Commit Graph

1489 Commits

Author SHA1 Message Date
emaste
59fe28863e Regenerate src.conf.5 after r316706 2017-04-11 17:06:52 +00:00
emaste
f8f4ecc7b4 regenerate src.conf.5 after r316647 and r316684
Sponsored by:	The FreeBSD Foundation
2017-04-10 21:00:47 +00:00
asomers
f3c5e0baa9 Fix man page typo from r316342
Reported by:	rgrimes
MFC after:	20 days
X-MFC-With:	316342
2017-04-01 15:04:37 +00:00
asomers
36721468a4 Consolidate random sleeps in periodic scripts
Multiple periodic scripts sleep for a random amount of time in order to
mitigate the thundering herd problem. This is bad, because the sum of
multiple uniformly distributed random variables approaches a normal
distribution, so the problem isn't mitigated as effectively as it would be
with a single sleep.

This change creates a single configurable anticongestion sleep. periodic
will only sleep if at least one script requires it, and it will never sleep
more than once per invocation. It also won't sleep if periodic was run
interactively, fixing an unrelated longstanding bug.

PR:		217055
PR:		210188
Reviewed by:	cy
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D10211
2017-04-01 04:42:35 +00:00
ngie
bc30970903 Add a post-humous manpage for cd9660(5), the ISO-9660 file system
Describe (briefly) how to compile the filesystem into the kernel and
load as a module.

Reference cd9660(5) in mount(8) and mount_cd9660(8).

MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-03-23 02:57:08 +00:00
ngie
e47b6a1924 tmpfs(5): fix mdoc warnings
- Delete trailing whitespace
- Sort SEE ALSO order: mmap(2)'s Xr should come before nmount(2)'s Xr.

MFC after:	1 week
Reported by:	make manlint
Sponsored by:	Dell EMC Isilon
2017-03-23 02:33:27 +00:00
ngie
f61e28eb5e Regenerate src.conf(5) (again)
Sponsored by:	Dell EMC Isilon
2017-03-23 02:29:59 +00:00
ngie
a8efabdc49 Regenerate src.conf(5)
Sponsored by:	Dell EMC Isilon
2017-03-23 02:21:59 +00:00
ngie
c83649c43c rc.conf(5): fix a .Xr call for chroot(8)
Add the missing section number to the .Xr call.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-23 01:16:26 +00:00
bjk
6c869ffdd6 Tidy up mdoc formatting for "etc.)" at end of line
man(1) has some logic to use two spaces after a full stop, which is
useful for spotting sentence breaks in monospace fonts.  However,
this logic is very simple, treating almost all '.' characters as
end-of-sentence markers, unless followed by certain other
characters.  For example, '.,' is not end-of-sentence, and neither
is ".) ", but ".)" at the end of a line triggers the sentence-end
detection.

Apply a zero-width space to a few instances of this in share/man,
and also supply a missing full stop for an instance that occurred at
the end of a sentence.

Leave untouched several instances that are at the end of a sentence
or list element.

Reported by:	0mp (ieee80211.9)
2017-03-19 01:24:18 +00:00
bapt
ca0231a162 Regenerate after r315057 2017-03-11 06:58:28 +00:00
badger
c5f4b2d41d remove procfs ctl interface
This interface has no in-tree consumers and has been more or less
non-functional for several releases.

Remove manpage note that the procfs special file 'mem' is grouped to
kmem. This hasn't been true since r81107.

Remove procfs' README file. It is an out of date duplication of the manpage
(quoth the README: "since the bsd kernel is single-processor...").

Reviewed by:	vangyzen, bcr (manpage)
Approved by:	des (procfs maintainer), vangyzen (mentor)
Differential Revision:	https://reviews.freebsd.org/D9802
2017-03-05 03:05:24 +00:00
emaste
901ee8dee4 regen src.conf.5 for clang-4.0.0 merge
Note that makeman's use of 'make showconfig' interacts poorly with
the COMPILER_FEATURES test in share/mk/src.opts.mk, because it tests the
host compiler, not the bootstrap compiler that will actually be used to
build world. This causes it to report that Clang is enabled by default
on MIPS and PowerPC.

For example:
% make TARGET_ARCH=mips64 showconfig | grep CLANG
MK_CLANG         = yes
MK_CLANG_BOOTSTRAP = no
MK_CLANG_EXTRAS  = no
MK_CLANG_FULL    = yes
MK_CLANG_IS_CC   = no

I am committing this version anyway to avoid extraneous diffs in
src.conf.5 after every other WITH_/WITHOUT_FOO change.

