allows the user to force the creation of a GPT even when there's a
MBR on the device. The MBR is simply wiped and any partitions
described by it are lost. Without the -f option one cannot create
a GPT when there's a MBR.
and 'mediasz' is in bytes. As it so happens, we define 'last' as the
sector number of the last sector on the medium which also is the size
of the PMBR partition. Therefore, use 'last' instead of 'mediasz'.
Submitted by: Dan Markarian <markarian at apple dot com>
to lo(4) interfaces to have an effect, and that this is not needed
when using IP fast forwarding.
Sponsored by: eXtensible Open Router Project <URL:http://www.xorp.org/>
MFC after: 3 weeks
to PRECIOUSLIB from bsd.lib.mk. The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.
Reviewed by: oliver
implying that geom(8) is a RAID solution, but it can be used for that
purpose, and a pointer in that direction is better than nothing.
PR: 73088
Submitted by: Miguel Mendez <flynn@energyhq.es.eu.org>
the MBR after it is migrated to a GPT. While this was useful during
the early days when GPT support was under development, it's something
that users can use without knowing what they're getting themselves
into. The possible harm outweights the marginal usefulness it now has.
reversals+system lock ups if they are using ucred based rules
while running with debug.mpsafenet=1.
I am working on merging a shared locking mechanism into ipfw which
should take care of this problem, but it still requires a bit more
testing and review.
1) ginode() is passed a cylinder group number and inode number. The inode
number is relative to the cg. Use this relative number rather than the
absolute inode number when searching the cg inode bitmap to see if the inode
is allocated. Using the absolute number quickly runs the check off the end
of the array and causes invalid inodes to be referenced.
2) ginode() checks the absolute indoe number to make sure that it is greater
than ROOTINO. However, the caller loops through all of the possible inode
numbers and directly passes in values that are < ROOTINO. Instead of halting
the program with an error, just return NULL.
3) When allocating new cylinder groups, growfs was initializing all of the
inodes in the group regardless of this only being required for UFS1. Not
doing this for UFS2 provides a significant performance increase.
These fixes allow growing a filesystem beyond a trivial amount and have
been tested to grow an 8GB filesystem to 1.9TB. Much more testing would
be appreciated.
Obtained from: Sandvine, Inc.
count of zero and instead encode this information in the inode state.
Pass 4 performed a linear search of this list for each inode in
the file system, which performs poorly if the list is long.
Reviewed by: sam & keramida (an earlier version of the patch), mckusick
MFC after: 1 month
- Document better what the -C option means.
- The -c option is currently a no-op.
- The -D and -h options do not allow switching between
single/dual console modes and internal/video consoles.
(This used to be true for the old biosdisk boot code,
but now they just force the multiple consoles mode and
serial console, respectively.)
1M blocks and optionally write the read data to a file or disk.
If a read error happens, the 1M block gets put on the end of the worklist
and will be retried with 64k blocksize.
If a read error happens again, the 64k block gets put at the end of the
worklist and will be retried with single sector reads.
The program keeps trying until you stop it.
You can refresh a disk:
recoverdisk /dev/ad1 /dev/ad1
or salvage a floppy:
recoverdisk /dev/fd0 myfloppy.flp
standing ability to list a non-existant device in /etc/ttys to keep it
from dying. This is a documented feature of init(8):
The init utility can also be used to keep arbitrary daemons running,
automatically restarting them if they die. In this case, the first field
in the ttys(5) file must not reference the path to a configured device
node and will be passed to the daemon as the final argument on its com-
mand line. This is similar to the facility offered in the AT&T System V
UNIX /etc/inittab.
So rather than fix the man page to 'break' this feature, back out the change.
At the time this change was made, people felt that the spamage from
getty was annoying on headless consoles. Andrew Gallatin noted:
> Most of my machines are headless without video cards and use a serial
> console. With devfs this means that /dev/ttyv[1-N] do not exist and
> getty bitches like this:
>
> Sep 26 11:00:11 monet getty[543]: open /dev/ttyv1: No such file or directory
and we went off and applied this hack rather than fixing getty to
sleep forever when it gets an unknown device, as was Andrew's other
suggestion. Since it breaks things, I'm off to do that instead.
and disklabel.5. Refrencing bsdlabel.5 is somewhat bogus as it is not
connected to the build and is mostly unwritten at this point.
Reported by: Matthias Andree <matthias.andree at web.de>
PR: docs/72020
After this change it should be possible to use very big md(4) devices.
