1) Allow the sending of more than one control message at a time
over a unix domain socket. This should cover the PR 29499.
2) This requires that unp_{ex,in}ternalize and unp_scan understand
mbufs with more than one control message at a time.
3) Internalize and externalize used to work on the mbuf in-place.
This made life quite complicated and the code for sizeof(int) <
sizeof(file *) could end up doing the wrong thing. The patch always
create a new mbuf/cluster now. This resulted in the change of the
prototype for the domain externalise function.
4) You can now send SCM_TIMESTAMP messages.
5) Always use CMSG_DATA(cm) to determine the start where the data
in unp_{ex,in}ternalize. It was using ((struct cmsghdr *)cm + 1)
in some places, which gives the wrong alignment on the alpha.
(NetBSD made this fix some time ago).
This results in an ABI change for discriptor passing and creds
passing on the alpha. (Probably on the IA64 and Spare ports too).
6) Fix userland programs to use CMSG_* macros too.
7) Be more careful about freeing mbufs containing (file *)s.
This is made possible by the prototype change of externalise.
PR: 29499
MFC after: 6 weeks
name is "mount_mfs" or "mfs". Previously, the condition was that
the program name must start with "mount_", but this both missed
the case where mount(8) invokes mdmfs with argv[0] = "mfs", and it
included cases such as "mount_md" where compatibility is not
required.
Reviewed by: dd
a block or character device; the rest of tunefs works just fine on
filesystem images in regular files. Instead, if getfsfile() failed
and if the specified filesystem is a directory then print a more
useful "unknown file system" error.
Also, _PATH_DEV already contains a trailing slash, so don't add
another one when constructing a device path, and use errx() instead
of err() in a case where errno is meangingless.
addresses (and the macros that ipfw(4) use to lookup data for the 'me'
keyword have been converted) remove a comment about using 'me' being a
"computationally expensive" operation.
while I'm here, change two instances of "IP number" to "IP address"
+ implement "limit" rules, which permit to limit the number of sessions
between certain host pairs (according to masks). These are a special
type of stateful rules, which might be of interest in some cases.
See the ipfw manpage for details.
+ merge the list pointers and ipfw rule descriptors in the kernel, so
the code is smaller, faster and more readable. This patch basically
consists in replacing "foo->rule->bar" with "rule->bar" all over
the place.
I have been willing to do this for ages!
MFC after: 1 week
right; after a single packet was dropped it beeped after every
transmission.
Change its implementation to only output a bell when there is an
increase in the maximum value of the number of packets that were
sent but not yet received. This has the benefit that even for very
long round-trip times, ping -A will do roughly the right thing
after a few inital false-positives.
Reviewed by: ru
and speed. No new functionality added (yet) apart from a bugfix.
MFC will occur in due time and probably in stages.
BUGFIX: fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (there is a PR on this).
OTHER CHANGES: minor changes to the internal struct for static and dynamic rules.
Requires rebuild of ipfw binary.
Add comments to show how data structures are linked together.
(It probably makes no sense to keep the chain pointers separate
from actual rule descriptors. They will be hopefully merged soon.
keep a (sysctl-readable) counter for the number of static rules,
to speed up IP_FW_GET operations
initial support for a "grace time" for expired connections, so we
can set timeouts for closing connections to much shorter times.
merge zero_entry() and resetlog_entry(), they use basically the
same code.
clean up and reduce replication of code for removing rules,
both for readability and code size.
introduce a separate lifetime for dynamic UDP rules.
fix a problem in old code which prevented reallocation of
the hash table for dynamic rules (PR ...)
restructure dynamic rule descriptors
introduce some local variables to avoid multiple dereferencing of
pointer chains (reduces code size and hopefully increases speed).
of dumpmag from an int to a u_long in rev 1.41 -- without this
change, savecore will always fail like this:
#savecore -v /var/crash
dumplo = 874356736 (1707728 * 512)
savecore: magic number mismatch (8fca0101 != 8fca0101)
savecore: no core dump
gzip(1). gdb doesn't understand these, but then again it didn't
understand compressed crashdumps either.
