Commit Graph

7579 Commits

Author SHA1 Message Date
Warner Losh
4ac70c829c Slight if reordering to make error branch last. 2014-03-07 01:01:57 +00:00
Gleb Smirnoff
5a9ab48795 Fix compilation for 32-bit machines. 2014-03-05 19:26:22 +00:00
Mark Johnston
776f03d204 Log the name of the device that we failed to open rather than an
uninitialized buffer.

MFC after:	3 days
2014-03-05 04:15:17 +00:00
Gleb Smirnoff
fb3541ad15 Instead of playing games with casts simply add 3 more members to the
structure pf_rule, that are used when the structure is passed via
ioctl().

PR:		187074
2014-03-05 00:40:03 +00:00
Kirk McKusick
eff68496e2 Arguments for malloc and calloc should be size_t, not int.
Use proper bounds check when trying to free cached memory.

Spotted by: Xin Li
Tested by:  Dmitry Sivachenko
MFC after:  2 weeks
2014-02-25 18:25:27 +00:00
Gleb Smirnoff
2dfe3ec23d Better build fix. 2014-02-15 16:22:51 +00:00
Gleb Smirnoff
4a70ff6ddb Fix build on 32bit arches broken by me in r261882. 2014-02-14 19:43:00 +00:00
Gleb Smirnoff
48278b8846 Once pf became not covered by a single mutex, many counters in it became
race prone. Some just gather statistics, but some are later used in
different calculations.

A real problem was the race provoked underflow of the states_cur counter
on a rule. Once it goes below zero, it wraps to UINT32_MAX. Later this
value is used in pf_state_expires() and any state created by this rule
is immediately expired.

Thus, make fields states_cur, states_tot and src_nodes of struct
pf_rule be counter(9)s.

Thanks to Dennis for providing me shell access to problematic box and
his help with reproducing, debugging and investigating the problem.

Thanks to:		Dennis Yusupoff <dyr smartspb.net>
Also reported by:	dumbbell, pgj, Rambler
Sponsored by:		Nginx, Inc.
2014-02-14 10:05:21 +00:00
Gleb Smirnoff
9968f056d6 Fix world build WITHOUT_PF.
Sponsored by:	Nginx, Inc.
2014-02-12 09:59:48 +00:00
Pawel Jakub Dawidek
bf90d007d3 If the main casperd process exits, zygote process should exit as well
instead of spinning.

Reported by:	Mikhail <mp@lenta.ru>
2014-02-09 21:42:01 +00:00
Christian Brueffer
295a5bd78c Refer newfs and growfs users to fsck_ffs instead of
fsck, the latter does not accept the referred to "-b" flag.

This change was accidently committed directly to 9-STABLE in
r237505.

PR:		82720
Submitted by:	David D.W. Downey
MFC after:	1 week
2014-02-09 14:28:47 +00:00
Jilles Tjoelker
0b57dd6bde init: Remove code to track line numbers in /etc/ttys.
The tracking generated warnings when the line number of an existing tty in
/etc/ttys changed, which would corrupt utmp (as it was indexed by the line
number). With utmpx, the line number no longer matters, so the tracking is
no longer needed.
2014-02-08 13:51:15 +00:00
Christian Brueffer
bb7a82ac0d Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT.
PR:		185382 (based on)
Submitted by:	Loganaden Velvindron
Reviewed by:	pjd
MFC after:	1 week
2014-02-06 21:36:14 +00:00
John Baldwin
e432d5f6a7 Drop the 3rd clause from all 3 clause BSD licenses where I am the sole
holder to convert them to 2 clause BSD licenses.

MFC after:	1 week
2014-02-05 18:13:27 +00:00
Christian Brueffer
8f932d9f17 Add a license (1) and do some cleanup.
Approved by:	Stefan Bethke (original author, by private mail) (1)
MFC after:	1 week
2014-02-04 22:20:17 +00:00
Pawel Jakub Dawidek
49133c6d52 Protect ping(8) using Capsicum and Casper. This is protection against malicious
network packets that we parse and not against local users trying to gain root
access through ping's set-uid bit - this is handled by dropping privileges very
early in ping.

Submitted by:	Mikhail <mp@lenta.ru>
2014-02-04 21:43:53 +00:00
Christian Brueffer
ca001f0b39 Unbreak mount_udf by passing the correct iovec length into
nmount().  This has been broken since r247856.

PR:		bin/186193
Submitted by:	Arnot Belohlavek
MFC after:	1 week
2014-02-04 21:15:15 +00:00
Eitan Adler
07561ab459 dhclient: change the pidfile's permissions to 644
This change permits non-root users to determine if dhclient is running
('service dhclient status wlan0').