- Clean up and simplify the code a bit.
- Use humanize_number(3) to print size of md(4) devices.
- Add 't' suffix which stands for terabyte.
- Make '-S' to really work with all types of devices.
- Other minor changes.
and sent to the DIVERT socket while the original packet continues with the
next rule. Unlike a normally diverted packet no IP reassembly attemts are
made on tee'd packets and they are passed upwards totally unmodified.
Note: This will not be MFC'd to 4.x because of major infrastucture changes.
PR: kern/64240 (and many others collapsed into that one)
contain O_UID, O_GID and O_JAIL opcodes, the F_NOT or F_OR logical
operator bits get clobbered. Making it impossible to use the ``NOT'' or
``OR'' operators with uid, gid and jail based constraints.
The ipfw_insn instruction template contains a ``len'' element which
stores two pieces of information, the size of the instruction
(in 32-bit words) in the low 6 bits of "len" with the 2 remaining
bits to implement OR and NOT.
The current code clobbers the OR and NOT bits by initializing the
``len'' element to the size, rather than OR'ing the bits. This change
fixes this by changing the initialization of cmd->len to an OR operation
for the O_UID, O_GID and O_JAIL opcodes.
This may be a MFC candidate for RELENG_5.
Reviewed by: andre
Approved by: luigi
PR: kern/63961 (partially)
0xffffffff sectors. Document this limit and avoid installing bogus
labels on disks with more sectors.
Allowing the installation of labels addressing as much of the disk as
possiable may be a useful addition in some situations, but this was easy
to implement and should reduce confusion.
PR: bin/71408
increasing it. Add code to ifconfig to use this size to find the
sockaddr_dl after the struct if_data in the routing message. This
allows struct if_data to grow (up to 255 bytes) without breaking
ifconfig.
Submitted by: peter
keyword but without 'logamount' limit the amount of their log messages
by net.inet.ip.fw.verbose_limit sysctl value.
RELENG_5 candidate.
PR: kern/46080
Submitted by: Dan Pelleg
MFC after: 1 week
verification of regular data when device is in complete state.
On verification error, EIO error is returned for the bio and sysctl
kern.geom.raid3.stat.parity_mismatch is increased.
Suggested by: phk
as well, even if device is in complete state.
I observe 40% of speed-up with this option for random read operations,
but slowdown for sequential reads.
Basically, without this option reading from a RAID3 device built from 5
components (c0-c4) looks like this:
Request no. Used components
1 c0+c1+c2+c3
2 c0+c1+c2+c3
3 c0+c1+c2+c3
With the new feature:
Request no. Used components
1 c0+c1+c2+c3
2 (c1^c2^c3^c4)+c1+c2+c3
3 c0+(c0^c2^c3^c4)+c2+c3
4 c0+c1+(c0^c1^c3^c4)+c3
5 c0+c1+c2+(c0^c1^c2^c4)
6 c0+c1+c2+c3
[...]
has only been partly initialized via newfs(8) so that it applies to both
UFS1 and UFS2.
Submitted by: "Xin LI" delphij at frontfree dot net
MFC: maybe?
Only the actual loopback address should be declared passive, other
addresses are very likely to be desirable to announce.
Check for IFF_LOOPBACK instead of IFF_PASSIVE to determine if we have
an unknown interface type.
Since the only thing truly unique about a prison is it's ID, I figured
this would be the most granular way of handling this.
This commit makes the following changes:
- Adds tokenizing and parsing for the ``jail'' command line option
to the ipfw(8) userspace utility.
- Append the ipfw opcode list with O_JAIL.
- While Iam here, add a comment informing others that if they
want to add additional opcodes, they should append them to the end
of the list to avoid ABI breakage.
- Add ``fw_prid'' to the ipfw ucred cache structure.
- When initializing ucred cache, if the process is jailed,
set fw_prid to the prison ID, otherwise set it to -1.
- Update man page to reflect these changes.
This change was a strong motivator behind the ucred caching
mechanism in ipfw.
A sample usage of this new functionality could be:
ipfw add count ip from any to any jail 2
It should be noted that because ucred based constraints
are only implemented for TCP and UDP packets, the same
applies for jail associations.
Conceptual head nod by: pjd
Reviewed by: rwatson
Approved by: bmilekic (mentor)
This is implemented through SNMP and requires the ilmi daemon to
run on the system. To prevent bloat in rescue the atmconfig for
rescue is compiled without this stuff.
