They will be moving to
/usr/sbin shortly.

Reviewed by:	jake (mentor)
2002-07-07 22:14:40 +00:00
Hajimu UMEMOTO
406166da3b Don't explicit kill of the process' own pid.
PR:		bin/38862
Submitted by:	Martin Faxer <gmh003532@brfmasthugget.se> with some modification
MFC after:	1 week
2002-07-07 18:19:48 +00:00
Ian Dowse
325167c3a5 Fix some printf format errors.
Submitted by:	Don Lewis <dl-freebsd@catspoiler.org>
2002-07-07 12:30:20 +00:00
Philippe Charnier
629e80effb The .Nm utility. 2002-07-06 19:35:14 +00:00
Philippe Charnier
960368f7ff The .Nm utility. Add FreeBSD Id. 2002-07-06 19:34:37 +00:00
Philippe Charnier
e1205e80e5 The .Nm utility 2002-07-06 19:34:18 +00:00
Luigi Rizzo
5e43aef891 Implement the last 2-3 missing instructions for ipfw,
now it should support all the instructions of the old ipfw.

Fix some bugs in the user interface, /sbin/ipfw.

Please check this code against your rulesets, so i can fix the
remaining bugs (if any, i think they will be mostly in /sbin/ipfw).

Once we have done a bit of testing, this code is ready to be MFC'ed,
together with a bunch of other changes (glue to ipfw, and also the
removal of some global variables) which have been in -current for
a couple of weeks now.

MFC after: 7 days
2002-07-05 22:43:06 +00:00
Maxim Konovalov
4fba6582cb o Change almost all magic numbers to the appropriate constants.
o Fix zero payloading, unbreak ping -s 0.
o Increase socket recieve buffer, ping -s 65467 is working now.

Submitted by:	anti-magic sweep based on kris's patch
Reviewed by:	bde, silence on -audit
MFC after:	2 months
2002-07-05 11:52:54 +00:00
Maxim Konovalov
301207dffe More strict ip options parsing.
Reviewed by:	bde (style), silence on -audit
MFC after:	2 months
2002-07-05 11:47:33 +00:00
Archie Cobbs
0099af422c Update my email address. 2002-07-03 20:50:32 +00:00
Mark Murray
c822396536 Apply __FBSDID(); fix local variable(names) that stomp on global
definitions; fix some const strings; fix some signedness issues.
2002-07-03 16:43:11 +00:00
Mark Murray
06e8d9547c Apply __FBSDID(), ISOfy, fix easy warning. 2002-07-03 16:38:04 +00:00
Tom Rhodes
ee662b5963 Minor spelling and grammar fixes in the atacontrol(8) manual page.
PR:	39393
2002-07-02 18:00:20 +00:00
Luigi Rizzo
9758b77ff1 The new ipfw code.
This code makes use of variable-size kernel representation of rules
(exactly the same concept of BPF instructions, as used in the BSDI's
firewall), which makes firewall operation a lot faster, and the
code more readable and easier to extend and debug.

The interface with the rest of the system is unchanged, as witnessed
by this commit. The only extra kernel files that I am touching
are if_fw.h and ip_dummynet.c, which is quite tied to ipfw. In
userland I only had to touch those programs which manipulate the
internal representation of firewall rules).

The code is almost entirely new (and I believe I have written the
vast majority of those sections which were taken from the former
ip_fw.c), so rather than modifying the old ip_fw.c I decided to
create a new file, sys/netinet/ip_fw2.c .  Same for the user
interface, which is in sbin/ipfw/ipfw2.c (it still compiles to
/sbin/ipfw).  The old files are still there, and will be removed
in due time.

I have not renamed the header file because it would have required
touching a one-line change to a number of kernel files.

In terms of user interface, the new "ipfw" is supposed to accepts
the old syntax for ipfw rules (and produce the same output with
"ipfw show". Only a couple of the old options (out of some 30 of
them) has not been implemented, but they will be soon.

