Commit Graph

3246 Commits

Author SHA1 Message Date
Poul-Henning Kamp
7963fae61f Straighten out get_params().
Sponsored by:	DARPA & NAI Labs.
2002-09-20 08:12:51 +00:00
Peter Wemm
66422f5b7a Initiate deorbit burn for the i386-only a.out related support. Moves are
under way to move the remnants of the a.out toolchain to ports.  As the
comment in src/Makefile said, this stuff is deprecated and one should not
expect this to remain beyond 4.0-REL.  It has already lasted WAY beyond
that.

Notable exceptions:
gcc - I have not touched the a.out generation stuff there.
ldd/ldconfig - still have some code to interface with a.out rtld.
old as/ld/etc - I have not removed these yet, pending their move to ports.
some includes - necessary for ldd/ldconfig for now.

Tested on: i386 (extensively), alpha
2002-09-17 01:49:00 +00:00
Mike Barcroft
51f42932d1 Don't depend on <sys/types.h> pollution in <fcntl.h>. Sort includes. 2002-09-16 19:46:20 +00:00
Poul-Henning Kamp
6c7e64b65c I forgot fsdb was still sharing files with fsck. 2002-09-16 14:18:43 +00:00
Poul-Henning Kamp
5186921306 Add a source file where EXTATTR checks will happen and hook it in even
if it doesn't do anything yet.

Sponsored by: DARPA & NAI Labs.
2002-09-16 11:27:47 +00:00
Mike Barcroft
2c16ed2973 Don't depend on <sys/types.h> pollution in <fcntl.h>. Sort includes. 2002-09-16 08:34:08 +00:00
Poul-Henning Kamp
3f8ba8b5f8 Try to pick up disk geometry with specific DIOC* ioctls, rather than
expecting a bogo-disklabel to contain them, if possible.

This makes fdisk work with GEOM.
2002-09-15 16:08:52 +00:00
Maxime Henrion
fb624dbc80 Removed a debugging printf() left here in peter's
last commit.

Spotted by:	kris
2002-09-14 15:14:29 +00:00
Søren Schmidt
ed8a242cef Use the proper fields for security.
PR: 41870
2002-09-12 14:08:28 +00:00
Luigi Rizzo
4f531a5368 Store the port number in "fwd" rules in host format, same as ipfw1
has always done.

Technically, this is the wrong format, but it reduces the diffs in
-stable. Someday, when we get rid of ipfw1, I will put the port number
in the proper format both in kernel and userland.

MFC after: 3 days
(with re@ permission)
2002-09-12 00:45:32 +00:00
Peter Wemm
9b2196460d Commit "unrelated style fixes" part of Bruce's patch (regarding
bcopy/memcpy) seperately.

Submitted by:  bde
2002-09-11 18:16:40 +00:00
Peter Wemm
9d2b0ab82a Modify previous commit to solve the real problem that made gcc think
the timestamp was aligned.  ie: Use a void * instead of struct timeval *
which gcc assumes will be aligned.  Go back to memcpy().

Submitted by: bde
2002-09-11 18:12:29 +00:00
Jacques Vidrine
7e5bbd6847 In reference to previous commit: use err(3).
Noticed by:	bde
2002-09-09 18:51:59 +00:00
Jacques Vidrine
c3e3619908 Back out previous commit. I was a bit overzealous: the fd_set size is
calculated dynamically here.
2002-09-09 16:43:18 +00:00
Jacques Vidrine
012b8a4111 Check for FD_SET overrun. 2002-09-09 16:06:41 +00:00
Jacques Vidrine
ef9d72e14c Check for FD_SET overrun. 2002-09-09 15:58:08 +00:00
Marc Fonvieille
eea54e1396 Typo: s/o packet/on packet/
PR:		docs/42543
Submitted by:	Michael Lyngbøl <lyngbol@bifrost.lyngbol.dk>
2002-09-08 09:01:08 +00:00
Matthew N. Dodd
d4e731a642 Split cam_argmask and move "commands" into cam_cmdmask. This addresses
the issue of not having any free bits left for additional commands.