For incoming packets, the packet's source address is checked if it
belongs to a directly connected network. If the network is directly
connected, then the interface the packet came on in is compared to
the interface the network is connected to. When incoming interface
and directly connected interface are not the same, the packet does
not match.
Usage example:
ipfw add deny ip from any to any not antispoof in
Manpage education by: ru
It allows to fix problems when last provider's sector is shared between few
providers.
- Bump version number for CONCAT and STRIPE and add code for backward
compatibility.
- Do not bump version number of MIRROR, as it wasn't officially introduced yet.
Even if someone started to play with it, there is no big deal, because
wrong MD5 sum of metadata will deny those providers.
- Update manual pages.
- Add version history to g_(stripe|concat).h files.
the bug exists in little-endian machine, it was not triggered due
to the difference of memory ordering between little/big endian
machines. Instead of relying on possibly modified value during
function invokcations, use saved copy of ifr.ifr_addr.sa_family.
Also add a comment at the top of ifconfig.c clarifying the issue
so the bug won't re-appear.
Approved by: jake
Reviewed by: yar
partitions and removes any that matches the pre-conditions. The
options are the same for the add command and are used to select
the partitions to remove.
Currently the remove command without any options deletes all GPT
partitions. This is rather harmful and will need anti-footshooting
measures.
starts at 1. No index is represented by 0.
o Change the show command to display the partition number at the expense
of the partition end columm. We already display the start and size.
o Enhance the add command to accept the -i option. The -i option allows
the user to specify which partition number the new partition should
get.
o Update the manpage accordingly.
While here:
o Make the UUIDs static to avoid runtime initialization,
o Rename ext to mslinux,
o Replace the use of memcmp() with uuid_equal(),
o Various style(9) improvements,
o Order the comparisons based on importance,
o Remove the word partition from all the descriptions,
o Other description improvements.
Includes patch from: T. Muthu Mohan < Muthu_T at dell dot com >
new problem shows up: symblic links (<libname>.so) are created under
/usr/lib/ now, instead of under /lib/geom/ where geom(8) looks for them.
Introduce a workaround to fix this by teaching geom(8) to open libraries
via /lib/geom/<libname>.so.<major_number> instead of /lib/geom/<libname>.so.
features. The gmirror(8) utility should be used for control of this class.
There is no manual page yet, but I'm working on it with keramida@.
Many useful tests provided by: simon (thank you!)
Some ideas from: scottl, simon, phk
provider.
- Bump version number.
This allows for a quite interesting trick. One can setup a stripe with
stripe size of 512 bytes and create transparent provider on top of it
with sector size equal to <ndisks> * 512. The result will be something
like RAID3 without parity disk (every access will touch all disks).
RTF_BLACKHOLE as well.
To quote the submitter:
The uRPF loose-check implementation by the industry vendors, at least on Cisco
and possibly Juniper, will fail the check if the route of the source address
is pointed to Null0 (on Juniper, discard or reject route). What this means is,
even if uRPF Loose-check finds the route, if the route is pointed to blackhole,
uRPF loose-check must fail. This allows people to utilize uRPF loose-check mode
as a pseudo-packet-firewall without using any manual filtering configuration --
one can simply inject a IGP or BGP prefix with next-hop set to a static route
that directs to null/discard facility. This results in uRPF Loose-check failing
on all packets with source addresses that are within the range of the nullroute.
Submitted by: James Jun <james@towardex.com>
where boot.config needs to reside. Also change /kernel
to /boot/loader, as that is the apparent default now. This
man page probably requires more updates.
Add a MOD_QUIESCE event for modules. This should return error (EBUSY)
of the module is in use.
MOD_UNLOAD should now only fail if it is impossible (as opposed to
inconvenient) to unload the module. Valid reasons are memory references
into the module which cannot be tracked down and eliminated.
When kldunloading, we abandon if MOD_UNLOAD fails, and if -force is
not given, MOD_QUIESCE failing will also prevent the unload.
For backwards compatibility, we treat EOPNOTSUPP from MOD_QUIESCE as
success.
Document that modules should return EOPNOTSUPP for unknown events.
This class is used for detecting volume labels on file systems:
UFS, MSDOSFS (FAT12, FAT16, FAT32) and ISO9660.
