3262 Commits

Author SHA1 Message Date
sos
ff0e7d967c Use the proper fields for security.
PR: 41870
2002-09-12 14:08:28 +00:00
luigi
4eb7324870 Store the port number in "fwd" rules in host format, same as ipfw1
has always done.

Technically, this is the wrong format, but it reduces the diffs in
-stable. Someday, when we get rid of ipfw1, I will put the port number
in the proper format both in kernel and userland.

MFC after: 3 days
(with re@ permission)
2002-09-12 00:45:32 +00:00
peter
13786391ba Commit "unrelated style fixes" part of Bruce's patch (regarding
bcopy/memcpy) seperately.

Submitted by:  bde
2002-09-11 18:16:40 +00:00
peter
117de6ded0 Modify previous commit to solve the real problem that made gcc think
the timestamp was aligned.  ie: Use a void * instead of struct timeval *
which gcc assumes will be aligned.  Go back to memcpy().

Submitted by: bde
2002-09-11 18:12:29 +00:00
nectar
8a8d92cece In reference to previous commit: use err(3).
Noticed by:	bde
2002-09-09 18:51:59 +00:00
nectar
f005a7d8a0 Back out previous commit. I was a bit overzealous: the fd_set size is
calculated dynamically here.
2002-09-09 16:43:18 +00:00
nectar
dd9ba6e842 Check for FD_SET overrun. 2002-09-09 16:06:41 +00:00
nectar
4f70a78fd0 Check for FD_SET overrun. 2002-09-09 15:58:08 +00:00
blackend
2e05beb8f2 Typo: s/o packet/on packet/
PR:		docs/42543
Submitted by:	Michael Lyngbøl <lyngbol@bifrost.lyngbol.dk>
2002-09-08 09:01:08 +00:00
mdodd
0be6542fac Split cam_argmask and move "commands" into cam_cmdmask. This addresses
the issue of not having any free bits left for additional commands.

Approved by:	 ken
MFC after:	 4 weeks
2002-09-08 05:39:36 +00:00
peter
1ec96b6cd8 Bandaid for mount_nfs segfaulting with the more obscure mount options
in /etc/fstab.  This isn't a real fix though and I'm still not sure
why it started failing.  mount(8) breaks up the nfs args into seperate
repeated '-o option=value' arguments.  But, the altflags variable that
we use to track things is incrementally built up each time we see the
next option and shows us the cumulative set of flags, not just the
flag that we are currently looking at.  As a result, the strstr hack
for looking up flags in a giant -o opt=val,opt=val, etc string was failing
and causing a segfault.  I do not know what changed recently that caused
this to suddenly break, but the code has been rather bogus for some time.
2002-09-06 19:59:29 +00:00
mdodd
69903403e9 Add 'camcontrol load' as a complement to 'camcontrol eject'.
Approved by:	 ken
MFC after:	 4 weeks
2002-09-06 18:16:26 +00:00
bde
6ce6aeef1a Removed vestiges of the -a and -d options.
Fixed other bugs in the usage message so that it matches the man page.
2002-09-06 13:16:24 +00:00
phk
df9821636c Remove the -a maxcontig option, the kernel doesn't inspect fs_maxcontig
anymore.

Sponsored by:	DARPA & NAI Labs.
2002-09-06 07:59:10 +00:00
trhodes
2d54012414 use 'file system superblock' for the error message. This will match other
disk utilities.

Discussed with:		bde
2002-08-31 21:34:54 +00:00
keramida
c4270b40c0 Mention that fdisk(8) should be used to grow the containing slice
before growing partitions with growfs(8), if necessary.

PR:		docs/42148
Submitted by:	Chris S.J. Peron <maneo@bsdpro.com>
2002-08-29 08:12:09 +00:00
iedowse
b2179b4b1a Add the -A flag to the usage line.
Submitted by:	Yutaka KAWASE <yutaka@mailhost.net>
MFC after:	3 days
2002-08-27 08:09:37 +00:00
trhodes
24d1c885b2 Fix some 'SYNOPSIS' and 'usage' messages. 2002-08-27 00:49:27 +00:00
trhodes
65add74ad7 Fix Synopsis 2002-08-26 18:16:39 +00:00
iedowse
870428eff3 Unbreak the -c option by not using connect(2) for mount_nfs's
communication with the remote NFS server if this flag is specified.

