This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
the null mount, we currently create a temporary mfs on /tmp, copy
/etc to /tmp, then mount /etc as mfs and copy everything back from
/tmp, then delete the /tmp mfs.
The patch eliminates the temporary /tmp mfs and the subsequent
copying and simply populates the /etc mfs by copying from
/conf/default/etc. This requires that /conf/default/etc contain a
complete copy of all the /etc stuff instead of just overrides. I
don't think that is too much of an extra step in setting up a
diskless environment.
* Provide the ability to make /tmp a memory filesystem independent
of /var. This removes the requirement that /tmp be a symlink to
/var/tmp and this makes the diskless code work with the default
filesystem layout. If a seperate /tmp memory filesystem is
created, the 'tmpsize' environment variable is used to determine
its size (default to 10 Meg).
* Reduce diffs between the -current and -stable versions of these
files to a bare minimum. Only the definition of the shell
function 'mount_md' is different.
Not Objected to by: -arch@, -small@
MFC after: 2 days
o create a simple wrapper function mount_md that makes it easy to
move from mount_mfs.
# NOTE: you will need to MAKEDEV md[0123] in order for this to work.
Reviewed by: bsd, keichii
default first, then network-specific files, then host-specific files.
I think this was the original intent, as Matt indicated the previous
code appeared to be a bug.
very specific scenarios, and now that we have had net.inet.tcp.blackhole for
quite some time there is really no reason to use it any more.
(second of three commits)
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
- ipv6_network_interfaces has all available interfaces to work for
static configuration even if the host is end host. When rtsol is
invoked, singleness of interface is checked.
* Put quotes around each line
* Single quotes for lines with no variable interpolation
* Double quotes if there is
* Capitalize each word that begins a line
* Make echo -n 'Doing foo:' ... echo '.' more of a standard
No functionality changes
- rtsol should be work for only one interface
- new variable ipv6_defaultrouter is added
- option name of rtadvd in comment are corrected
- ipv6_firewall_enable, ipv6_firewall_type, ipv6_firewall_script,
ipv6_firewall_logging are added to introduce rc.firewall6.
IPv6 firewall rule is just starting point and should be brushed up.
This commit includes PR18621, PR21694, PR22051.
PR: conf/18621, conf/21694, conf/22051
Reviewed by: asmodai
the appropriate documentation added to rc.conf(5). If all goes well
with this over the next few weeks, the PR will be closed with the
pullup of patches back to 4-STABLE.
PR: 20202
Submitted by: Gerhard Sittig <Gerhard.Sittig@gmx.net>
Reviewed by: Darren Reed <darrenr@freebsd.org>
Approved by: Darren Reed <darrenr@freebsd.org>
Obtained from: Gerhard Sittig <Gerhard.Sittig@gmx.net>
PC-card stuff. Also print a NEWLINE (!!) after that.
I'm driving mad each time when I see messages related to pccard before
"Enable PC-card." and particulary when I see
"Doing initial network setup". on the same line w/o a break.
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
time, I have no idea if there is equivalence of printf. So, stf
setup still depends on /usr. In addition, prefix(8) and gifconfig(8)
are in /usr/sbin. Should we move these into /sbin?
- Sync with latest stf behavior. Latest stf doesn't have link-local
address. And, latest stf is not gif but stf.
options. This allows you to set the standard dynamic port
assignment range prior to any network daemons (like named) starting
up, necessary if you are also using a firewall to restrict lower ports.
will be MFC'd in a few days
scripts may use to source safely overrides in ${rc_conf_files}
files.
This protects users who insist on the bad practice of copying
/etc/defaults/rc.conf to /etc/rc.conf from a recursive loop
that exhausts available file descriptors.
Several people have expressed interest in breaking this function
out into its own shell script. Anyone who wants to embark on
such an undertaking would do well to study the attributed PR.
PR: 17595
Reported by: adrian
Submitted by: Doug Barton <Doug@gorean.org>
reserve, in maximal NFS packets. Originally only 2 packets worth of
space was reserved. The default is now 4, which appears to greatly
improve performance for slow to mid-speed machines on gigabit networks.