It also provide native labelization (there is no need for file system).
g_label_ufs.c is based on geom_vol_ffs from Gordon Tetlow.
g_label_msdos.c and g_label_iso9660.c are probably hacks, I just found
where volume labels are stored and I use those offsets here,
but with this class it should be easy to do it as it should be done by
someone who know how.
Implementing volume labels detection for other file systems also should
be trivial.
New providers are created in those directories:
/dev/ufs/ (UFS1, UFS2)
/dev/msdosfs/ (FAT12, FAT16, FAT32)
/dev/iso9660/ (ISO9660)
/dev/label/ (native labels, configured with glabel(8))
Manual page cleanups and some comments inside were submitted by
Simon L. Nielsen, who was, as always, very helpful. Thanks!
manpage:
The comparison function must return an integer less than, equal to, or
greater than zero if the first argument is considered to be respectively
less than, equal to, or greater than the second.
Therefore, simply returning "arg1 > arg2" is incorrect. Actually it works
but for the number of items to be sorted less than 7 due to special case
handling in qsort(3);
o add missing '\n' to one of usage() calls.
Approved by: phk
- g_lcm() - calculates Least Common Multiple of two given values,
it is helpful when we need to find sector size for provider
which is based on disks with different sector size;
- g_get_mediasize() - returns media size of given provider;
- g_get_sectorsize() - returns sector size of given provider;
Those function aren't used now, but are used by geom_mirror which will be
committed soon.
routed should be able to specify multicast memberships to be added by
interface index. This should fix the unnumbered / point-to-point case
for RIPv2.
PR: bin/51927
Requested by: Eugene Grosbein
modification of a patch which was already applied for BSD/OS in the
Rhyolite.com sources; this file is already off the vendor branch.
PR: bin/57484
Submitted by: Richard Perini
o Add sanity checking to the firewall delete operation
which tells the user that a firewall rule
specification is required.
The previous behaviour was to exit without reporting any
errors to the user.
Approved by: bmilekic (mentor)
. Implement option -c, all partition sizes will be calculated
in cylinders as opposed to sectors. Since the Sun label is
inherently cylinder-based, this makes the job a little easier.
. Implement option -h, print the label in `human readable'
size/offset format.
. Implement SVR4-compatible VTOC-style elements. They are
fully optional, defaulting to the current behaviour where no
VTOC-style table will be written to disk. However, if
desired, the full functionality of the partitioning menu of
Solaris' format(1m) is now offered (and even more).
. When editing the label, do not loop around edit_label() where
a new template file is generated for each turn, this used to
be annoying in that any possible syntax error caused a
complaint, but then the template was created anew, so the
user had to perform all their editing again. Rather loop
inside edit_label(), similar to bsdlabel(8), so in case of
errors, the user will be presented their previous template
file again.
. If VTOC-style elements are present, the overlap checks are
made less stringent. Overlaps will still be warned about,
but overlaps of `unmountable' partitions against other ones
are no longer fatal. That way, e. g. VxVM encapsulated
disk labels can be fully edited in FreeBSD (but not in
Solaris ;-).
. In print_label(), generate the editing hints only if the -e
flag is in effect. Additionally, print a hint about the
total number of sectors in the (hardware) medium.
. When editing a label, allow for changing the geometry
emulation (and textual name) by modifying the "text:" line
on top. That way, a more effective emulation can be
chosen.
. When editing/reading a label, additionally allow for the
suffixes `s' (512-byte sectors), and `c' (cylinders) in the
partition size field.
. Finally, turn the stub man page into something that really
explains the entire thing.
Print the ETA of dump being finished, rather than a cryptic delta
time. Also, if we have written more blocks than the tapesize, assume
that we are 99.99% done and that we'll be finished 'soon'.
- Connect geom_stripe and geom_nop modules to the build.
- Connect STRIPE and NOP classes to the LINT build.
- Disconnect gconcat(8) from the build.
Supported by: Wheel - Open Technologies - http://www.wheel.pl
GEOM classes. CONCAT should be 100% compatible with existing gconcat(8)
utility, which is going to be removed.
Supported by: Wheel - Open Technologies - http://www.wheel.pl
GEOM classes. It works by loading a shared library via dlopen(3) mechanism
with class-specific code, it is also responsible for communicating with
GEOM via libgeom(3).
Per-class shared libraries are going to be stored in /lib/geom/ directory.
It provides also few standard commands like 'list', 'load' and 'unload'
for existing classes which aren't aware of geom(8).