PR:		bin/42003
Submitted by:	Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2002-08-26 13:08:23 +00:00
trhodes
738b07a4ac Print a more realistic usage message 'special_device' 'inode_number'. This
matches the synopsis given in the manual page.

MFC after:	3 days
2002-08-26 03:56:23 +00:00
charnier
4966efff7b Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:10:45 +00:00
cjc
e4a8f19dec Check if a host argument is a IPv6 presentation format address before
going to gethostbyname2(3).

PR:		bin/31632
MFC after:	3 days
2002-08-25 05:44:13 +00:00
peter
6eba5c4ef4 Make this compile without needing NO_WERROR. 2002-08-25 02:51:13 +00:00
imp
398442e99c Use '0' instead of NULL when we mean the integer constant 0 and not a
"null pointer expression".
2002-08-21 18:52:32 +00:00
trhodes
136be46680 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
imp
9a400152f8 Don't use NULL where you really mean 0 to sysctlbyname. 2002-08-21 15:15:15 +00:00
luigi
e149c638d4 Whoops, the manpage lied... ipfw2 has always accepted addr:mask
specifications.
2002-08-21 05:57:41 +00:00
johan
89a8b60819 Take care of WARNS=3 warnings by using unsigned/signed variable
as needed.

Approved by:	ken, sheldonh (mentor)
2002-08-20 20:54:03 +00:00
sobomax
e50e3b03ec Implement user-setable promiscuous mode (a new `promisc' flag for ifconfig(8)).
Also, for all interfaces in this mode pass all ethernet frames to upper layer,
even those not addressed to our own MAC, which allows packets encapsulated
in those frames be processed with packet filters (ipfw(8) et al).

Emphatically requested by:	Anton Turygin <pa3op@ukr-link.net>
Valuable suggestions by:	fenner
2002-08-19 15:16:38 +00:00
luigi
be3fb71639 One more (hopefully the last one) step in cleaning up the syntax,
following Julian's good suggestion: since you can specify any match
pattern as an option, rules now have the following format:

	[<proto> from <src> to <dst>] [options]

i.e. the first part is now entirely optional (and left there just
for compatibility with ipfw1 rulesets).

Add a "-c" flag to show/list rules in the compact form
(i.e. without the "ip from any to any" part) when possible.
The default is to include it so that scripts processing ipfw's
canonical output will still work.
Note that as part of this cleanup (and to remove ambiguity), MAC
fields now can only be specified in the options part.

Update the manpage to reflect the syntax.

Clarify the behaviour when a match is attempted on fields which
are not present in the packet, e.g. port numbers on non TCP/UDP
packets, and the "not" operator is specified. E.g.

	ipfw add allow not src-port 80

will match also ICMP packets because they do not have port numbers, so
"src-port 80" will fail and "not src-port 80" will succeed. For such
cases it is advised to insert further options to prevent undesired results
(e.g. in the case above, "ipfw add allow proto tcp not src-port 80").

We definitely need to rewrite the parser using lex and yacc!
2002-08-19 12:36:54 +00:00
sobomax
357ca3e7e3 Fix last-minute typo which breaks the world.
Submitted by:	many
2002-08-19 08:59:20 +00:00
luigi
7a01faeb98 Major cleanup of the parser and printing routines in an attempt to
render the syntax less ambiguous.

Now rules can be in one of these two forms

	<action> <protocol> from <src> to <dst> [options]
	<action> MAC dst-mac src-mac mac-type [options]

however you can now specify MAC and IP header fields as options e.g.

	ipfw add allow all from any to any mac-type arp
	ipfw add allow all from any to any { dst-ip me or src-ip me }

which makes complex expressions a lot easier to write and parse.
The "all from any to any" part is there just for backward compatibility.

