This backs out the hack we added in r329458. Now that we can freeze /
thaw probing, this is a much better solution to that problem. Revert
to simply printing the results as we find them, and relying on an
external sort | uniq to clean up the list.
Differential Revision: https://reviews.freebsd.org/D16735
Use devctl freeze / thaw to allow us to laod multiple modules before
doing the probe/attach so they all get a bite at the apple.
Differential Revision: https://reviews.freebsd.org/D16735
- Some overly-long lines
- Consistently using .Brq ({})
- Consistently using .Cm
- Not using .Ao/.Ac around .Ar
PR: 230576
Submitted by: Yuri Pankov (with a fair amount of rebasing pre-commit)
Add a -U flag to get back the old behavior. The new behavior is a little
more friendly to the common use cases, jail the BE and execute a script.
Having the jail torn down automatically when the script is finished, or when
you exit the shell, is a little more friendly than having to remember to
`bectl ujail`.
Batch mode (-b) will continue to leave the jail up, as it's assumed the
caller has other intentions.
Submitted by: Shawn Webb (partially)
2^32 bps or greater to be used. Prior to this, bandwidth parameters
would simply wrap at the 2^32 boundary. The computations in the HFSC
scheduler and token bucket regulator have been modified to operate
correctly up to at least 100 Gbps. No other algorithms have been
examined or modified for correct operation above 2^32 bps (some may
have existing computation resolution or overflow issues at rates below
that threshold). pfctl(8) will now limit non-HFSC bandwidth
parameters to 2^32 - 1 before passing them to the kernel.
The extensions to the pf(4) ioctl interface have been made in a
backwards-compatible way by versioning affected data structures,
supporting all versions in the kernel, and implementing macros that
will cause existing code that consumes that interface to use version 0
without source modifications. If version 0 consumers of the interface
are used against a new kernel that has had bandwidth parameters of
2^32 or greater configured by updated tools, such bandwidth parameters
will be reported as 2^32 - 1 bps by those old consumers.
All in-tree consumers of the pf(4) interface have been updated. To
update out-of-tree consumers to the latest version of the interface,
define PFIOC_USE_LATEST ahead of any includes and use the code of
pfctl(8) as a guide for the ioctls of interest.
PR: 211730
Reviewed by: jmallett, kp, loos
MFC after: 2 weeks
Relnotes: yes
Sponsored by: RG Nets
Differential Revision: https://reviews.freebsd.org/D16782
This is related to pkgbase as it uses CONFS to properly tag these as config
files.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16785
Rely on the kernel to appropriately mark group members as skipped.
Once a group is skipped we can clear the update flag on all the members.
PR: 229241
Submitted by: Andreas Longwitz <longwitz AT incore.de>
MFC after: 1 week
The original NVMe API used bit-fields to represent fields in data
structures defined by the specification (e.g. the op-code in the command
data structure). The implementation targeted x86_64 processors and
defined the bit fields for little endian dwords (i.e. 32 bits).
This approach does not work as-is for big endian architectures and was
changed to use a combination of bit shifts and masks to support PowerPC.
Unfortunately, this changed the NVMe API and forces #ifdef's based on
the OS revision level in user space code.
This change reverts to something that looks like the original API, but
it uses bytes instead of bit-fields inside the packed command structure.
As a bonus, this works as-is for both big and little endian CPU
architectures.
Bump __FreeBSD_version to 1200081 due to API change
Reviewed by: imp, kbowling, smh, mav
Approved by: imp (mentor)
Differential Revision: https://reviews.freebsd.org/D16404
This helps with pkgbase as it switches these to using CONFS so they are
properly tagged as config files.
Approved by: will (mentor), imp
Differential Revision: https://reviews.freebsd.org/D16781
Instead of always running /bin/sh, allow the user to specify the command
to run. The jail is not removed when the command finishes. Meaning,
`bectl unjail` will still need to be run.
For example:
```
bectl jail newBE pkg upgrade
bectl ujail newBE
```
Submitted by: Shawn Webb
Obtained from: HardenedBSD (8b451014ab)
Adding batch mode to the jail `bectl(8)` subcommand enables jailing of
ZFS Boot Environments in a scriptable fashion.
Submitted by: Shawn Webb
Obtained from: HardenedBSD (9e72d1c59a and ef7b6d9e1c with minor edit)
Previous iteration of this assumed that these won't fail because we've
already setup the jail param to this point, but the allocations could still
fail in pretty bad conditions.