Discussed with: mjg, cperciva
2014-02-03 04:22:29 +00:00
Christian Brueffer
f613b2d3b1 Remove the .Ex macro that I used for testing.
Pointy hat:	brueffer
2014-02-01 12:33:58 +00:00
Christian Brueffer
30342ba61b Bring the exit status wording closer to what .Ex would produce.
Fixes a typo in the process.

MFC after:	1 week
2014-02-01 12:30:00 +00:00
Baptiste Daroussin
3e8cf4954e Add quiet support for kldstat -n
PR:		bin/180014
Submitted by:	Olivier Cochard-Labbé <olivier@cochard.me>
MFC after:	1 week
2014-01-22 17:15:17 +00:00
Baptiste Daroussin
48aad6a234 Fix dmesg(1) -> dmesg(8)
Reported by:	trasz
2014-01-13 17:14:10 +00:00
Baptiste Daroussin
c8ebd84147 Fix typo
Reported by:	dumbbell
2014-01-13 16:47:25 +00:00
Baptiste Daroussin
10c916252f Point the user to dmesg(1) to get informations about why loading a module did fail
instead of printing the cryptic "Exec format error"

MFC after:	1 week
2014-01-13 16:23:09 +00:00
Alexander V. Chernikov
120dc21b86 Bump dates in nestat(1) and route(8) man pages.
Fix several small errors introduced by r260524.

Suggested by:	glebius
MFC after:	2 weeks
2014-01-11 09:44:00 +00:00
Alexander V. Chernikov
17ed2e8ea8 Add -4/-6 shorthand for -finet/-finet6 in route(8) and netstat(8).
MFC after:	2 weeks
2014-01-10 23:08:18 +00:00
Alexander Motin
431d3a5bfc Replace several instances of -1 with appropriate CAM_*_WILDCARD and types.
It was equal before r259397, but for good or bad, not any more for LUNs.

This change fixes at least CAM debugging.
2014-01-10 12:18:05 +00:00
Lars Engels
ba1dcabf6d Check if the given argument to 'gpart add' is actually a geom device and
give a hint to use 'gpart create' before trying to add a partition.

Approved by:	pjd
2014-01-09 20:06:14 +00:00
Baptiste Daroussin
ffc5432ffc Fix error counting 2014-01-09 15:35:35 +00:00
Baptiste Daroussin
945508e42a Import error message shown to the user when trying to load a module that is
already loaded or compiled withing the kernel

MFC after:	1 week
2014-01-09 15:34:23 +00:00
Alexander V. Chernikov
88d2c8fc87 Do some more sanity checks in route(8): require netmask to have
the same address family as destination.

Found by:	jmg
MFC after:	2 weeks
2014-01-09 10:40:36 +00:00
Pawel Jakub Dawidek
796aef8d17 Always create /var/run/casper with correct permissions and don't depend on the
calling process' umask.

Submitted by:	Mikhail <mp@lenta.ru>
2014-01-09 09:19:59 +00:00
Jim Harris
efa2980530 For "nvmecontrol devlist", show namespace sizes in terms of MB instead of
GB to improve granularity of the reporting - especially for namespaces
that are on the order of 1 or 2 GB.

Submitted by:	Tony Beltran <anthony.beltran@emc.com>
MFC after:	3 days
2014-01-06 23:48:47 +00:00
Pawel Jakub Dawidek
41f48b56d0 Don't allow to create GELI providers with a sector size, which is no a
power of 2.

Noticed by:	rwatson
MFC after:	3 days
2014-01-04 09:27:49 +00:00
Scott Long
9ccde11826 getopt returns an int, not a char, so use the correct data type for
the return value. Fixes powerpc tinderbox.

MFC after:	2 days
2013-12-30 16:49:31 +00:00
Scott Long
443b507745 Add globs.c, missed in r260068,260069
Submitted by:	peter
Obtained from:	Netflix
MFC after:	3 Days
2013-12-30 05:02:57 +00:00
Scott Long
9a2fcb2e6b Add globs.c to the build now that it's a separate file.
Reviewed by:	max
Obtained from:	Netflix
MFC after:	3 days
2013-12-30 01:17:05 +00:00
Scott Long
7703a6ff27 Add the -R option to allow fsck_ffs to restart itself when too many critical
errors have been detected in a particular run.

Clean up the global state variables so that a restart can happen correctly.

Separate the global variables in fsck_ffs and fsdb to their own file.  This
fixes header sharing with fscd.