Manpage updated accordingly.
2002-08-19 04:52:15 +00:00
johan
ecb994c0d2 Remove unused variable. camcontrol is now WARNS=2 clean on i386.
Approved by: 	ken, sheldonh (mentor)
2002-08-18 21:46:32 +00:00
jdp
af43ddac0b Clarify the explanation of the behavior for setuid programs by
noting that the restrictions do not apply if the user invoking the
program is also the owner of the program.

Also, capitalize a section header properly.

PR:		misc/41180
2002-08-18 18:11:38 +00:00
bde
a8e6e41c88 Include <nlist.h> for nlist interfaces instead of depending on namespace
pollution in <kvm.h>.
2002-08-18 17:57:08 +00:00
sobomax
f6cebc0606 Increase size of ifnet.if_flags from 16 bits (short) to 32 bits (int). To avoid
breaking application ABI use unused ifreq.ifru_flags[1] for upper 16 bits in
SIOCSIFFLAGS and SIOCGIFFLAGS ioctl's.

Reviewed by:	-hackers, -net
2002-08-18 07:05:00 +00:00
bmilekic
df335c7ca3 Fix more breakage due to FSTYPENAMES/DKTYPENAMES split.
Also submitted by: David Wolfskill <david@catwhisker.org>
2002-08-16 16:08:36 +00:00
luigi
f683cf16ad Complete list of differences between ipfw1 and ipfw2. 2002-08-16 14:27:22 +00:00
luigi
6d2f675ff7 sys/netinet/ip_fw2.c:
Implement the M_SKIP_FIREWALL bit in m_flags to avoid loops
    for firewall-generated packets (the constant has to go in sys/mbuf.h).

    Better comments on keepalive generation, and enforce dyn_rst_lifetime
    and dyn_fin_lifetime to be less than dyn_keepalive_period.

    Enforce limits (up to 64k) on the number of dynamic buckets, and
    retry allocation with smaller sizes.

    Raise default number of dynamic rules to 4096.

    Improved handling of set of rules -- now you can atomically
    enable/disable multiple sets, move rules from one set to another,
    and swap sets.

sbin/ipfw/ipfw2.c:

    userland support for "noerror" pipe attribute.

    userland support for sets of rules.

    minor improvements on rule parsing and printing.

sbin/ipfw/ipfw.8:

    more documentation on ipfw2 extensions, differences from ipfw1
    (so we can use the same manpage for both), stateful rules,
    and some additional examples.
    Feedback and more examples needed here.
2002-08-16 10:31:47 +00:00
alfred
3f9956f30f No need to include sys/time.h, this unbreaks a c89 warning about long long
constants as well.
2002-08-16 08:19:15 +00:00
alfred
0190ed913a Don't '#define DKTYPENAMES', we don't use the variable it exposes from
the header file.
2002-08-16 07:34:19 +00:00
mux
db0487de24 Don't depend on namespace pollution in sys/mount.h and
include sys/uio.h.
2002-08-13 16:07:39 +00:00
ru
ce971426f4 mdoc(7) police: Removed redundant .Ns calls. 2002-08-13 16:07:28 +00:00
ru
dfc3706596 can not -> cannot. 2002-08-13 14:10:36 +00:00
ru
c2ca1fff60 mdoc(7) police: laundry. 2002-08-13 13:31:54 +00:00
ru
49201b1ad0 mdoc(7) police: Consistently name options' arguments in the SYNOPSIS and DESCRIPTION sections.. 2002-08-13 13:13:20 +00:00
ru
07e77e0463 mdoc(7) police: canonize FreeBSD in e-mail address. 2002-08-13 12:07:40 +00:00
ru
833ff6ef28 mdoc(7) police: missing markup bits. 2002-08-13 12:03:35 +00:00
ru
b63d1f9770 mdoc(7) police: KAMEism in rev. 1.56, nits in rev. 1.58. 2002-08-13 11:51:03 +00:00