Admit that it's possible and return (ENOENT, EINVAL, ENOMEM, or 0) when
deleting arguments. EINVAL shouldn't happen since we're passing optarg;
which may satisfy *optarg == '\0' but never optarg == NULL.
CID: 1394885, 1394901
after opening the console, replacing init as PID 1.
From the user point of view, it makes it possible to run eg the
shell as PID 1, using 'set init_exec=/bin/sh' at the loader(8)
prompt.
Reviewed by: kib
MFC after: 2 weeks
Relnotes: yes
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D16625
These were previously necessary because the libnvpair and libzfs_core
includes were not installed into the SYSROOT, being a part of the copies
target in include/Makefile rather than being installed with the library.
This was fixed in r337696 and the headers are now installed properly, so we
may let go of the cruft.
Deleting the temp snapshot isn't immediately possible because it's the
origin of the newly imported boot environment. However, this is trivially
solved by opening the new boot environment and promoting it. The roles are
now reversed and the temp snapshot/dataset may be completely destroyed.
Remove the BUGS from libbe(3) and bectl(8).
bectl(8) is an administrative interface for working with ZFS boot
environments, intended to provide a superset of the functionality provided
by sysutils/beadm.
libbe(3) is the back-end library that the required functionality has been
pulled out into for later reuse.
These were originally written for GSoC 2017 under the mentorship of
allanjude@.
bectl(8) has proven pretty stable in my testing, with the known bug
documented in the man page.
Relnotes: yes
- Missing include path
- Fully specify libzfs's dependencies (except for deps pulled in by other
deps) in Makefile.inc1
- Drop WARNS back down to 2 for libbe(3). I do this with much hesitation,
but the libzfs headers are apparently a hot warning-filled mess as far as
GCC 4.2 is concerned.
Fix bug introduced in r98542: previously to this revision the byte-swapped
value was compared at this place. The current check is in a conditional
section where the non-byte-swapped value was already checked to be not
the value which is checked again. As byte-swapping is activated afterwards,
it only makes sense if the byte-swapped value is checked.
Submitted by: Keith White <kwhite@site.uottawa.ca>
PR: 200059
MFC after: 1 month
Sponsored by: Essen Hackathon
This helps with pkgbase to tag this config file as a config file.
Approved by: allanjude (mentor), will (mentor)
Differential Revision: https://reviews.freebsd.org/D16559
This helps pkgbase as this config file will now be tagged as a config file.
Approved by: allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D16675
Regardless if a verbose scan is required or not, we'd still want to display the
full SSID name by default so use the IEE80211_NWID_LEN constant to set the
value to use instead.
Tested on rene@'s laptop.
Reviewed by: kp
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16566
It's useful for how to mount an iso file via loopback.
Reviewed by: jilles
Approved by: bcr (mentor)
Differential Revision: https://reviews.freebsd.org/D16067
The mostly-undocumented 'add' functionality, from initial read-through, is
intended for construction of deep ("bdrewery style") boot environments.
However, it's mostly broken at this point. `#if SOON` it out on both sides
so that we're not exposing a broken API/feature.
Work will resume on it in due time.
returns error.
Now -q option only makes it quiet. And when -f flag is specified, the
command will ignore errors and continue executing with next batched
command.
MFC after: 2 weeks
nonexistent NAT instance or nonexistent rule.
This allows execute batched `delete` commands and do not fail when
found nonexistent rule.
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
getfsstat(2) system call using the MNT_NOWAIT flag to indicate that
it wants to use the statfs information cached in the mount structure.
When the -v (verbose) flag is specified, we need to use the MNT_WAIT
flag to getfsstat(2) so that kernel will call VFS_STATFS to get the
current statfs statistics from each filesystem.
Sponsored by: Netflix
The _Noreturn is a function-specifier (like inline) which must preceed
the declarator.
Submitted by: Sebastian Huber <sebastian.huber@embedded-brains.de>
MFC after: 1 week
This is needed to be able to chroot in the fallback case where
Capsicum is not available.
Reported by: Daniel Braniss <danny@cs.huji.ac.il>
X-MFC with: r337382
Sponsored by: The FreeBSD Foundation
- File names don't necessarily need to be repeated
- Add SPDX tags
- Add a missing copyright for Kyle Kneitinger in bectl.8, originally written
by him in GSoC 2017; his standard copyright notice has been copied from
other files within the same directory to remain consistent with how he
clearly wished to portray it
This makes the be_exists behavior match the comments that assert that we've
already checked that the dataset derived from the BE name is set to mount at
/.