Correctly initialize, static-ize, and remove global variables as needed in
dir.c.  This fixes a problem with lost+found directories that was causing
a segfault.

Correctly initialize, static-ize, and remove global variables as needed in
suj.c.

Initialize the suj globals before allocating the disk object, not after.
Also ensure that 'preen' mode doesn't conflict with 'restart' mode

Submitted by:	scottl, max
Reviewed by:	max, mckusick (earlier version)
Obtained from:	Netflix
MFC after:	3 days
2013-12-30 01:16:08 +00:00
Scott Long
56dc4e726b Add the '-b' flag to 'camcontrol devlist'. This prints only the existing
buses and their parent sims, useful for creating a sim->bus->device map.

Obtained from:	Netflix
MFC after:	3 days
2013-12-29 20:48:47 +00:00
Joel Dahl
7ec7c517e8 Improve wording slightly. 2013-12-27 16:48:37 +00:00
Andrey V. Elsukov
ae3bc0acff Add an ability to stop gmirror and clear its metadata in one command.
This fixes the problem, when gmirror starts again just after stop.

The problem occurs when gmirror's component has geom label with equal size.
E.g. gpt and gptid have the same size as partition, diskid has the same
size as entire disk. When gmirror's geom has been destroyed, glabel
creates its providers and this initiate retaste.

Now "gmirror destroy" command is available. It destroys geom and also
erases gmirror's metadata.

MFC after:	2 weeks
2013-12-27 02:43:53 +00:00
Bjoern A. Zeeb
f870cb7f3b Use feature_present(3) to determine whether to open an INET or an
INET6 socket when needed to allow pfctl to work on noinet and noinet6
kernels (and try to provide a fallback using AF_LINK as best effort).
Adjust the Makefile to also respect relevant src.conf(5) options
for compile time decisions on INET and INET6 support.

Reviewed by:	glebius (no objections)
MFC after:	1 week
2013-12-26 15:51:14 +00:00
Chris Rees
78c161f25d Minor grammar fix
PR:		docs/185057
Submitted by:	Yuri (yuri@rawbw.com)
Approved by:	gjb (mentor)
2013-12-21 21:56:12 +00:00
Jilles Tjoelker
1fdb18b01f swapon: Fix buffer overflow when configuring encrypted swap on GBDE.
PR:		bin/184950
Tested by:	Radim Kolar
MFC after:	3 days
2013-12-21 11:59:58 +00:00
Alexander V. Chernikov
fb2b51fab1 Add net.inet.ip.fw.dyn_keep_states sysctl which
re-links dynamic states to default rule instead of
flushing on rule deletion.
This can be useful while performing ruleset reload
(think about `atomic` reload via changing sets).
Currently it is turned off by default.

MFC after:	2 weeks
Sponsored by:	Yandex LLC
2013-12-18 20:17:05 +00:00
Edward Tomasz Napierala
4f1c67053f Reword the part about mutual CHAP.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2013-12-17 10:33:27 +00:00
Pawel Jakub Dawidek
36492dd3f5 MFp4 @1189141:
Change casperd's zygote process title.

MFC after:	1 week
2013-12-15 22:59:34 +00:00
Alan Somers
f0038a8e98 sbin/devd/devd.cc
Promoting the SIGINFO handler's log message from LOG_INFO to
	LOG_NOTICE, and promoting the "Processing event ..." message from
	LOG_DEBUG to LOG_INFO.  Setting the logfile to LOG_NOTICE with this
	change will have the same result as setting it to LOG_INFO without
	this change.  Setting it to LOG_INFO with this change will include
	the useful "Processing event ..." messages that were previously at
	LOG_DEBUG, without including useless messages like "Pushing table".

	The intent of this change is that one can log "Processing event ..."
	without logging "Pushing table" and related messages that are sent
	for every event.  The number of lines actually logged is reduced by
	about 75% by making this change and setting syslog to LOG_INFO vs
	setting syslog to LOG_DEBUG.

etc/syslog.conf
	Changing the recommended loglevel to notice instead of info.

Sponsored by:	Spectra Logic Corp
MFC after:	4 weeks
2013-12-13 22:58:57 +00:00
Alan Somers
b026eddfea sbin/devd/devd.cc
Increase the size of devd's client socket's send buffer from the
	default (8k) to 128k.  This prevents clients from getting
	POLLHUPped during event storms.  For example, during zpool creation,
	the kernel emits a resource.fs.zfs.statechange event for every vdev
	in the pool.  A 128k buffer is large enough to hold the statechange
	events for a pool with nearly 800 drives.

