processes, and balance that by adding a 10-second delay after all the
processes have been signaled. Also improvement a few messages printed
with `-n' or `-v' processing (mostly signal-related messages).
MFC after: 13 days
files to rotate. The new order will first rotate all files that need
to be rotated, and then send a single signal to each process which
needs to be signaled, and finally it will compress all the files which
were rotated.
This means daemons will be signaled once per run of newsyslog, instead
of once per file rotated. Also, files will be compressed in order of
file-size (smallest to largest). Also, it waits for each file to be
completely compressed before starting the next one (effectively as if
the 'w' flag is specified for all entries in newsyslog.conf). This
avoids the situation of having 10 gzip's going at the same time (each
with a log.0 and a log.0.gz file active), and it also means that file
attributes can be reliably set on files after they are compressed.
NOTE: This commit does define NEWORDER (which you could get rid of if
you really don't trust this), but it does not flip the "-D neworder"
switch. So, at the moment none of these changes happen unless you
request them (perhaps by adding '<debug> neworder' in newsyslog.conf).
PR: bin/25070 inspired some parts of this
Submitted by: parts from bin/25070 done by Helge Oldach
MFC after: 14 days
the newsyslog.conf file. Rename one size-related variable, and move
another one from the stack into conf_entry. Add a routine to change
file-attributes (chown, chmod, chflags), instead of having several
places doing the same sequence of system-calls. A few cosmetic/style
changes.
These should not effect any users. Most of these probably look
pointless, but they are the "insignificant parts" of a much larger
update that I'll be committing soon. Doing these as a separate update
should make that update easier to read.
MFC after: 14 days
that had been written some months ago for other processing. This
should get rid of a few subtle situations where an existing log
file would not exist (for a short time) while it is being rotated.
MFC after: 16 days
about the risks of enabling raw sockets in prisons.
Because raw sockets can be used to configure and interact
with various network subsystems, extra caution should be
used where privileged access to jails is given out to
untrusted parties. As such, by default this option is disabled.
A few others and I are currently auditing the kernel
source code to ensure that the use of raw sockets by
privledged prison users is safe.
Approved by: bmilekic (mentor)
explicitly fsynced after kernel messages are logged. This option
should be syntax compatible with a similar option in Linux syslogd.
I've made some small changes to Pekka's patch, hoepfully I haven't
goofed anything.
PR: 66790
Submitted by: Pekka Savola <pekkas@netcore.fi>
Obtained from: Martin Schulze's syslogd
MFC after: 1 month
Syslogd should ensure that f_file is a valid file descriptor when
f_type is FILE, CONSOLE, TTY and for a PIPE where f_pid > 0. If the
descriptor is closed/invalid then the type should be set to UNUSED
or the pid should be set to 0.
To this end:
1) Don't close(f->f_file) if we can't send a message to a remote
host because the file descriptor used for remote logging is
stored in finet, not in f->f_file. f->f_file is probably
uninitialised, so I guess we usually end up closing fd 0.
2) Don't close PIPE file descriptors if they are invalid.
3) If the call to p_open fails, don't set the pid.
The OpenBSD patches in this area set f_file to -1 after the fd is
closed and then avoids calling close if f_file < 0. I haven't done
this, but it might be a good idea too.
Inspired by: PR 67139/OpenBSD
1) Use strncpy on strings out of utmp.
2) Avoid running off the start of one string while removing white space.
(I've used slightly different code to OpenBSD here.)
3) Ignore trailing spaces in the priority.
PR: 67139
Submitted by: Xin LI <delphij@FreeBSD.org.cn>
Obtained from: OpenBSD
1) Don't check for getopt returning '?', we have a default case.
2) Check if the priority is LOG_KERN correctly - in practice
LOG_KERN is 0, so it makes no difference. OpenBSD fixed a
different nearby bug that we don't have 'cos our definition
of LOG_MAKEPRI is different to OpenBSD's.
Copy a comment from OpenBSD, observing that LOG_KERN is 0.
Inspired by PR: 67139
_PATH_DEV will never change. In the un-likely event that _PATH_DEV
should ever change, watch(8) would have broke because of a
mis-generated device name.
Approved by: bmilekic (mentor)
Pointed out by: Yvan Boily
o getpwnam(3) returns NULL and does not set errno when the user does
not exist. Bail out with "no such user" instead of "Unknown error: 0".