In addition, we intend to switch to a C++11 compiler for all archs for
12.0 (either by fixing Clang for those archs, or by requiring an
external toolchain), and then src.conf.5 will be correct.

Sponsored by:	The FreeBSD Foundation
2017-03-03 16:07:46 +00:00
np
ff4c870db3 Regen src.conf.5 after r314579.
Sponsored by:	Chelsio Communications
2017-03-03 15:47:50 +00:00
emaste
c86cbe211d regen src.conf.5 after r313169
Sponsored by:	The FreeBSD Foundation
2017-03-02 02:10:59 +00:00
glebius
745bcd6fba Remove SVR4 (System V Release 4) binary compatibility support.
UNIX System V Release 4 is operating system released in 1988. It ceased
to exist in early 2000-s.
2017-02-28 05:14:42 +00:00
imp
36fafdbb83 Remove EISA bus support for add-in cards. Remove related kernel and
compile options. Remove doxygen pointers to now deleted files. Remove
EISA and VME as examples in bus_space.9.

Retained EISA mode code for IO PIC and MPTABLES because that's not
EISA bus, per se, and some people have abused EISA to mean "EISA-like
behavior as opposed to ISA" rather than using it for EISA add-in
cards.

Relnotes: yes
2017-02-16 21:57:35 +00:00
nyan
dd885e962b Regen after r312910. 2017-01-28 02:25:33 +00:00
kib
5c7955abff Document mount option "nonc" for tmpfs.
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D9258
2017-01-22 19:50:23 +00:00
kib
d1597b221e Editing and clarifications for tmpfs(5).
Submitted by:	wblock
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D9211
2017-01-22 19:46:14 +00:00
kib
a9d8825913 Refresh tmpfs(5) man page.
Provide more useful explanation of features and quirks.

Reviewed by:	emaste, vangyzen
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D9211
2017-01-19 18:26:06 +00:00
cem
4d542f9fe8 ufs/extattr.h: Fix documentation of ea_name termination
The ea_name string is not nul-terminated.  Correct the documentation.

Because the subsequent field is padded to 8 bytes, and the padding is
zeroed, the ea_name string will appear to be nul-terminated whenever the
length isn't exactly one (mod eight).

This was introduced in r167010 (2007).

Additionally, mark the length fields as unsigned.  This particularly
matters for the single byte ea_namelength field, which can represent
extended attribute names up to 255 bytes long.

No functional change.

PR:		216127
Reported by:	dewayne at heuristicsystems.com.au
Reviewed by:	kib@
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D9206
2017-01-18 17:55:49 +00:00
ngie
656d99b82a Regenerate src.conf(5) after r311548
MFC after:	1 week
2017-01-06 21:14:07 +00:00
wblock
95d4425cb2 Fix src.conf(5) description of WITHOUT_USB_GADGET_EXAMPLES.
PR:		215831
Submitted by:	p5B2E9A8F@t-online.de
MFC after:	1 week
Sponsored by:	iXsystems
2017-01-06 16:43:45 +00:00
ngie
59b0ab49ed Regen src.conf after recent changes to tools/build/options/... and
src.opts.mk
2017-01-02 20:14:06 +00:00
emaste
8cf971138f Restore missing comment in src.conf.5
I'm not sure how I managed to generate src.conf.5 without the comment;
add it manually while looking into that.

Reported by:	gjb
2016-12-19 15:05:46 +00:00
emaste
4f0567702d src.conf.5: regen after r310268 (WITH_REPRODUCIBLE_BUILD) 2016-12-19 14:54:06 +00:00
def
f63c437216 Add support for encrypted kernel crash dumps.
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.

A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.

dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable.  Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.

When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore

A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.

Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.

savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.

decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.

Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.

EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.

Designed by:	def, pjd
Reviewed by:	cem, oshogbo, pjd
Partial review:	delphij, emaste, jhb, kib
Approved by:	pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
bapt
0a2a0bf8cc Regen after 309805 2016-12-10 13:30:18 +00:00
emaste
382ab60337 src.conf.5: regen after r309142 (WITH_LLD_AS_LD knob)
Reported by:	Nikolai Lifanov
Sponsored by:	The FreeBSD Foundation
2016-12-09 19:09:58 +00:00
martymac
d766eb8133 Fix path for per-user nsmb.conf file
~/nsmb.conf, as erroneously introduced by r214387, is never used. Fix the man
page to specify that ~/.nsmbrc is used instead.