Reviewed by:	ian, imp
Approved by:	ken (mentor)
Sponsored by:	Spectra Logic Corp
MFC after:	4 weeks
2013-12-13 21:49:41 +00:00
Gleb Smirnoff
fbb49182f0 Somehow stable/10 branch contains correct version, but head doesn't. 2013-12-12 22:33:32 +00:00
Mikolaj Golub
f8665529d4 Check remote protocol version only for the first connection (when it
is actually sent by the remote node).

Otherwise it generated confusing "Negotiated protocol version 1" debug
messages when processing the second connection.

MFC after:	2 weeks
2013-12-10 20:09:49 +00:00
Mikolaj Golub
9c53997114 Send wakeup to threads waiting on empty queue before releasing the
lock to decrease spurious wakeups.

Submitted by:	davidxu
MFC after:	2 weeks
2013-12-10 20:06:41 +00:00
Mikolaj Golub
d685f88bee In remote_send_thread, if sending a request fails don't take the
request back from the receive queue -- it might already be processed
by remote_recv_thread, which lead to crashes like below:

  (primary) Unable to receive reply header: Connection reset by peer.
  (primary) Unable to send request (Connection reset by peer):
      WRITE(954662912, 131072).
  (primary) Disconnected from kopusha:7772.
  (primary) Increasing localcnt to 1.
  (primary) Assertion failed: (old > 0), function refcnt_release,
      file refcnt.h, line 62.

Taking the request back was not necessary (it would properly be
processed by the remote_recv_thread) and only complicated things.

MFC after:	2 weeks
2013-12-10 20:05:07 +00:00
Mikolaj Golub
4d70e06ffc Fix compiler warnings.
MFC after:	2 weeks
2013-12-10 20:02:09 +00:00
Mikolaj Golub
8f04423f25 Add some macros to make the code more readable (no functional chages).
MFC after:	2 weeks
2013-12-10 19:58:10 +00:00
Mikolaj Golub
5d69ed535e For memsync replication, hio_countdown is used not only as an
indication when a request can be moved to done queue, but also for
detecting the current state of memsync request.

This approach has problems, e.g. leaking a request if memsynk ack from
the secondary failed, or racy usage of write_complete, which should be
called only once per write request, but for memsync can be entered by
local_send_thread and ggate_send_thread simultaneously.

So the following approach is implemented instead:

1) Use hio_countdown only for counting components we waiting to
   complete, i.e. initially it is always 2 for any replication mode.

2) To distinguish between "memsync ack" and "memsync fin" responses
   from the secondary, add and use hio_memsyncacked field.

3) write_complete() in component threads is called only before
   releasing hio_countdown (i.e. before the hio may be returned to the
   done queue).

4) Add and use hio_writecount refcounter to detect when
   write_complete() can be called in memsync case.

Reported by:	Pete French petefrench ingresso.co.uk
Tested by:	Pete French petefrench ingresso.co.uk
MFC after:	2 weeks
2013-12-10 19:56:26 +00:00
Pawel Jakub Dawidek
c1788b63ab Some improvements to the casperd manual page.
Submitted by:	emaste
2013-12-08 19:32:29 +00:00
Rick Macklem
a8e2866ccd Document the noncontigwr NFS mount option.
This is a content change.

MFC after:	3 weeks
2013-12-08 00:59:04 +00:00
Eitan Adler
a1e8527fd1 route(1): Pull static data to the top of the file.
This is a pre-requisisite to some upcoming changes.

Submitted by:	Sebastian Huber <sebastian.huber@embedded-brains.de>
Discussed on:	-hackers
2013-12-04 20:15:53 +00:00
Eitan Adler
2cd2dfc435 route(1): Pull static buffer out of the function and into function scope.
This will make it easier to link as a library.

Submitted by:	Sebastian Huber <sebastian.huber@embedded-brains.de>
Discussed on:	-hackers
2013-12-04 20:13:29 +00:00
Eitan Adler
9474873899 route(1): Pull static buffer out of the function and into function scope.
This will make it easier to link as a library.

Submitted by:	Sebastian Huber <sebastian.huber@embedded-brains.de> (older version)
Discussed on:	-hackers
2013-12-04 20:08:57 +00:00
Eitan Adler
2fc0b58544 route(1): Pull static variable out of the function and into function scope.
This will make it easier to link as a library.

Submitted by:	Sebastian Huber <sebastian.huber@embedded-brains.de> (older version)
Discussed on:	-hackers
2013-12-04 20:07:34 +00:00
Eitan Adler
b9f2ea4a57 route(1): Pull static buffer out of the function and into function scope.
This will make it easier to link as a library.