On the other hand, the new code has some very powerful extensions.
First, you can put "or" connectives between match fields (and soon
also between options), and write things like

ipfw add allow ip from { 1.2.3.4/27 or 5.6.7.8/30 } 10-23,25,1024-3000 to any

This should make rulesets slightly more compact (and lines longer!),
by condensing 2 or more of the old rules into single ones.

Also, as an example of how easy the rules can be extended, I have
implemented an 'address set' match pattern, where you can specify
an IP address in a format like this:

        10.20.30.0/26{18,44,33,22,9}

which will match the set of hosts listed in braces belonging to the
subnet 10.20.30.0/26 . The match is done using a bitmap, so it is
essentially a constant time operation requiring a handful of CPU
instructions (and a very small amount of memmory -- for a full /24
subnet, the instruction only consumes 40 bytes).

Again, in this commit I have focused on functionality and tried
to minimize changes to the other parts of the system. Some performance
improvement can be achieved with minor changes to the interface of
ip_fw_chk_t. This will be done later when this code is settled.

The code is meant to compile unmodified on RELENG_4 (once the
PACKET_TAG_* changes have been merged), for this reason
you will see #ifdef __FreeBSD_version in a couple of places.
This should minimize errors when (hopefully soon) it will be time
to do the MFC.
2002-06-27 23:02:18 +00:00
Ian Dowse
8f42fb8fc9 Remove the kernel file-size limit for UFS2, so that only the limit
imposed by the filesystem structure itself remains. With 16k blocks,
the maximum file size is now just over 128TB.

For now, the UFS1 file size limit is left unchanged so as to remain
consistent with RELENG_4, but it too could be removed in the future.

Reviewed by:	mckusick
2002-06-26 18:34:51 +00:00
Ian Dowse
6a26192ada Fix an integer overflow that causes fsck_ffs to crash when it
encounters very large file sizes in the filesystem.

Reviewed by:	mckusick
2002-06-26 16:40:25 +00:00
Alfred Perlstein
7b9136e8ea Remove old pre-TIRPC code for getting transport handles. The code that
follows spams over the contents of them making the removed code useless.
2002-06-25 22:55:53 +00:00
Greg Lehey
74fbc9bb5b Correct default location of history file.
Observed by:	Chris Bolt <chris-lists@bolt.cx>
2002-06-23 01:32:00 +00:00
Kirk McKusick
5e5d87ff36 Get rid of paranoia that zeros the boot block area as this has
bad effect on existing bootstraps.

Submitted by:	Jake Burkholder <jake@locore.ca>
Sponsored by:	DARPA & NAI Labs.
2002-06-22 22:44:09 +00:00
David E. O'Brien
7c7af54f15 This commit was generated by cvs2svn to compensate for changes in r98567,
which included commits to RCS files with non-trunk default branches.
2002-06-21 15:56:16 +00:00
David E. O'Brien
d9bc822f0f Sync with NetBSD.
* don't whine about non-regular files. It is perfectly normal to keep a
  CVS or RCS directory in /etc/rc.d.
* manpage tweak
2002-06-21 15:56:16 +00:00
David E. O'Brien
0dbbb2e416 Reduce the -I's as we don't need them all. 2002-06-21 15:52:05 +00:00
Bruce Evans
36ffadc954 Don't say that an umounted filesystem is required for -n. An unmounted
filesystem is no more or less required for -n than for any other option.
The previous commit clarified the actual requirement.
2002-06-21 09:57:34 +00:00
Kirk McKusick
1c85e6a35d This commit adds basic support for the UFS2 filesystem. The UFS2
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.

Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.

Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).

Sponsored by: DARPA & NAI Labs.
Reviewed by:	Poul-Henning Kamp <phk@freebsd.org>
2002-06-21 06:18:05 +00:00
Maxime Henrion
4ce86ffd17 nmount'ify unionfs further by using separate options instead
of passing a flags mount options.  This removes the include of
sys/fs/unionfs/union.h in mount_unionfs as it should be.