* Change a stray lseek() into a Lseek()
* Remove the extraneous prototype for log() which has apparently never
existed in FreeBSD's sources
Obtained from: NetBSD (partially)
MFC after: 2 weeks
COPTS towards the end of final CFLAGS so that it can be used to
override Makefile and other defaults. Using it in Makefiles risks
having options set using it clobbered when somebody uses it on the
command line.
Approved by: bde
where the headers should live, as the code references both "ip_fil.h" and
"netinet/ip_fil.h" (among others). As a consequence, put both
sys/contrib/ipfilter and sys/contrib/ipfilter/netinet to the include path
so either variant works.
PR: 29384
Pointed out by: Thomas.Quinot@Cuivre.FR.EU.ORG
Allow non-superuser to open, listen to, and send safe commands on the
routing socket. Superuser priviledge is required for all commands
but RTM_GET.
Lose `setuid root' bit of route(8).
Reviewed by: wollman, dd
At the times, restore(8) and rrestore(8) were the different
utilities. rrestore(8) was installed setuid `root', while
restore(8) with usual ownership and privileges. Later on,
on August 28, 1991 (what a coincidence!), rrestore(8) code
was merged with restore(8). The setgid `tty' bit then was
accidentally put.
default if the executable is named (called as) "mount_*", or can be
enabled with the -C option. This allows users to leave their old
fstab entires unchanged (modulo symlink'ing mdmfs to mount(md|mfs))
and have things behave the way they should (by emulating mount_mfs
silliness), while still allowing mdmfs to be used as a generic
make-an-md-and-mount-it type thing.
Right now, the only effects of this option is to set the mount-point
mode to 01777 as if "-p 1777" was given, and to complain about getting
command-line options that mount_mfs didn't take (e.g., -X, -L, et al).
The latter is mostly to try to catch operator errors.
Also implement -U, which turns on soft-updates. It's redundant (since
softdep is the default), but implement it anyway for compatibility.
bypass some extra anti-foot-shooting measures. Currently, its only
effect is to allow detaching a device while it's still open (e.g.,
mounted). This is useful for testing how the system reacts to a disk
suddenly going away, which can happen with some removeable media.
At this point, the force option is only checked on detach, so it
would've been possible to allow the option to be passed with the
MDIOCDETACH operation. This was not done to allow the possibility of
having the force flag influence other tests in the future, which may
not necessarily deal with detaching the device.
Reviewed by: sobomax
Approved by: phk
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure. Also the output of setkey is changed. sequence number
of the sadb is replaced to the end of the output.
Obtained from: KAME
pointed out by bde:
- Ask for user confirmation before adjusting to a head/cylinder
boundary (only when running interactively), and separate this
adjustment from the automatic calculation of c/h/s parameters.
- In sanitize_partition, don't change any values in the slice until
we know that the automatic adjustment will succeed.
- When auto-adjusting, ignore unused slices and give an appropriate
error for other zero-size slices depending on the cause.
- Change dos() to do all of the c/h/s calculations for a whole slice;
this fixes a bug where the ending c/h/s of an unused slice was set
incorrectly.
- When changing the active slice, detect the currently active slice
number instead of always defaulting to slice 4.
- Call fflush(stdout) before calling fgets().
- Test for fgets() returning NULL so we don't loop on EOF.
Reviewed by: bde
1.) prefix all functions in the library with devstat_ (compatability
functions are available for all functions that were chaned in an
incompatible way, but are deprecated).
2.) Add a pointer to a kvm_t as the first argument to functions that
used to get their information via sysctl; they behave the same
as before when NULL is passed as this argument, otherwise, the
information is obtained via libkvm using the supplied handle.