Submitted by:	Sebastian Huber <sebastian.huber@embedded-brains.de> (older version)
Discussed on:	-hackers
2013-12-04 20:03:55 +00:00
Edward Tomasz Napierala
0efd9bfd47 Add "null" backend to mdconfig(8). This does exactly what the name
suggests, and is somewhat useful for benchmarking.

MFC after:	1 month
No objections from:	kib
Sponsored by:	The FreeBSD Foundation
2013-12-04 07:38:23 +00:00
Eitan Adler
eeca71dbbf Avoid using a static buffer in atalk_ntoa. This will help allow users to call route(1) as a library.
Submitted by:	Sebastian Huber <sebastian.huber@embedded-brains.de> (older version)
Discussed on:	-hackers
Reviwed by:	adri (different older version)
2013-12-04 05:06:56 +00:00
Eitan Adler
4cb3201829 Add const qualifier where appropriate
Submitted by:	Sebastian Huber <sebastian.huber@embedded-brains.de>
2013-12-04 04:29:52 +00:00
Eitan Adler
df0888760a Add const qualifier where appropriate
Submitted by:	Sebastian Huber <sebastian.huber@embedded-brains.de>
2013-12-04 04:28:49 +00:00
Eitan Adler
9b80225631 Turn 'n' into a local variable. This is required for additional changes.
Submitted by:	Sebastian Huber <sebastian.huber@embedded-brains.de>
2013-12-04 04:28:00 +00:00
Pawel Jakub Dawidek
9a2d4197a7 Initialize cookie before use.
Reported by:	Coverity
Coverity CID:	1135292
2013-12-03 13:28:05 +00:00
Pawel Jakub Dawidek
42a8595256 Please welcome casperd daemon. It (and its services) will be responsible for
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.

Start with the following services:
- system.dns - provides API compatible to:
	- gethostbyname(3),
	- gethostbyname2(3),
	- gethostbyaddr(3),
	- getaddrinfo(3),
	- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.

Sponsored by:	The FreeBSD Foundation
2013-12-02 08:21:28 +00:00
Pawel Jakub Dawidek
fc4618e769 Remove trailing backslash. 2013-12-01 09:52:38 +00:00
Alexander V. Chernikov
1058f17749 Check ipfw table numbers in both user and kernel space before rule addition.
Found by:	Saychik Pavel <umka@localka.net>
MFC after:	2 weeks
Sponsored by:	Yandex LLC
2013-11-28 10:28:28 +00:00
Juli Mallett
c69a7a718d Fix fdisk(8) to create 2TB partitions on disks larger than 2TB, rather than
only being able to create 1TB partitions:
o) Use an unsigned 32-bit quantity to store the number of disk sectors.
o) Detect overflow of said 32-bit quantity and clamp to 2^32.
o) Rather than returning the disk sector count from get_params, return 0 on
   success, since its return value is only ever compared to -1 to detect
   failure.  This would cause returning 2^32 sectors to be interpreted as an
   error.

Reviewed by:	bde ("good for a quick fix")
2013-11-27 17:59:13 +00:00
Alexander V. Chernikov
4d47b0d69c Fix key lookup in ipfw(8) broken since r232865.
Print warning for IPv4 address strings which are valid in
inet_aton() but not valid in inet_pton(). (1)

Found by:	Özkan KIRIK <ozkan.kirik@gmail.com>
Submitted by:	Ian Smith <smithi@nimnet.asn.au> (1)
MFC after:	2 weeks
Sponsored by:	Yandex LLC
2013-11-27 10:10:25 +00:00
Edward Tomasz Napierala
c6919e7fdc Fix warnings to not append "No error: 0".
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2013-11-26 19:14:18 +00:00
Sergey Kandaurov
bb39ffb8c9 Adjust introduction history.
Dump .Dd for this and previous changes.

Discussed with:	trasz
MFC after:	3 days
2013-11-25 23:45:50 +00:00
Gleb Smirnoff
116e43f021 Remove __FreeBSD__ ifdefs. 2013-11-22 20:13:32 +00:00
Gleb Smirnoff
0c46447bda Rewrite usage() so that its source code resembles what is printed. 2013-11-22 20:11:17 +00:00
Sergey Kandaurov
5cd4723c5c - Purge one more reference to ad(4)[1].
- NSWAPDEV limit has gone.

Noticed by:	Sergey V. Dyatko [1]
MFC after:	1 week
2013-11-22 12:09:15 +00:00
Andrey V. Elsukov
32cea4ca0f Add "resize" verb to gmirror(8) and such functionality to geom_mirror(4).
Now it is easy to expand the size of the mirror when all its components
are replaced. Also add g_resize method to geom_mirror class. It will write
updated metadata to new last sector, when parent provider is resized.