PR: bin/67262
Submitted by: demon (-U flag)
MFC after: 3 weeks
trying to exclude the top end of the range since it should hurt to overlap
by 4 bytes in the off-chance the RSDP signature appears incorrectly at the
very top of our search space.
the value for "unknown" 0xffffffff. The underlying kernel drivers should
be updated to only return 255 but the ABI is used by too many userland
utilities.
Also, make this WARNS 6 compatible.
stored in EEPROM or NVRAM. It's inspired by the NetBSD eeprom(8) and
the SunOS/Solaris eeprom(1M) utilities. Currently, this eeprom(8)
only supports systems equipped with Open Firmware and is only tested
on Sun machines but should work on any platform using Open Firmware.
A bit more specific, eeprom(8) can be used on these systems to do the
same under FreeBSD as can be done using the printenv and setenv
commandos in the boot monitor. One thing that only hardly can be done
using the boot monitor but easily with eeprom(8) is to write a logo
to the "oem-logo" property. eeprom(8) may also be useful to recover
the boot monitor password (in the default configuration only as root,
of course), i.e. when the boot monitor allows you to boot but you
can't alter the configuration because the password is unknown. The
man page may also be a useful reference of the various configuration
variables.
The idea of eeprom(8) is that handlers can be written to add support
for any firmware that stores such configuration in EEPROM or NVRAM;
sort of e.g. eeprom(1M) on Solaris/x86 is used to turn PAE-support
on and off (stored in a file then, not hardware). In FreeBSD, a
candidate for this would be a handler for the EFI boot environment
for FreeBSD/ia64.
eeprom(8) uses some code from NetBSD (eeprom.c and the base for
eeprom.8), the handler for the Open Firmware /options node
(ofw_options.[c,h]) was written using ofw_util.[c,h] from ofwdump(8).
Reviewed by: ru (slightly earlier version of the man page)
- Make the code use the new OFIOCMAXVALUE instead of defining the maximum
length of property values locally.
- Move the application specific parts from ofw_util.c to ofwdump.c in
order to make ofw_util.c more library-like. While ofw_dump_properties()
could be made non-specific to ofwdump(8) it's currently optimized for
use in ofwdump(8) and making it a library-like function would just
complicate the code unnecessarily.
- Minor clean-up in ofw_util.c, e.g. make its use of getopt(3) the way
it's described in style(9), make its usage() static, etc.
- Add a comment in ofw_util.c about why it doesn't call usage() when
neither the "-a" option nor a node-name where given.
- Add ofw_optnode() and ofw_setprop(), helper functions for the
OFIOCGETOPTNODE and OFIOCSET ioctls respectively, to ofw_util.[c,h].
- Be consistent with the use of 'const' in ofw_util.[c,h] and add 'const'
to the function arguments that are acutally const but weren't declared
as such.
- Mark WARNS=6 clean.
Approved by: tmm
installation as far as most people are concerned but both 'Standard' and
'Select' begin with S and 'Select' is winning. This makes it so 'Select'
is not select-able using a keystroke but that is probably for the best
and the text on the screen adequately describes how to move back and forth
between 'Select' and 'Exit'.
Adapted from work by: josef@
PR: i386/37999
MFC after: 1 week
. forward declare all static functions
. add a couple of redundant parens in return statements where they've
been missing
. remove the space after exit since it's a function
the maximum amount of time jitter for root and other users, respectively.
Before starting a job, cron(8) will sleep a random number of seconds,
from 0 to the amount specified. This can help to smooth down load spikes
when a lot of jobs are to start at the beginning of a particular minute
(e.g., the first minute of an hour.)