Add documentation and correct some prior documentation.
Problem Researched by: Andrew Gallatin <gallatin@cs.duke.edu>
Approved by: jkh
- 6to4(stf) interface configuration.
- Static route configuration.
- Comment additions.
- Replaced a still existed '@' to '%' in IPv6 scoped addr format.
(This became necessary as previous IPv6 scoped addr format change.)
Much thanks to ume, who helped me reviewing, testing, and finding problems
with these changes.
Approved by: jkh
Reviewed by: ume
to avoid error messages printed on /var/log/messages.
Recently added "stf" interface has IFF_MULTICAST bit set,
because IPv6 don't work on non IFF_MULTICAST set interfaces
in current implementation.
But "stf" interface is multi-dest IPv6 over IPv4 tunnel, so
can't treat multicast packet with no special configuration.
On the other hand, tools like "rtadvd", "pim6dd", "pim6sd"
send messages on IFF_MULTICAST set interfaces by default.
So there will be many bogus error message on /var/log/messages,
that multicast packets sent to "stf0" failed.
So,
-strip "stf0" from rtadvd sending interfaces in rc.network6
("rtadvd" is a daemon used only for local subnet, so it
will never need to send its packets over "stf0" interfaces.)
-Add default configuration files for "pim6dd" and "pim6sd",
and disable "stf0" in those files.
Approved by: jkh
interfaces passed to rtadvd
-Comment out example sentences more completely
-Redirect error message of ifconfig output into /dev/null, to correctly
find out working IPv6 interfaces
Approved by: jkh
Initial version created by, and kindly much tested by:
bmah@CA.Sandia.GOV (Bruce A. Mah)
Approved by: jkh
Reviewed by: bmah@CA.Sandia.GOV (Bruce A. Mah),
Ollivier Robert <roberto@keltia.freenix.fr>
Obtained from: KAME project
Reviewed by: joerg
The isdnd is able to listen on a socket for isdnmonitor to connect to
it to remotely control it (similar to ppp and pppctl). When this is
enabled in the isdnd config file, it will fail currently because isdnd
is started before the network interfaces are configured.
It is necessary to move the isdnd start after the ifconfig of the network
interfaces, then this problem will not occur.
Changes are:
- rpc.umntall is called at the right places now in /etc/rc*
- rpc.umntall timeout has been lowered from two days (too high) to one
- verbose messages in rpc.umntall have been clarified
- kill double entries in /var/db/mounttab when rpc.umntall is invoked
- ${early_nfs_mounts} has been removed from /etc/rc
- patched mount(8) -p to print different pass/dump values for ufs filesystems.
(last patch recieved from dan <bugg@bugg.strangled.net>)
Submitted by: Martin Blapp <mbr@imp.ch>, dan <bugg@bugg.strangled.net>
in the 3.x branch. Also remove the dependency on /usr to find the
boot address/interface.
Mostly-submitted-abd-tested-by: MIHIRA Sanpei Yoshiro <sanpei@sanpei.org>
Currently we have a problem in that `dhclient' bails when configuring the
second interface as port 68 is already in use (by the `dhclient' started
for the first interface).
PR: 14810
Submitted by: n_hibma
daemons started. Move log_in_vain option there. It is needed to avoid
lot of connections to port 80 logged on production WWW server prior
Apache started from /usr/local/etc/rc.d
case instead of test where appropriate, since case allows case is a sh
builtin and (as a side-effect) allows case-insensitivity.
Changes discussed on freebsd-hackers.
Submitted by: Doug Barton <Doug@gorean.org>
* All variables are now embraced: ${foo}
* All comparisons against some value now take the form:
[ "${foo}" ? "value" ]
where ? is a comparison operator
* All empty string tests now take the form:
[ -z "${foo}" ]
* All non-empty string tests now take the form:
[ -n "${foo}" ]
Submitted by: jkh
respectively logging and dropping ICMP REDIRECT packets.