Silence from:	geom@
MFC after:	1 month
2013-11-19 22:55:17 +00:00
Jim Harris
4a14f9dadc Check for special status code from FIRMWARE_ACTIVATE command
signifying that a reboot is required to complete activation
of the requested firmware image.

Reported by:	Joe Golio <joseph.golio@emc.com>
Sponsored by:	Intel
MFC after:	3 days
2013-11-12 21:14:19 +00:00
Devin Teske
b85e9d27f6 Fix a typo: s/wriable/writable/ 2013-11-12 17:44:29 +00:00
Andriy Gapon
1bb0777e41 devd: lower priority of action execution logging to info
Reviewed by:	asomers
2013-11-07 16:24:31 +00:00
Andriy Gapon
2e024bc22f devd: fix a typo in a comment
Reviewed by:	asomers
2013-11-07 16:22:04 +00:00
Gleb Smirnoff
7df3f98623 Axe IFF_SMART.
Submitted by:	pluknet
2013-11-05 14:11:31 +00:00
Pawel Jakub Dawidek
cb491a4d63 Correct alignment. 2013-11-03 19:02:18 +00:00
Jim Harris
f97bf48a87 Do not exit with error status after printing data for perftest.
Sponsored by:	Intel
Reported by:	Joe Golio <joseph.golio@emc.com>
MFC after:	3 days
2013-11-01 22:05:29 +00:00
Nathan Whitehorn
abe8350519 printf() specifier updates to CAM to handle either 32-bit or 64-bit lun_id_t.
MFC after:	2 weeks
2013-10-30 14:13:15 +00:00
Gleb Smirnoff
3e4d5cd37b Make userland tools honor WITHOUT_PF build option.
Tested by:	dt71@gmx.com
2013-10-29 17:38:13 +00:00
Xin LI
9da19cd746 Don't call arc4random_stir() explicitly. To quote arc4random(3)
manual page:

    There is no need to call arc4random_stir() before using
    arc4random() functions family, since they automatically
    initialize themselves.

No objection:	des
MFC after:	2 weeks
2013-10-29 17:34:15 +00:00
Baptiste Daroussin
e0b95cb532 Import pf_print_state.c 1.54 from OpenBSD
Original log:
pfctl -ss printed state levels for ICMPv6. Disable this the same
way it has already been done for ICMPv4.

Difference with OpenBSD:
- WITHOUT_INET6 safe

Obtained from:	OpenBSD
2013-10-27 21:07:37 +00:00
John-Mark Gurney
52a522a283 bump date forgotten in r257165 2013-10-26 18:23:43 +00:00
John-Mark Gurney
8cde1e8a69 Document that -a will output the device name when -u is not specified..
when -u is specified it is not...

update the docs to say that you can use full device names w/ -u, and
update the examples...

Submitted by:	#vbsdcon
MFC after:	3 days
2013-10-26 15:05:27 +00:00
Mikolaj Golub
6b66c350a7 Make hastctl list command output current queue sizes.
Reviewed by:	pjd
MFC after:	1 month
2013-10-26 08:38:21 +00:00
Mikolaj Golub
d03a08e5e6 Merging local and remote bitmaps must be protected by hr_amp lock.
This is believed to fix hastd crashes, which might occur during
synchronization, triggered by the failed assertion:

 Assertion failed: (amp->am_memtab[ext] > 0),
 function activemap_write_complete, file activemap.c, line 351.

MFC after:	1 week
2013-10-26 08:35:54 +00:00
Hiroki Sato
4103b0b025 Return 0 if:
1. "-u N" specified, no -f, and mdN found,
  2. no -u, "-f /pathname" specified, and mdN associated with /pathname found,
  3. "-u N" specified, "-f /pathname" specified, and both of them found,
  4. "-l" specified and no -f,
  5. "-l" specified, "-f /pathname" specified, and /pathname found.

otherwise return -1.

Spotted by:	Julian H. Stacey
2013-10-24 01:06:44 +00:00
Pedro F. Giffuni
4b367145f7 UFS2: make di_extsize unsigned.
di_extsize is the EA size and as such it should be unsigned.
Adjust related types for consistency.

Reviewed by:	mckusick (previous version)
MFC after:	3 weeks
2013-10-24 00:33:29 +00:00
Alan Somers
86b2e94a3d sbin/geom/class/part/geom_part.c
Always validate the return of find_geomcfg().  It could be NULL, for
	example when the geom is withering.