Other changes of note:
- bectl_list sees another change; changing mountpoint based on mount status
turns out to be a bad idea, so instead make the mounted property of the
returned nvlist the path that it's mounted at
- Always return the "mountpoint" property in "mountpoint" if it's ste
This is to accomodate a later change in libbe(3) that will always return the
mountpoint, whether it be the directory the dataset is actively mounted at
or the "mountpoint" property.
The main dhclient process is Capsicumized but also chroots to
restrict filesystem access. With r322369, pidfile(3) maintains a
directory descriptor for the pidfile, which can cause the chroot
to fail in certain cases. To minimize the problem, only chroot
if we fail to enter capability mode, and store dhclient pidfiles
in a subdirectory of /var/run, thus restricting access via
pidfile(3)'s directory descriptor.
PR: 223327
Reviewed by: cem, oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D16584
While here:
- Remove deprecated ".Tn" macros.
- Improve formatting and fix typos in the description of
the -t option.
Reviewed by: bcr
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D16541
- Support passing arbitrary jail arguments via -o
- Split the related (and rewritten since the GSoC) jail bits out into a new
bectl_jail.c file, to reduce clutter in bectl.c
- Don't use RFC 1918 IP space [0]; we'll instead set no default IPv4 and let
the user pass in any address options they wish via -o
Reported by: rgrimes [0], Shawn Webb [0]
be_get_dataset_snapshots has been added to libbe(3), effectively returning
the same information as be_get_bootenv_props but for snapshots of the given
dataset. The assumption is that one will have the BE dataset name before
wanting to grab snapshots.
This also accomplishes the following:
- Proxy through zfs_nicenum as be_nicenum, because it looks better than
humanize_number and would presumably be useful to other libbe consumers.
- Rename be_get_snapshot_props to be_get_dataset_props, make it more useful
-H is for a scripted format, where all fields are tab-delimited and the
headers go away. We accomplish this by splitting out pad printing to a
separate function that'll take into account whether we're supposed to be
scripted or not.
This has the nice side effect of maintaining positive column sizes again.
scripts. This means one should be able to eg rewrite their /etc/rc
in Python.
Reviewed by: kib
MFC after: 2 weeks
Relnotes: yes
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D16565
While it could be preferred to do this at insert in libbe(3), there's no
convenient way to insert at the head of an nvlist. Instead, we'll make two
passes over- once to print anything active either now or at nextboot, and
another to print everything else.
This doesn't actually impact performance in a significant way here, so we'll
worry about further optimizations if the need actually arises.
bectl list -a should show the boot environment, its relevant dataset, and
the snapshot it was created from. The header also changes to indicate the
rough order in which these things will show.
While here, start doing a little bit of spring cleaning and splitting
different bits out.
The timespecadd(3) family of macros were imported from NetBSD back in
r35029. However, they were initially guarded by #ifdef _KERNEL. In the
meantime, we have grown at least 28 syscalls that use timespecs in some
way, leading many programs both inside and outside of the base system to
redefine those macros. It's better just to make the definitions public.
Our kernel currently defines two-argument versions of timespecadd and
timespecsub. NetBSD, OpenBSD, and FreeDesktop.org's libbsd, however, define
three-argument versions. Solaris also defines a three-argument version, but
only in its kernel. This revision changes our definition to match the
common three-argument version.
Bump _FreeBSD_version due to the breaking KPI change.
Discussed with: cem, jilles, ian, bde
Differential Revision: https://reviews.freebsd.org/D14725
from being installed in the correct directory.
Resurrect a few rc.d scripts that were prematurely deleted from the
Makefile by r336845.
Reviewed by: brd
This keeps most startup scripts as CONFS per discussion on src-committers from
back during BSDCan.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16466
target.
Also update the pfctl tests Makefile to work with this change.
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D16430
The jail is created with allow.mount, allow.mount.devfs, and
enforce_statfs=1. Upon creation, we immediately attach, chdir to "/", and
drop the user into a shell inside the jail.
The default IP for this is arbitrarily 10.20.30.40.
The given parameter may either be a jid, jail name, or a BE name. In all
cases, the parameter will be resolved to a jid and bectl(8) will
sanity-check that there's actually a BE mounted at the requested jail root
before invoking jail_remove(2).
Based on the idea that we shouldn't have all-new library and utility going
into base that need WARNS=1...