Approved by:	 ken
MFC after:	 4 weeks
2002-09-08 05:39:36 +00:00
Peter Wemm
4db5660477 Bandaid for mount_nfs segfaulting with the more obscure mount options
in /etc/fstab.  This isn't a real fix though and I'm still not sure
why it started failing.  mount(8) breaks up the nfs args into seperate
repeated '-o option=value' arguments.  But, the altflags variable that
we use to track things is incrementally built up each time we see the
next option and shows us the cumulative set of flags, not just the
flag that we are currently looking at.  As a result, the strstr hack
for looking up flags in a giant -o opt=val,opt=val, etc string was failing
and causing a segfault.  I do not know what changed recently that caused
this to suddenly break, but the code has been rather bogus for some time.
2002-09-06 19:59:29 +00:00
Matthew N. Dodd
f9cecca2d4 Add 'camcontrol load' as a complement to 'camcontrol eject'.
Approved by:	 ken
MFC after:	 4 weeks
2002-09-06 18:16:26 +00:00
Bruce Evans
23d8e0317a Removed vestiges of the -a and -d options.
Fixed other bugs in the usage message so that it matches the man page.
2002-09-06 13:16:24 +00:00
Poul-Henning Kamp
a9098c8910 Remove the -a maxcontig option, the kernel doesn't inspect fs_maxcontig
anymore.

Sponsored by:	DARPA & NAI Labs.
2002-09-06 07:59:10 +00:00
Tom Rhodes
5e152c7934 use 'file system superblock' for the error message. This will match other
disk utilities.

Discussed with:		bde
2002-08-31 21:34:54 +00:00
Giorgos Keramidas
b504cef7c5 Mention that fdisk(8) should be used to grow the containing slice
before growing partitions with growfs(8), if necessary.

PR:		docs/42148
Submitted by:	Chris S.J. Peron <maneo@bsdpro.com>
2002-08-29 08:12:09 +00:00
Ian Dowse
9c1b8868dc Add the -A flag to the usage line.
Submitted by:	Yutaka KAWASE <yutaka@mailhost.net>
MFC after:	3 days
2002-08-27 08:09:37 +00:00
Tom Rhodes
5af4935a22 Fix some 'SYNOPSIS' and 'usage' messages. 2002-08-27 00:49:27 +00:00
Tom Rhodes
277ffe6e6c Fix Synopsis 2002-08-26 18:16:39 +00:00
Ian Dowse
fd0b613a7b Unbreak the -c option by not using connect(2) for mount_nfs's
communication with the remote NFS server if this flag is specified.

PR:		bin/42003
Submitted by:	Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-08-26 13:08:23 +00:00
Tom Rhodes
a48ea64073 Print a more realistic usage message 'special_device' 'inode_number'. This
matches the synopsis given in the manual page.

MFC after:	3 days
2002-08-26 03:56:23 +00:00
Philippe Charnier
7fed38d0a0 Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:10:45 +00:00
Crist J. Clark
0b3a80af0d Check if a host argument is a IPv6 presentation format address before
going to gethostbyname2(3).

PR:		bin/31632
MFC after:	3 days
2002-08-25 05:44:13 +00:00
Peter Wemm
6bc11ae00c Make this compile without needing NO_WERROR. 2002-08-25 02:51:13 +00:00
Warner Losh
0b0fe61dfb Use '0' instead of NULL when we mean the integer constant 0 and not a
"null pointer expression".
2002-08-21 18:52:32 +00:00
Tom Rhodes
ce66ddb763 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
Warner Losh
9d010543f4 Don't use NULL where you really mean 0 to sysctlbyname. 2002-08-21 15:15:15 +00:00
Luigi Rizzo
f0ac20f7d2 Whoops, the manpage lied... ipfw2 has always accepted addr:mask
specifications.
2002-08-21 05:57:41 +00:00
Johan Karlsson
72abe188fb Take care of WARNS=3 warnings by using unsigned/signed variable
as needed.

Approved by:	ken, sheldonh (mentor)
2002-08-20 20:54:03 +00:00
Maxim Sobolev
ffb079be0c Implement user-setable promiscuous mode (a new `promisc' flag for ifconfig(8)).
Also, for all interfaces in this mode pass all ethernet frames to upper layer,
even those not addressed to our own MAC, which allows packets encapsulated
in those frames be processed with packet filters (ipfw(8) et al).

Emphatically requested by:	Anton Turygin <pa3op@ukr-link.net>
Valuable suggestions by:	fenner
2002-08-19 15:16:38 +00:00
Luigi Rizzo
5a155b405e One more (hopefully the last one) step in cleaning up the syntax,
following Julian's good suggestion: since you can specify any match
pattern as an option, rules now have the following format:

	[<proto> from <src> to <dst>] [options]

i.e. the first part is now entirely optional (and left there just
for compatibility with ipfw1 rulesets).