Approved by:	ken (mentor)
Sponsored by:	Spectra Logic Corporation
MFC after:	3 weeks
2013-10-23 18:58:11 +00:00
Gleb Smirnoff
2e25a531a3 Provide a working example line for an interface with 1 address running
with CARP.

Currently, we've got a problem that interface isn't IFF_UP at the time
we assign it a redundant address, and the latter gets stuck in INIT state.
Additional SIOCSIFFLAGS from ifconfig(8) kicks it to a working state.

A proper fix is kernel side and appeared to be non-trivial, not to be
checked in before 10.0-RELEASE.

Submitted by:	Ole Myhre <ole.myhre dataoppdrag.no>
2013-10-21 05:14:00 +00:00
Dag-Erling Smørgrav
6c1336a96c Do not error out when adding an interface to a group to which it
already belongs or removing it from a group to which it does not
belong.  This makes it possible to include group memberships in
ifconfig_foo0 in rc.conf without fear of breaking "service netif
restart foo0".

MFC after:	3 days
2013-10-19 09:59:11 +00:00
Hiroki Sato
6c3bcdf0de Use long explicitly for the time difference. 2013-10-18 02:22:38 +00:00
Hiroki Sato
de109e29ef - Add relative specification in expiration time.
- Add proto3 option for RTF_PROTO3.
- Use %lu for members of struct rt_metrics.
2013-10-17 19:04:05 +00:00
Kevin Lo
e3c60d1497 Check for EHOSTUNREACH when establishing a connection.
Reviewed by:	trasz
2013-10-17 01:59:08 +00:00
Xin LI
202038ae05 Prevent an unlikely, but real double free issue in gvinum(8).
Coverity ID: 1018965
2013-10-15 21:04:46 +00:00
Kevin Lo
482d883100 Use INADDR_NONE instead of -1 to check inet_addr() result.
Reviewed by:	glebius
2013-10-15 07:37:30 +00:00
Alexander Motin
c1215c324a Fix mode page length calculation to remove last garbage line from the
`camcontrol mode daX -l` output.

PR
Approved by:	re (gjb)
MFC after:	2 weeks
2013-10-11 17:00:09 +00:00
Edward Tomasz Napierala
9fe6d21bce Remove unimplemented options from iscsi.conf(5) manual page, mention
that it's being used by both initiators, and change the title to make
it more easily searchable.

Approved by:	re (glebius)
Sponsored by:	FreeBSD Foundation
2013-10-10 11:28:20 +00:00
Jim Harris
992db80f1d Extend some 32-bit fields and variables to 64-bit to prevent overflow
when calculating stats in nvmecontrol perftest.

Sponsored by:	Intel
Reported by:	Joe Golio <joseph.golio@emc.com>
Reviewed by:	carl
Approved by:	re (hrs)
MFC after:	1 week
2013-10-08 15:47:22 +00:00
Gleb Smirnoff
3bf351b29a When destination parameter is missing, exit with a clear synopsis,
instead of writing to kernel and printing EINVAL description.

PR:		bin/181532
Submitted by:	Kurt Jaeger <fbsd-pr opsec.eu>
Approved by:	re (hrs)
2013-10-08 08:16:17 +00:00
Mark Johnston
e590690fad Fix an inverted check for the master user in "camcontrol security -U".
PR:		bin/182703
Submitted by:	Scott Burns <scott@bqinternet.com>
Approved by:	re (gjb)
MFC after:	3 days
2013-10-08 04:16:22 +00:00
Ed Maste
9d85dfae1e Fix resource leaks
Found by:	Coverity Scan, CID 1016673, 1007118
Approved by:	re
2013-10-07 16:45:16 +00:00
Sergey Kandaurov
05d98029e9 Sweep man pages replacing ad -> ada.
Approved by:	re (blackend)
MFC after:	1 week
X-MFC note:	stable/9 only
2013-10-01 18:41:53 +00:00
Hiren Panchasara
bf0834df2d Improve grammar and readability.
Reviewed by:	sbruno, loos
Approved by:	re (gjb)
2013-09-20 19:25:01 +00:00
Hiren Panchasara
ba5ff393cd Fix a range check and a display string.
Reviewed by:	loos
Approved by:	sbruno (mentor, implicit)
Approved by:	re (glebius)
2013-09-20 15:57:50 +00:00
Mikolaj Golub
31b81dd333 Fix comments.
Approved by:	re (marius)
MFC after:	3 days
2013-09-19 20:20:59 +00:00
Mikolaj Golub
a818a4ff09 When updating the map of dirty extents, most recently used extents are
kept dirty to reduce the number of on-disk metadata updates. The
sequence of operations is:

1) acquire the activemap lock;
2) update in-memory map;
3) if the list of keepdirty extents is changed, update on-disk metadata;
4) release the lock.