- Decent amount of constification
- Lots of parentheses
- Minor other nits
For the moment, this is a primitive nvlist dump of what we get back from
be_get_bootenv_props as a proof-of-concept and to make sure that we're
getting back the kind of information we want to see from list.
This check eliminates infinite loop of MTU change / link flap / lease verification / MTU change / link flap etc.
in case of some NIC drivers like em(4) or igb(4).
N.B.: obsolete u_int16_t is used in consistency with the rest of the file.
PR: 229432
Approved by: mav (mentor)
MFC after: 1 week
"record-state" is similar to "keep-state", but it doesn't produce implicit
O_PROBE_STATE opcode in a rule. "set-limit" is like "limit", but it has the
same feature as "record-state", it is single opcode without implicit
O_PROBE_STATE opcode. "defer-action" is targeted to be used with dynamic
states. When rule with this opcode is matched, the rule's action will
not be executed, instead dynamic state will be created. And when this
state will be matched by "check-state", then rule action will be executed.
This allows create a more complicated rulesets.
Submitted by: lev
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D1776
The double compilation of the kernel sources in libmd and libcrypt is
baffling, but add yet another define hack to prevent duplicate symbols.
Add documentation and SHA2-224 test cases to libmd.
Integrate with the md5(1) command, document, and add more test cases;
self-tests pass.
sockstat(1), ugidfw(8)
These are the last of the jail-aware userland utilities that didn't work
with names.
PR: 229266
MFC after: 3 days
Differential Revision: D16047
The issue was caused by header pollution brought by GCC 8.1.
We now have to remove include-fixed headers in the GCC installation
directory.
Sponsored by: DARPA, AFRL
Pointed out by: jhb
o Also move printf.h to go after it since it does require declaration
of va_list.
This fixes build with latest RISC-V GNU Toolchain with GCC 8.1
Sponsored by: DARPA, AFRL
If '-n' is set we don't use the list of skip interfaces, so don't retrieve it.
This fixes issues if 'pfctl -n' is used before the pf module is loaded. This
was broken by r333181.
Reported by: Jakub Chromy <hicks AT cgi.cz>
MFC after: 1 week
Currently ifconfig(8) only prints the hex representation of ssid names
with non-ASCII characters. Many modern terminals are able to properly render
non-ASCII characters. This change checks if the terminal charmap is UTF-8,
and if so, will render the characters, rather than the hex value.
This behavior is circumvented by running ifconfig(8) in a non-UTF8 locale;
e.g. C or POSIX.
It was pointed out by kp@ during the review that APs have the option to
broadcast whether their SSIDs may be interpreted as UTF-8. Ideally, we would
honor this and only attempt this behavior if it's so-broadcasted by the AP.
However, a sample survey showed that hostapd will advertise this if
indicated in config but it doesn't seem to be so common in the AP market, so
this would be effectively useless as we'll rarely know if the SSID should be
renderable as UTF-8.
Despite this, it was decided to be OK with this anyways- there's a
straightforward path to doing it the right way based on advertisement by AP
if we need to go that route, and one can revert to old behavior easily
enough at runtime if we get it wrong.
Submitted by: Farhan Khan <khanzf@gmail.com>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D15922
When expanding a variable set by a message from the kernel, safely
quote all arguments expanded when creating a command line for the
shell.
Reviewd by: Shawn Webb, Oliver Pinter, brd@
Sponsored by: Netflix
While useful as an example, veriexecctl, as it is, has very little practical
use, since there is nothing ensuring the integrity of the manifest of hashes.
A more appropriate set of utilities will replace it.
Rather then combining hardlink creation for the geom(8) binary with
shared library build, move libraries to src/lib/geom so they are
built and installed normally. Create a common Makefile.classes
which is included by both lib/geom/Makefile and sbin/geom/Makefile
so the symlink and libraries stay in sync.
The relocation of libraries allows libraries to be build for 32-bit
compat. This also reduces the number of non-standard builds in
the system.
This commit is not sufficent to run a 32-bit /sbin/geom on a 64-bit
system out of the box as it will look in the wrong place for libraries
unless GEOM_LIBRARY_PATH is set appropriatly in the environment.
Reviewed by: bdrewery
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D15360
A more correct way to modernize code that uses __progname is to just
replace each occurance of it with a call to getprogname(3)
Reported by: ian
Reviewed by: imp
be executed in the if() conditional. If its not supposed to be printed
inside the conditional, then the braces should be removed and the extra
tabs on the fprintf() should be removed.