More info will be send on freebsd-current@ mailing list.
Supported by: Wheel - Open Technologies - http://www.wheel.pl
shuffles the timing and sleep calls in bgfsck from:
sleep timer_on io timer_off io io io io io io io
to
sleep io io io io io io io timer_on io timer_off
The original method basically guaranteed that the timed I/O included a
disk seek every time, which made bgfsck sleep for much longer than
necessary.
Submitted by: Dan Nelson
Reviewed by: kirk
mac ipfw rules. The exact same sanity check is performed as
the first operation of add_mac(), so there is no sense
in doing it twice.
Approved by: bmilekic (mentor)
PR: bin/55981
root is allowed to create raw sockets, then they will be able to create
routing sockets, too. However prison-root is not able to manipulate
routing tables. So when route(8) attempts to write to a routing
socket and recieves EPERM from the kernel, exit rather than moving
on with execution.
Approved by: bmilekic (mentor)
violate POLA a little less by not requiring exactly two spaces in front
of the entry (and silently discarding any non-matching entry). We now
recognize anything starting with a letter followed by a colon as the
first non-space chars as a partition entry.
depending on namespace pollution in <sys/stat.h>. struct bintime is
only needed to satisfy leakage of kernel interfaces to userland and
namespace bugs in those interfaces...
This little thing can cause a deadlock, because taste mechanism start
to work after creation of ggate provider and I/O requests are sent from
other classes from the g_event thread, so number of pending events isn't 0.
Now ggatec(8) start second handshake and ggated(8) is trying to open
GEOM provider (for example md(4)) and it can't, because it hangs on
g_waitidle() in g_dev_open(). g_waitidle() cannot finish because
there is a pending read on event queue, and this read can't be
finished, because ggated(8) can't open target device.
GEOM Gate will recover from this deadlock, because requests will
timeout, but it of course isn't the best solution and I don't know
better one for now, so we should avoid opening GEOM providers while
there are pending requests in event queue.
not endian agnostic and thus will create big-endian GPTs on sparc64.
This we don't support. So, before gpt(8) can be used on a big-endian
machine, it has to deal with the endianness.
prior sysctl due to the structure growing between calls try again.
Also try again for deleting routes if things fail. We've seen
route -f fail this way which does not actually flush all routes.
This fixes it. It will whine but it will do the work.
PR: 56732
Obtained from: IronPort
libufs, which only works for Charlie root.
This change reverts the introduction of libufs and moves the
check into the kernel. Since the f_fstypename is the same
for both ufs and ufs2, we check fs_magic for presence of
ufs2 and copy "ufs2" explicitly instead.
Submitted by: Christian S.J. Peron <maneo@bsdpro.com>
source address of a packet exists in the routing table. The
default route is ignored because it would match everything and
render the check pointless.
This option is very useful for routers with a complete view of
the Internet (BGP) in the routing table to reject packets with
spoofed or unrouteable source addresses.
Example:
ipfw add 1000 deny ip from any to any not versrcreach
also known in Cisco-speak as:
ip verify unicast source reachable-via any
Reviewed by: luigi
use backup methods other than files and tapes. The -P argument is
a normal sh(1) pipeline with either $DUMP_VOLUME or $RESTORE_VOLUME
defined in the environment, respectively.
For example, I can back up my home to three DVD+R[W]s as so:
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad0s2e 40028550 10093140 26733126 27% /home
green# dump -0 -L -C16 -B4589840 -P 'growisofs -Z /dev/cd0=/dev/fd/0' /home
the NOKERNINFO flag only marginally de-clutters the output and
has a number of unwanted side effects:
o The kernel info might be what you want to see
o ^T is left non-functional if ping is killed non-cleanly
o "ping -q foo &" gets suspended on tty output
Encouraged by: bde
Now, if we have for example: ad0s1 ad0s1c ad2s1 ad2s1c and we will try
to do: gconcat label foo /dev/ad0s1 /dev/ad2s1 we'll get a panic:
panic: spoiled but dcr = 1
for inside of geom_slice class, backtrace shows:
g_access()
g_slice_access()
g_access()
g_concat_read_metadata()
We need to get a proper fix for this race before geom(8) will be committed.
WARNS=6. I don't change the WARNS level in the Makefile because I
didn't tested this on other archs.
The fs.h fix was suggested by: marcel
Reviewed by: md5(1)
- Use the %jd format and a cast to intmax_t to print an int64_t.