PR: bin/66474
Submitted by: Dmitry Morozovsky <marck <@> rinet.ru>
where the RSD PTR can actually occur. According to section 5.2.2
of the ACPI spec, we only consider two regions for the base address:
1. EBDA (0x0 - 0x3FF)
2. High memory (0xE0000 - 0xFFFFF)
I don't know whether this fixes any actual problems but is more correct.
levels by which they are used. On a typical production setting (no
debug or filter logging) this will save an open/read/close system
call sequence per packet, approximately halving the system overhead
and reducing the overall overhead by 38%.
dd bs=1k count=512 if=/usr/share/dict/web2 |
ssh ppp-linked-host dd of=/dev/null
# time original-ppp -nat -foreground connection
Working in foreground mode
Using interface: tun0
2.822u 2.404s 2:00.31 4.3% 392+496k 8+18io 3pf+0w
# time new-ppp -nat -foreground connection
Working in foreground mode
Using interface: tun0
2.082u 1.173s 1:26.06 3.7% 379+450k 0+18io 0pf+0w
MFC after: 3 weeks
- Don't look for partitions inside a FreeBSD chunk on ia64 when mounting
the filesystems just before the chroot and install.
- Write entries out to /etc/fstab for filesystems that aren't inside a
FreeBSD chunk, but are a top-level chunk under the disk.
rarpd clobbered any AF_INET information already configured for a given
interface name, so interfaces with more than one IP address made rarpd
listen only for the last address out of all IP aliases.
I changed this, so that AF_LINK information is always collected first
(to ensure the interface name gets its link-layer address associated),
but while looking for AF_INET addresses, the configuration is cloned
if there has already been one IP address seen for that interface name.
Thus, rarpd now effectively listens on all subnets.
MFC after: 1 week
o mention that the acctfile has to exist for accton to work [1]
o add reference to acct.5
PR: 65071 [1] (slightly modified)
Submitted by: Marc Silver <marcs@draenor.org>
X-MFC after: re approval
pass function arguments and results.
Hopefully no functional changes except fixing a couple of
bugs which could cause endless loops if an ioctl() on an
interface would fail.
Remove global variables in favour of local ones.
Fix indentation of a couple of switch statements.
Overall, this program badly need cleaning up, as it relies
on information passed around through global variables.
Note: bthidd(8) is still not complete. Need to commit kernel
support (a-la Linux /dev/input) to feed HID events into kernel.
Also need to write bthidd(8) and bthidd.conf(5) man pages.
present in ndp(8).
The vendor branch import uses a _U_ macro to apply the GCC 'unused' attribute
to the rcs ids embedded in each source file. Teach ndp about this.
Removing the -compact option passed to .Bl macro to avoid useless .Pp macros;
Adding a missing period;
Using .Xr with .Nd since makewhatis(1) has no support for cases where the Xref is absent.
Informed by: ru
* `pkg_info -flags' needs either `-a' or a package name. [1]
* Add -Q option to manual page.
* Update `usage:' to match the manual page.
PR: misc/64786 [1]
Reviewed by: ru
MFC after: 3 days
tied to nfsd(8), exports is the configuration file users will most
likely need to configure when dealing with a NFS server.
Submitted by: Florian Hars <hars@bik-gmbh.de>
PR: docs/64714
MFC after: 3 days
exactly the same as patch from the PR, which also exited if the
config file was missing. I didn't use Jeff's patch because I was
worried that some people might start inetd, create the config file
and then HUP inetd.
PR: 60806
Submitted by: Jeff Ito <jeffi@rcn.com>
MFC after: 2 weeks
addresses. For arch's with 64-bit longs, this is a nop, but for i386 this
allows sysinstall to properly handle disks and filesystems > 1 TB.
Changes from the original patch include:
- Use d_addr_t rather than inventing a blkcnt type based on int64_t.
- Use strtoimax() rather than strtoull() to parse d_addr_t's from config
files.
- Use intmax_t casts and %jd rather than %llu to printf d_addr_t values.
Tested on: i386
Tested by: kuriyama
Submitted by: julian
MFC after: 1 month
o Add a -D option to not attempt to create the home directory.
o Treat the /nonexistent home directory specially. It means the user has
no home directory and it should not be created.
o Update Copyright year and my email.
/sbin to /usr/sbin. A symlink from /sbin/nologin -> /usr/sbin/nologin
is created for compatibility purposes.
This will probably not cause any problems, but anyone who is doing
anything particularly unusual with nologin(8) or shells in general might
be well advised to check that everything still works.
Bikesheds on: cvs-all, current
/sbin/nologin for compatibility purposes. Also, remove the NO_NOLOGIN_LOG
option; we don't need to worry about conserving space as much on the /usr
partition.
Note that usr.sbin/nologin is not yet hooked up to the build.
- Add DECL wrappers to libgeom.h.