PR:		210652
Submitted by:	ganael.laplanche@corp.ovh.com
Approved by:	gjb (doceng@)
2016-11-24 10:04:20 +00:00
bapt
53358ca35c Regen 2016-10-15 12:11:30 +00:00
kp
3fbefcb2d1 pf: port extended DSCP support from OpenBSD
Ignore the ECN bits on 'tos' and 'set-tos' and allow to use
DCSP names instead of having to embed their TOS equivalents
as plain numbers.

Obtained from:	OpenBSD
Sponsored by:	OPNsense
Differential Revision:	https://reviews.freebsd.org/D8165
2016-10-13 20:34:44 +00:00
emaste
17523e9e06 src.conf.5: regen after r306965 2016-10-10 15:47:30 +00:00
emaste
636c0ef2f8 Regen src.conf.5 after r306649
Sponsored by:	The FreeBSD Foundation
2016-10-05 20:18:17 +00:00
kp
077476b686 pf: remove fastroute tag
The tag fastroute came from ipf and was removed in OpenBSD in 2011. The code
allows to skip the in pfil hooks and completely removes the out pfil invoke,
albeit looking up a route that the IP stack will likely find on its own.
The code between IPv4 and IPv6 is also inconsistent and marked as "XXX"
for years.

Submitted by:	Franco Fichtner <franco@opnsense.org>
Differential Revision:	https://reviews.freebsd.org/D8058
2016-10-04 19:35:14 +00:00
bdrewery
66ee57c162 Regenerate. 2016-09-21 21:42:06 +00:00
bapt
4942d71a20 Modify manually given makeman is broken due to errors in share/mk/* 2016-09-18 15:40:36 +00:00
bdrewery
33601968a3 Regenerate 2016-08-23 15:31:53 +00:00
emaste
a6dba4727b Regenerate src.conf.5 after r304616 2016-08-22 17:53:18 +00:00
emaste
d108bf1437 Regenerate src.conf.5 after r303394 2016-07-28 13:35:46 +00:00
markj
a04ed73d0b Remove more references to mroute6d, which was removed in r298512. 2016-07-14 00:41:37 +00:00
jtl
be49875b46 Regenerate for WITH_EXTRA_TCP_STACKS updates.
Approved by:	re (gjb)
Sponsored by:	Juniper Networks
2016-06-28 13:42:50 +00:00
bdrewery
452fe84d9b Regenerate
Approved by:	re (implicit, r302177)
2016-06-24 20:00:39 +00:00
kp
b06d3a64e7 pf: Filter on and set vlan PCP values
Adopt the OpenBSD syntax for setting and filtering on VLAN PCP values. This
introduces two new keywords: 'set prio' to set the PCP value, and 'prio' to
filter on it.

Reviewed by:    allanjude, araujo
Approved by:	re (gjb)
Obtained from:  OpenBSD (mostly)
Differential Revision:  https://reviews.freebsd.org/D6786
2016-06-17 18:21:55 +00:00
bdrewery
a048478c50 Renegerate for WITH_META_MODE updates.
Approved by:	re (implicit)
Sponsored by:	EMC / Isilon Storage Division
2016-06-14 18:41:18 +00:00
trasz
d477060046 Fix a bunch of "xref refers to *this* page" igor(1) warnings.
MFC after:	1 month
2016-06-09 06:55:00 +00:00
markj
5c6d3bcb51 Implement an NSS backend for netgroups and add getnetgrent_r(3).
This support appears to have been documented in nsswitch.conf(5) for some
time. The implementation adds two NSS netgroup providers to libc. The
default, compat, provides the behaviour documented in netgroup(5), so this
change does not make any user-visible behaviour changes. A files provider
is also implemented.

innetgr(3) is implemented as an optional NSS method so that providers such
as NIS which are able to implement efficient reverse lookup can do so.
A fallback implementation is used otherwise. getnetgrent_r(3) is added for
convenience and to provide compatibility with glibc and Solaris.

With a small patch to net/nss_ldap, it's possible to specify an ldap
netgroup provider, allowing one to query nisNetgroupTriple entries.

Sponsored by:	EMC / Isilon Storage Division
2016-06-09 01:28:44 +00:00
bdrewery
564e334e47 Regenerate 2016-06-08 12:46:54 +00:00
trasz
2db9a593c0 Fix some trailing whitespaces.
MFC after:	1 month
2016-06-08 10:26:17 +00:00