Note that there is no rate limiting on the log messages, so log_redirect
should be used with caution (preferrably only for debugging purposes).
Originally submitted by: Wayne Self <wself@cdrom.com>
Allow a ppp startup option in rc.conf.
Adjust sysinstall so that it appends to the end of ppp.conf
and uses the generated profile to start ppp in auto mode on
boot.
Submitted by: Josef L. Karthauser <joe@uk.FreeBSD.org>
get a list of interfaces, and then automatically configure them if
${ifconfig_${ifn}} or /etc/start_if.${ifn} exists.
This makes it a lot easier to deal with machines that constantly change
their network configuration as you can leave ifconfig settings for all
the possible cards - just the ones that are present will be configured.
and set it to "/etc/pccard.conf.sample" in /etc/defaults/rc.conf.
Perhaps this default value can be inappropriate,
but I set to this value for the convenience of PC-card boot.flp users.
Please correct it if there are better solutions.
Do discard standard output from the sysctl for approxy_all, and echo
what this sysctl is doing in the usual way. This fix is probably
backwards. We should probably just use the standard sysctl output
in all cases (it needs to have a newline filtered out).
Echo what the sysctls for nfs_reserved_port_only and nfs_access_cache
are doing.
default.
Despite their name it doesn't keep TCP sessions alive, it kills
them if the other end has gone AWOL. This happens a lot with
clients which use NAT, dynamic IP assignment or which has a 2^32
* 10^-3 seconds upper bound on their uptime.
There is no detectable increase in network trafic because of this:
two minimal TCP packets every two hours for a live TCP connection.
Many servers already enable keepalives themselves.
The host requirements RFC is 10 years old, and doesn't know about
the loosing clients of todays InterNet.
log_in_vain:
log_in_vain turns on logging for packets to ports for which
there is no listener.
rc.sysctl:
A generic way to set sysctl values. It reads /etc/syslog.conf
and sets values based on that. No /etc/syslog.conf has been
checked in yet, and I've not added this to the makefile yet
until I get more feedback.
Reviewed by: -current, -hackers and bde especially
suitable defaults pointing to the FreeBSD-shipped versions. This will allow
for easier integration of third-party replacements for these daemons.
Reviewed by: Several members of -committers
normal ifconfig stuff, one might need to pass down authentication
parameters for them.
This is closely tied to Hellmuth's impending rc patches for ISDN, but
sppp can also be used separately (thus it doesn't go directly into the
planned ISDN section of rc.conf).
Reviewed by: hm
addresses by default.
Add a knob "icmp_bmcastecho" to "rc.network" to allow this
behaviour to be controlled from "rc.conf".
Document the controlling sysctl variable "net.inet.icmp.bmcastecho"
in sysctl(3).
Reviewed by: dg, jkh
Reminded on -hackers by: Steinar Haug <sthaug@nethelp.no>
variable "stash_flag" is set. A few lines later, it is evaluated
as "stash_flags" with a trailing "s", and then a bit later the
singular version is unset.
PR: 7609
Reviewed by: phk
Submitted by: Walt Howard <howard@ee.utah.edu>
the rc.conf variable ``natd_interface''. rc.network will
determine whether it is an IP address or an interface name,
and invoke natd with the -a or -n flag as appropriate.
PR: 6947
Reviewed by: jkh@FreeBSD.ORG
against the "master map" to get the list of mount point/amd map
correspondences, and using that list as command-line arguments to start
amd.
When I tried to do this with the existing /etc/rc* scripts, I found that
I couldn't do this by modifying only /etc/rc.conf: that file gets
sourced very early by /etc/rc, well before any networking functionality
is present, let alone NIS. Further, I wasn't able to figure out a way
to use various levels & types of quoting to defer evaluation of the
string to a point subsequent to NIS initialization.
As a result, I resorted to hacking /etc/rc.network -- but I did it in a
way that ought to be reasonably general, and avoid breakage for anyone
else.
PR: 6387
Reviewed by: phk
Submitted by: David Wolfskill <dhw@whistle.com>
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