Noted by cross compilation with gcc-mips.
- add static in a number of places
- initialize __progname rather than rely on magical extern values
- use nitems() instead of manually spelling it out
- unshadow 'idi'
- teach 'error' that it is '__dead2'
- add missing 'break'
- remove param: unused since r95357.
- correct definition of usage
- add explicit fallthrough notice. The existing one doesn't work with
our selection of "implicit-fallthrough" strictness.
This results in WARNS=6 building on amd64, but not other arches
Normally pf rules are expected to do one of two things: pass the traffic or
block it. Blocking can be silent - "drop", or loud - "return", "return-rst",
"return-icmp". Yet there is a 3rd category of traffic passing through pf:
Packets matching a "pass" rule but when applying the rule fails. This happens
when redirection table is empty or when src node or state creation fails. Such
rules always fail silently without notifying the sender.
Allow users to configure this behaviour too, so that pf returns an error packet
in these cases.
PR: 226850
Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net>
MFC after: 1 week
Sponsored by: InnoGames GmbH
We do not have code to fix this situation, and the mismatch does not
prevent the kernel driver from consuming the file system, and some factory
formatted SD cards seem to have a garbage backup block.
This makes the code match to its comments (replacing pfatal with pwarn).
Inspired by: NetBSD r1.13
Inspired by: b47b16353f
MFC after: 2 weeks
containing paths, fingerprints, and optional option flags which in turn
get pushed into the MAC/veriexec meta-data store via the veriexec device.
The format of the fingerprints file is as follows:
path type fingerprint options
The type of fingerprint supported depends on what MAC/veriexec fingerprint
modules have been loaded into the system. The veriexecctl application is
able to determine which ones are available by consulting the
security.mac.veriexec.algorithms sysctl.
The following options are currently supported in MAC/veriexec and by the
veriexecctl application:
indirect
If this option is set then the executable cannot be invoked directly, it
can only be used as an interpreter in shell scripts.
file
Indicates that the fingerprint is associated with a file, not an
executable. Files have their fingerprints verified during open(2) and are
automatically made read only. This option may be used to verify shared
libraries have not been tampered with.
no_ptrace
If this option is set then the executable cannot be traced with the
ptrace(2) process tracing and debugging call.
trusted
If this option is set then the executable is allowed to write to the
mem(4) devices. By default, when verified execution is enforced, no
process is allowed to write to the mem(4) devices.
The options are not case sensitive.
Reviewed by: jtl, wblock
Obtained from: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D8575
Continuing with a NULL hints variable just triggers a segfault later on.
The other error cases in this function all exit for an error rather than
warning.
Reviewed by: imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D15579
Implement MK_NVME now that the expression for where NVMe is
complicated. Default it to "yes" for x86 and powerpc64 and
no everywhere else. Use it in camcontrol to define WITH_NVME
for those platforms where we support nvme.
This should fix the newly introduced nvme files to camcontrol
which were building everywhere.
Pointy Hat To: imp
Sponsored by: Netflix
Both ATA and NVME have an identify command. They are completely
different, but to the user they are the same. Leverage nvmecontrol's
print_controller code to provide that functionality to camcontrol
identify. Query the path to see what kind of protocol it supports, and
send the most appropriate command down. Refactor nvme_print_dev a
little to make it easy to get the nvme cdata.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D15371
Rename print_controller to nvme_print_controller. Put it in its
own file for easy inclusion. Move util.c to be nc_util.c to not
conflict with camcontrol. add nvecontrol_ext.h to define shared
interfaces.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D15371
The size limits came from a flawed understanding of dump records.
The real issue was that dump was bogusly interpreting c_count
sometimes. r334978 fixes that.
We shouldn't count the bytes set in c_addr for TS_CLRI and TS_BITS
nodes. Those block overload c_count to communicate how many blocks
follow, not now many c_addr spaces are used. Dump would dump core
(now) because memory layout moved around and we'd access elements past
the end to make a count.
Reviewed by: kib@
Add some asserts that prevents the overflows of c_addr. This can't
happen, absent bugs. However, certain large filesystems can cause
problems. These have been prevented by r334968, but a solution
is needed. These asserts will help assure that solution is correct.
PR: 228807
Reviewed by: db
c_addr in spcl. So check before we start dumping otherwise we can
end up with a corrupted dump.
PR: 228807
Submitted by: db
Reviewed by: imp
Approved by: imp