- The return type of getopt() is an int, not a char.
This fixes some warnings but there's still much more work to do here.
MAC support on the file system, if supported, which causes MAC to treat
each object as having its own label, rather than using a single label
for all objects on the file system. This doesn't have to be used in
combination with the tunefs/newfs flags -- it's an alternative.
length, and flags fields at the end of the SRM boot sector so that SRM can
find the bootstrap code. This fixes bsdlabel -m alpha to generate bootable
disklabels.
Reviewed by: phk
/sbin to /usr/sbin. A symlink from /sbin/nologin -> /usr/sbin/nologin
is created for compatibility purposes.
This will probably not cause any problems, but anyone who is doing
anything particularly unusual with nologin(8) or shells in general might
be well advised to check that everything still works.
Bikesheds on: cvs-all, current
On vnode backed md(4) devices over a certain, currently undetermined
size relative to the buffer cache our "lemming-syncer" can provoke
a buffer starvation which puts the md thread to sleep on wdrain.
This generally tends to grind the entire system to a stop because the
event that is supposed to wake up the thread will not happen until a fair
bit of the piled up I/O requests in the system finish, and since a lot
of those are on a md(4) vnode backed device which is currently waiting
on wdrain until a fair amount of the piled up ... you get the picture.
The cure is to issue all VOP_WRITES on the vnode backing the device
with IO_SYNC.
In addition to more closely emulating a real disk device with a
non-lying write-cache, this makes the writes exempt from rate-limited
(there to avoid starving the buffer cache) and consequently prevents
the deadlock.
Unfortunately performance takes a hit.
Add "async" option to give people who know what they are doing the
old behaviour.
- Add DECL wrappers to libgeom.h.
- Rename structure members in libgeom.h to use a lg_ prefix for member
names. This is required because a few structures had members named
'class' which made g++ very unhappy.
- Catch gstat(8) and gconcat(8) up to these API changes.
Reviewed by: phk
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.
Approved by: bms(mentor)
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).
There are places where (void *) pointers are not valid, such as for
function pointers, but in the special case of (void *)0, agreement
settles on it being OK.
Most of the fixes were NULL where an integer zero was needed; many
of the fixes were NULL where ascii <nul> ('\0') was needed, and a
few were just "other".
Tested on: i386 sparc64
- bzero the CCB header in getdevtree() and set the path properly, to
avoid having random garbage in the CCB header.
- if the lun isn't specified in a device specifier, it should default to
0, not whatever random data happens to be in the lun variable.
- move the prototype for getdevtree() out from under #ifndef MINIMALISTIC,
since it is used in both cases.
Submitted by: Marius Strobl <marius@alchemy.franken.de> (mostly)
MFC After: 2 weeks
libexec/ftp-proxy - ftp proxy for pf
sbin/pfctl - equivalent to sbin/ipf
sbin/pflogd - deamon logging packets via if_pflog in pcap format
usr.sbin/authpf - authentification shell to modify pf rulesets
Bring along some altq headers used to satisfy pfctl/authpf compile. This
helps to keep the diff down and will make it easy to have a altq-patchset
use the full powers of pf.
Also make sure that the pf headers are installed.
This does not link anything to the build. There will be a NO_PF switch for
make.conf once pf userland is linked.
Approved by: bms(mentor)
like tun are naming their modules using the 'if_; prefix and previous version of
the code failed to detect their presence in the kernel, resulting in the same
module being loaded twice.
created with the multilabel flag from inception. This simply
passes the "-l" flag on to newfs(8).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
permits users of newfs to set the multilabel flag on UFS1 and UFS2
file systems from inception without using tunefs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
nologin(8), this causes a considerable (100K) increase in the binary size,
so I've added a NO_LOGIN_LOG option which disables this.
While I'm here, s/sizeof(MESSAGE)/sizeof(MESSAGE) - 1/, in order to
avoid writing the string-terminating zero byte.
No complaints from: -current
Approved by: rwatson (mentor)
the corresponding manpage has been committed.
The rest of "vlan" words, which are refering
to the technology itself, should be capitalized.
MFC after: 1 week
"makedev" command for backwards compatibility, but just print out an
informational message (this was the current behaviour, anyway) and remove
it from the documentation.
Approved by: grog (mentor)
that ext2fs in the kernel supports async mounts. ext2fs used to
effectively force the -async flag on. -async for ext2fs only gives
async (more precisely, delayed) writes for inode updates, so it is
barely worth using even when it is safe.