- Rename structure members in libgeom.h to use a lg_ prefix for member
names. This is required because a few structures had members named
'class' which made g++ very unhappy.
- Catch gstat(8) and gconcat(8) up to these API changes.
Reviewed by: phk
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.
Approved by: bms(mentor)
data buffering issue that corrupts files if two pw(8)'s run at the
same time as well as changing pw(8) so it uses the same locking
mechanism as PAM, vipw(8), pwd_mkdb(8), etc.
PR: bin/23501
Submitted by: Alex Kapranoff <alex (at) kapran (dot) bitmcnit (dot) bryansk (dot) su>
Approved by: rwatson (mentor)
MFC after: 5 days
records with time==0 get "the time of the last valid record", while records
where time goes backwards (compared to the previous record) are skipped.
Also prints a message saying how many records were changed or skipped due
to these checks. Check was inspired by a simpler check in OpenBSD's version.
This is all meant to sidestep problems that Tillman Hodgson noticed with 'ac'
when running sparc64 with 64-bit time_t's. The real problem is whatever is
creating wtmp records with ut_time==0, of course, but I have not yet figured
out what is doing that.
Reviewed by: no screams from freebsd-sparc64 or bde
MFC after: 2 weeks
so the program compiles without errors or warnings when DEBUG is defined on
sparc64 with 64-bit time_t's. Also have debug statements include the year
when printing records from a different year than 'now'. Also print out a
special timestamp in debug statements when ut_time==0.
Reviewed by: freebsd-sparc, bde
MFC after: 2 weeks
they want to delete '*'. It turns out that there is one valid case where
this might happen, installing to an empty DESTDIR.
Patch submitted by: schweikh
if_ndis.c has been split into if_ndis_pci.c and if_ndis_pccard.c.
The ndiscvt(8) utility should be able to parse device info for PCMCIA
devices now. The ndis_alloc_amem() has moved from kern_ndis.c to
if_ndis_pccard.c so that kern_ndis.c no longer depends on pccard.
NOTE: this stuff is not guaranteed to work 100% correctly yet. So
far I have been able to load/init my PCMCIA Cisco Aironet 340 card,
but it crashes in the interrupt handler. The existing support for
PCI/cardbus devices should still work as before.
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).
There are places where (void *) pointers are not valid, such as for
function pointers, but in the special case of (void *)0, agreement
settles on it being OK.
Most of the fixes were NULL where an integer zero was needed; many
of the fixes were NULL where ascii <nul> ('\0') was needed, and a
few were just "other".
Tested on: i386 sparc64
done inside of chroot(2) to chrootdir. Added to help with sysinstall(8)
support of install to alternate root but possibly useful for setting up
jails, etc.
No objection from: portmgr@
Style(9) abuse due to: entire program violates style(9)
Approved by: rwatson (mentor)
libexec/ftp-proxy - ftp proxy for pf
sbin/pfctl - equivalent to sbin/ipf
sbin/pflogd - deamon logging packets via if_pflog in pcap format
usr.sbin/authpf - authentification shell to modify pf rulesets
Bring along some altq headers used to satisfy pfctl/authpf compile. This
helps to keep the diff down and will make it easy to have a altq-patchset
use the full powers of pf.
Also make sure that the pf headers are installed.
This does not link anything to the build. There will be a NO_PF switch for
make.conf once pf userland is linked.
Approved by: bms(mentor)
generic watchdoc(9) interface.
Make watchdogd(8) perform as watchdog(8) as well, and make it
possible to specify a check command to run, timeout and sleep
periods.
Update watchdog(4) to talk about the generic interface and add
new watchdog(8) page.
nologin(8), this causes a considerable (100K) increase in the binary size,
so I've added a NO_LOGIN_LOG option which disables this.
While I'm here, s/sizeof(MESSAGE)/sizeof(MESSAGE) - 1/, in order to
avoid writing the string-terminating zero byte.
No complaints from: -current
Approved by: rwatson (mentor)
This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.
Sponsored by: sentex.net
hostname rather than an IP. The code was copying the pointer to the
IP address instead of the IP address itself. The bug has existed
ever since ypset was first imported in 1994.
PR: bin/62550
Submitted by: aardvark@saintaardvarkthecarpeted.com
MFC after: 1 week