3.) Add a new function, devstat_compute_statistics(), that is intended
to replace the old compute_stats() function. It offers more
statistics data, and has a more flexible interface.
libdevstat does now require libkvm; a library depedency is added, so
that libkvm only needs to be explicitely specified for statically linked
programs.
The library major version number is bumped.
Submitted by: Sergey A. Osokin <osa@freebsd.org.ru>, ken (3)
Reviewed by: ken
- Declare mtabhead as an extern in mounttab.h and define it only in
mounttab.c.
- Remove shared global `verbose' and instead pass it as a parameter.
- Remove the `mtabp' argument to read_mtab(). It served no purpose
whatsoever, although read_mtab() did use it as a temporary local
variable.
- Don't check for impossible conditions when parsing mounttab, and
do detect zero-length fields.
- Correctly test for strtoul() failures - just testing ERANGE is wrong.
- Include a field name in syslog errors, and avoid passing NULL to
a syslog %s field.
- Don't test if arrays are NULL.
- If there are duplicates when writing out mounttab, keep the last
entry instead of the first, as it will have a later timestamp.
- Fix a few formatting issues.
Update rpc.umntall and umount to match the mounttab interface changes.
information for any command line error, the actual error message
almost always (and sometimes irretrievably) lost scrolling off the top
of the screen. Now just print the error. Give ipfw(8) no arguments for
the old usage summary.
Thanks to Lyndon Nerenberg <lyndon@orthanc.ab.ca> for the patch and
PR, but I had already done this when ru pointed out the PR.
PR: bin/28729
Approved by: ru
MFC after: 1 week
immediately if a host specified by the -h flag cannot be parsed
instead of attempting to unmount all NFS filesystems, which was
bad.
Add a missing return statement at the end of checkname(); this
could result in a non-zero exit status in some cases even if the
unmount succeeded.
Group two separate NFS-related operations into one block to make
it more obvious that a variable (hostp) is not dereferenced when
uninitialised. Initialise it to NULL anyway to avoid a warning.
Pass in the read_mtab()'s bogus argument as NULL instead of messing
with a local variable to achieve the same effect. A later commit
will clean up this mounttab interface.
forever by default. This matches what mount_nfs did before revision
1.40, and it is the generally expected behaviour for NFS mounts.
Document the current defaults near the start of the man page and
mention the options that can be used to change them.
Discussed on: -hackers
to give up after one attempt unless a background mount is requested.
Background mounts would retry 10000 times (at least 7 days) before
giving up.
For some situations such as diskless terminals, an NFS filesystem
may be critical to the boot process, so neither the "try once" nor
background mounts are appropiate. To cater for this situation,
unbreak the -R (retry count) parameter so that it also works in
the non-background case. Interpret a zero retry count as "retry
forever".
The defaults are now "try once" for non-background mounts and "retry
forever" for background mounts; both can be overridden via -R.
Add a description of this behaviour to the manpage.
device search code i introduce nearly six years ago in rev 1.8. Bruce
suggested to rather use the device name of the root filesystem instead
which is certainly the most sensible default. Since there are many
possible cases for a root filesystem name (device with and without
slices, consider /dev/vinum/root even though it currently could not
work as such), there's some heuristic using a RE in order to find out
the canonical device name from the mounted name. This probably won't
quite fit for a NFS root (can't test that right now), but then,
there's hard to find a good default for those machines anyway. ;-)
This unbreaks the functionality of rev 1.2 i once broke in 1.8. :)
to use 0xffffffff (INADDR_NONE) as a netmask value. The fix
is to use inet_addr(3) which doesn't suffer from this problem.
PR: bin/28873
Also, while here, fixed the bug when netmask value was ignored
(RTF_HOST flag was set) if the "destination gateway netmask"
syntax is used, e.g. ``route add 1.2.3.4 127.1 255.255.255.255''.
The original code was certainly broken; it knows that whereto is
to be used for a sockaddr_in, so it should be declared as such.