Add a "-c" flag to show/list rules in the compact form
(i.e. without the "ip from any to any" part) when possible.
The default is to include it so that scripts processing ipfw's
canonical output will still work.
Note that as part of this cleanup (and to remove ambiguity), MAC
fields now can only be specified in the options part.

Update the manpage to reflect the syntax.

Clarify the behaviour when a match is attempted on fields which
are not present in the packet, e.g. port numbers on non TCP/UDP
packets, and the "not" operator is specified. E.g.

	ipfw add allow not src-port 80

will match also ICMP packets because they do not have port numbers, so
"src-port 80" will fail and "not src-port 80" will succeed. For such
cases it is advised to insert further options to prevent undesired results
(e.g. in the case above, "ipfw add allow proto tcp not src-port 80").

We definitely need to rewrite the parser using lex and yacc!
2002-08-19 12:36:54 +00:00
Maxim Sobolev
3471c917ec Fix last-minute typo which breaks the world.
Submitted by:	many
2002-08-19 08:59:20 +00:00
Luigi Rizzo
e706181ba6 Major cleanup of the parser and printing routines in an attempt to
render the syntax less ambiguous.

Now rules can be in one of these two forms

	<action> <protocol> from <src> to <dst> [options]
	<action> MAC dst-mac src-mac mac-type [options]

however you can now specify MAC and IP header fields as options e.g.

	ipfw add allow all from any to any mac-type arp
	ipfw add allow all from any to any { dst-ip me or src-ip me }

which makes complex expressions a lot easier to write and parse.
The "all from any to any" part is there just for backward compatibility.

Manpage updated accordingly.
2002-08-19 04:52:15 +00:00
Johan Karlsson
0319a6a43b Remove unused variable. camcontrol is now WARNS=2 clean on i386.
Approved by: 	ken, sheldonh (mentor)
2002-08-18 21:46:32 +00:00
John Polstra
92fd901869 Clarify the explanation of the behavior for setuid programs by
noting that the restrictions do not apply if the user invoking the
program is also the owner of the program.

Also, capitalize a section header properly.

PR:		misc/41180
2002-08-18 18:11:38 +00:00
Bruce Evans
7309e024bf Include <nlist.h> for nlist interfaces instead of depending on namespace
pollution in <kvm.h>.
2002-08-18 17:57:08 +00:00
Maxim Sobolev
62f7648682 Increase size of ifnet.if_flags from 16 bits (short) to 32 bits (int). To avoid
breaking application ABI use unused ifreq.ifru_flags[1] for upper 16 bits in
SIOCSIFFLAGS and SIOCGIFFLAGS ioctl's.

Reviewed by:	-hackers, -net
2002-08-18 07:05:00 +00:00
Bosko Milekic
b35e69503a Fix more breakage due to FSTYPENAMES/DKTYPENAMES split.
Also submitted by: David Wolfskill <david@catwhisker.org>
2002-08-16 16:08:36 +00:00
Luigi Rizzo
654399a477 Complete list of differences between ipfw1 and ipfw2. 2002-08-16 14:27:22 +00:00
Luigi Rizzo
99e5e64504 sys/netinet/ip_fw2.c:
Implement the M_SKIP_FIREWALL bit in m_flags to avoid loops
    for firewall-generated packets (the constant has to go in sys/mbuf.h).

    Better comments on keepalive generation, and enforce dyn_rst_lifetime
    and dyn_fin_lifetime to be less than dyn_keepalive_period.

    Enforce limits (up to 64k) on the number of dynamic buckets, and
    retry allocation with smaller sizes.

    Raise default number of dynamic rules to 4096.

    Improved handling of set of rules -- now you can atomically
    enable/disable multiple sets, move rules from one set to another,
    and swap sets.

sbin/ipfw/ipfw2.c:

    userland support for "noerror" pipe attribute.

    userland support for sets of rules.

    minor improvements on rule parsing and printing.

sbin/ipfw/ipfw.8:

    more documentation on ipfw2 extensions, differences from ipfw1
    (so we can use the same manpage for both), stateful rules,
    and some additional examples.
    Feedback and more examples needed here.
2002-08-16 10:31:47 +00:00
Alfred Perlstein
ef6fc683c6 No need to include sys/time.h, this unbreaks a c89 warning about long long
constants as well.
2002-08-16 08:19:15 +00:00
Alfred Perlstein
b42db77473 Don't '#define DKTYPENAMES', we don't use the variable it exposes from
the header file.
2002-08-16 07:34:19 +00:00