Reviewed by:	phk
2002-06-15 22:48:14 +00:00
Maxime Henrion
c3210a83c0 Convert UDF to nmount.
Reviewed by:	scottl
2002-06-15 22:40:13 +00:00
Hajimu UMEMOTO
331a2db8a9 Add eui64 option which fills interface index (lowermost 64bit of
an IPv6 address) automatically.
This should obsolete prefix(8).

Obtained from:	NetBSD
MFC after:	2 weeks
2002-06-15 15:35:24 +00:00
Gordon Tetlow
dde7cef3d2 Hook rcorder and rc.d into the build.
Submitted by:	Mike Makonnen
2002-06-13 22:26:15 +00:00
David E. O'Brien
2a9dee3a68 FreeBSDize the NetBSD Makefile so that this compiles. 2002-06-13 17:09:30 +00:00
Giorgos Keramidas
40e6916847 ANSIfy a few prototypes, thus fixing a few warnings.
Reviewed by:	grog
2002-06-09 02:20:58 +00:00
Hajimu UMEMOTO
56c5d32d37 Don't have -prefixlen 128 on host routes.
Obtained from:	KAME
2002-06-08 19:49:22 +00:00
Matthew N. Dodd
7224076dfe Use a larger data type to prevent counters wrapping so quickly.
Silence a warning.
2002-06-07 05:29:13 +00:00
Matthew N. Dodd
c44ed52b2e Sync this up with changes made in v1.8 of sys/netatm/atm_if.h 2002-06-07 05:25:10 +00:00
Gordon Tetlow
b60563db4e Remove the old nextboot from Whistler. AFAIK this hasn't been useable in
quite a while and only works on i386.
2002-06-06 20:20:58 +00:00
Poul-Henning Kamp
d266a28647 s/daddr_t/ufs_daddr_t/g
This should fix the issues which cropped up after daddr_t grew up.

Sponsored by:	DARPA & NAI Labs.
2002-06-06 19:59:46 +00:00
Gordon Tetlow
045e9d6c14 Unhook the old nextboot(8) from the build. If no one yells too loudly, this
will be accompanied by a cvs rm of the actual nextboot sources.

Approved by:	jake (mentor)
2002-06-06 19:26:15 +00:00
Giorgos Keramidas
731867d068 Add 'utility' in a place that it was missing.
PR:		docs/38814
Submitted by:	Chris Pepper <pepper@rockefeller.edu>
MFC after:	10 days
2002-06-05 23:39:56 +00:00
Ian Dowse
09dbd0701c Oops, unbreak parsing of the `type' field in getasciilabel(). I had
changed a `goto' to a `continue' in revision 1.52, but it continued
the wrong loop.

Noticed by:	bde
2002-06-05 08:11:28 +00:00
Gordon Tetlow
3600cbb7c4 Fix spelling nit in error message. 2002-06-05 01:06:33 +00:00
Marcel Moolenaar
acc6623066 Fix breakage caused by allocating the I/O buffer. There was a
sizeof(buf) lurking around that I missed.

PR: 38811
Submitted by: Adrian Colley <aecolley@spamcop.net>
2002-06-02 19:20:37 +00:00
Garrett Wollman
5c7417c4d1 Avoid construction which results in label at end of block. 2002-05-30 21:41:42 +00:00
Garrett Wollman
b055b157dc Fix syntax errors (labels with no statement). 2002-05-30 21:38:58 +00:00
Ruslan Ermilov
ee148739ad mdoc(7) police: nits. 2002-05-30 12:20:49 +00:00
Ruslan Ermilov
92dcf6fa35 mdoc(7) police: tidy up the markup and some wording. 2002-05-30 09:41:33 +00:00
Alfred Perlstein
448f7629ea correct comment (replace i386 with __i386__) 2002-05-30 07:12:12 +00:00
Jun Kuriyama
0196ba9cf8 Fix typos (s/IP6FILREWALL_VERBOSE/IPV6FIREWALL_VERBOSE/, s/netinet/netinet6/).
MFC after:	1 week
2002-05-30 07:01:58 +00:00