To support multiple protocols, there is also a sockaddr_storage
struct that can be used; I don't think struct sockaddr is supposed
to be used anywhere other than for casts and pointers.
Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
MFC after: 3 weeks
This one is strange and goes against my rusty compiler knowledge.
The global declaration
struct sockaddr whereto;
produces for both i386 && alpha:
.comm whereto,16,1
which means common storage, byte aligned. Ahem. I though structs
were supposed to be ALDOUBLE always? I mean, w/o pragma packed?
Later on, this address is coerced to:
to = (struct sockaddr_in *)&whereto;
Up until now, we've been fine on alpha because the address
just ended up aligned to a 4 byte boundary. Lately, though,
it end up as:
0000000120027b0f B whereto
And, tra la, you get unaligned access faults. The solution I picked, in
lieu of understanding what the compiler was doing, is to put whereto
as a union of a sockaddr and sockaddr_in. That's more formally correct
if somewhat awkward looking.
prematurely terminate the search for a usable disk. ENOENT is quite
normal in particulare now with the advent of devfs.
While being here, also remove /dev/wd0 and /dev/od0 from the list of
disks to search since we don't have them anymore.
MFC after: 1 week
backslash as nothing, treat it like a space so that adjacent lines
aren't glued together.
PR: 8479
Submitted by: Adrian Filipi-Martin <adrian@ubergeeks.com>
user runs with privilege, allowing the sending of icmp packets with
larger size (up to 48k, the default receive buffer size in ping),
which is useful for network driver development testing, as well
as experimentation with fragmentation.
Reviewed by: wpaul
ensure that we never proceed with the mount() syscall if the server
is replying from the wrong source address. Previously the userland
RPC call to the remote nfsd would succeed, but the kernel uses
connect() so it would not see the replies, resulting in a hung
mount.
NQNFS code is ancient, bug-ridden, and should probably be removed).
The wording here was very confusing; it was easy to get the impression
that NQNFS is an extension to NFSv3 when in fact it just uses some
NFSv3-like extensions on top of NFSv2. As witnessed by the mailing
lists and PRs, some people were reading the description and deciding
that NQNFS was what they wanted to use.
MFC after: 1 week
driver itself obviously won't configure such a disk, but the error
returned (EDOM) is more cryptic to the average user than it should be.
Also assert that the argument to -u is in fact a valid unit; don't
just accept any string to mean 0.
Approved by: phk
in revision 1.48. It is pretty valid and often feasible to use
a non-point-to-point interface as the gateway. One might, for
example, use this to route some hosts through an ARP on a local
interface, without having to assign an additional IP address:
Script started on Tue Jun 12 16:16:09 2001
# ifconfig rl0 inet
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.4.115 netmask 0xffffff00 broadcast 192.168.4.255
# netstat -arn -finet | grep -w rl0
192.168.4 link#1 UC 3 0 rl0 =>
192.168.4.65 0:d0:b7:16:9c:c6 UHLW 1 0 rl0 1197
# route add -net 192.168.100 -iface rl0
add net 192.168.100: gateway rl0
# ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1): 56 data bytes
64 bytes from 192.168.100.1: icmp_seq=0 ttl=255 time=0.551 ms
64 bytes from 192.168.100.1: icmp_seq=1 ttl=255 time=0.268 ms
^C
--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.268/0.410/0.551/0.142 ms
# netstat -arn -finet | grep -w rl0
192.168.4 link#1 UC 3 0 rl0 =>
192.168.4.65 0:d0:b7:16:9c:c6 UHLW 1 0 rl0 1165
192.168.100 link#1 UCSc 1 0 rl0 =>
192.168.100.1 0:d0:b7:16:9c:c6 UHLW 1 4 rl0 1192
Script done on Tue Jun 12 16:17:12 2001
This is needed to pick up the right headers. Wrong headers from
src/contrib/ipfilter are used otherwise.
The right fix would be to fix contrib/ipfilter C sources to pick up
headers from <sys/netinet>.
Noticed by: peter