This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations,
thus allowing administrators to add per-host keys to the SADB for use by
the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which
adds support to the SPD to specify flows for tcp-md5 treatment is suitable
for production.
Sponsored by: sentex.net
These files had tags after the copyright notice,
inside the comment block (incorrect, removed),
and outside the comment block (correct).
Approved by: rwatson (mentor)
- Ensure that the buffer ends with "\n\0" to avoid special cases
and allow the use of strtol().
- Use strvisx() on each complete line instead of character by
character.
Submitted by: bde
MFC after: 1 week
lookup on an IP address from the packet (such as the IP that sent
a TTL exceeded error). If the DNS lookup takes a long time, ^C will
appear to be ineffective since the SIGINT handler just sets a flag
and returns. Work around this by exiting immediately on receipt of
a second SIGINT when DNS lookups are enabled.
PR: bin/4696
MFC after: 1 week
full, since that line is almost always incomplete. Make the parsing
of <%d> lines more strict.
Also simplify the logic a little:
- Start off by making the buffer linear so that we don't have to
deal with it wrapping around (suggested by bde).
- Process line by line rather than byte at a time.
has now has no effect except in combination with -p, and plain fsck
checks all file systems instead of skipping clean ones for msdosfs
only.
Renamed the force flag to skipclean and inverted its logic as in
fsck_ffs.
combined with the the signature check in a wrong way (basically
(dirty:= signature_recognised() && !clean) instead of
(mightbedirty:= !signature_recognized || !clean), so file systems
with unrecognized signatures were considered clean. Many of the
don't-care and reserved bits were not ignored, so some file systems
with valid signatures were unrecognized. One of my FAT32 file systems
has a signature of f8,ff,ff,ff,ff,ff,ff,f7 when dirty, but only
f8,ff,ff,0f,ff,ff,ff,07 was recognised as dirty for FAT32, so the
fail-unsafeness made my file system always considered clean.
Check the i/o non-error bit in checkdirty(). Its absence would give
an unrecognized signature in code that is unaware of it, but we now
mask it out of the signature so we have to check it explicitly. This
combines naturally with the check of the clean bit.
Reviewed by: rnordier (except for final details)
better. There is a related I/O error flag which we don't support in
the kernel but must support here. (Support for bits that we don't
understand here is mostly automatic by fail-safeness, but checkdirty()
has fail-unsafeness.) There are some reserved and don't-care bits
that weren't fully documented and aren't always masked properly. The
comment about the bits in readfat() will be removed when the masking
is fixed.
Submitted by: rnordier
reorganize the printing of the interface name when using wildcard
cloning so it is not printed if it we either immediately rename or
destroy the interface.
Reviewed by: ru
in those cases:
1. File system was mounted by an unprivileged user.
2. File system was mounted by an unprivileged root user.
3. File system was mounted by a privileged non-root user.
Point 1 is when file system was mounted by unprivileged user
(sysctl vfs.usermount was equal to 1 then).
Point 2 is when file system was mounted by root, while sysctl
security.bsd.suser_enabled is set to 0 and sysctl vfs.usermount
is set to 1.
Point 3 is because we want to be ready for capabilities.
Reviewed by: rwatson
Approved by: scottl (mentor)
from the sdl because strlcpy requires that the source string be
NUL-terminated unlike strncpy.
Submitted by: Peter Jeremy <PeterJeremy at optushome dot com dot au>
name.
Prevent the kernel from potentially overflowing the interface name
variable. The size argument of strlcpy is complex because the name is
not null-terminated in sdl_data.
return for getopt() and comparing to -1, ditto with fgetc() and EOF,
and using the kg_nice value from <sys/user.h>
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
Reviewed by: obrien, bde (a while back)
Tested lightly on: ppc, i386, make universe
- Unify the conditional assignments section so that architectural
exclusions come first, then options and !options, sorted by the
option name, also in directory order, then architecture specific
sections, sorted by the architecture name, with i386 being a
traditional exception.
Prodded by: bde
this program. Gnu indentation is used for these. Redo the fix for
the large expression at the end of the previous commit to give gnu
indentation. The original version was gnuish but had 9 bogus extra
characters of indentation in its continuation lines, perfect tab
lossage on every line, and other bugs.
The previous commit log should have claimed to fix style bugs in the
previous-1 commit (1.5), not the forced null previous commit (1.6).