On-disk updates are not frequent in comparison with in-memory updates,
while require much more time. So situations are possible when one
thread is updating on-disk metadata and another one is waiting for the
activemap lock just to update the in-memory map.

Improve this by introducing additional, on-disk map lock: when
in-memory map is updated and it is detected that the on-disk map needs
update too, the on-disk map lock is acquired and the on-memory lock is
released before flushing the map.

Reported by:	Yamagi Burmeister yamagi.org
Tested by:	Yamagi Burmeister yamagi.org
Reviewed by:	pjd
Approved by:	re (marius)
MFC after:	2 weeks
2013-09-19 20:19:08 +00:00
Mikolaj Golub
1c1310eed7 Use cv_broadcast() instead of cv_signal() when waking up threads
waiting on an empty queue as the queue may have several consumers.

Before the fix the following scenario was possible: 2 threads are
waiting on empty queue, 2 threads are inserting simultaneously. The
first inserting thread detects that the queue is empty and is going to
send the signal, but before it sends the second thread inserts
too. When the first sends the signal only one of the waiting threads
receive it while the other one may wait forever.

The scenario above is is believed to be the cause of the observed
cases, when ggate_recv_thread() was getting stuck on taking free
request, while the free queue was not empty.

Reviewed by:	pjd
Tested by:	Yamagi Burmeister yamagi.org
Approved by:	re (marius)
MFC after:	2 weeks
2013-09-19 20:15:24 +00:00
Edward Tomasz Napierala
009ea47eb2 Bring in the new iSCSI target and initiator.
Reviewed by:	ken (parts)
Approved by:	re (delphij)
Sponsored by:	FreeBSD Foundation
2013-09-14 15:29:06 +00:00
Joel Dahl
5bb17266af - Begin sentence on a new line.
- Minor language fixes.
2013-09-07 05:44:53 +00:00
Pedro F. Giffuni
a0161728bb newfs_msdos: fix inaccurate comments.
The fields from deMTime and deMDate in the DOS directory entry
are actually the last-modified time/date.

According to some online documentation these are the only
timestamps available in FAT12/FAT16.

MFC after:	3 days
2013-09-07 03:10:12 +00:00
Cy Schubert
bfc88dcbf7 Update ipfilter 4.1.28 --> 5.1.2.
Approved by:		glebius (mentor)
BSD Licensed by:	Darren Reed <darrenr@reed.wattle.id.au> (author)
2013-09-06 23:11:19 +00:00
Bryan Venteicher
79c37de672 Bump .Dd after r255307 and r255310
Requested by:	joel
2013-09-06 21:26:36 +00:00
Bryan Venteicher
2872a0d81c Add firmware downloading support for Samsung drives
Tested on Samsung SM1625 SSDs.
2013-09-06 16:34:09 +00:00
Bryan Venteicher
ffead710d5 Add camcontrol support for the SCSI sanitize command
Reviewed by:	ken, mjacob (eariler version)
Sponsored by:	Netapp
2013-09-06 15:19:57 +00:00
Hiroki Sato
79ba2f3110 Style clean-ups.
Reviewed by:	md5
2013-09-05 21:19:16 +00:00
Hiroki Sato
4139627db6 Enable "late" option when a file= option is specified in /etc/fstab.
The file= option requires rw mount where the backing store exists but
it does not work because rc.d/swap runs before rc.d/fsck.
Reported by:	wblock
2013-09-05 20:50:52 +00:00
Pawel Jakub Dawidek
7008be5bd7 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
Sergey Kandaurov
d4e069e581 Typo in strtol(3).
Noticed by:	bde
2013-08-30 10:01:19 +00:00
Alexander Motin
27dfa8eb60 Add missing newlines to Fibre Channel attributes output. 2013-08-27 06:50:46 +00:00
Edward Tomasz Napierala
9732e4fd92 Move the old iSCSI initiator source to a more appropriate place
(sys/dev/iscsi_initiator/ instead of sys/dev/iscsi/initiator/), to make
room for the new one.  This is also more logical location (kernel module
being named iscsi_initiator.ko, for example).  There is no ongoing work
on this I know of, so it shouldn't make life harder for anyone.

There are no functional changes, apart from "svn mv" and adjusting paths.
2013-08-22 14:02:34 +00:00
Dag-Erling Smørgrav
8ce80d4bd4 Fix the zeroing loop. I must have been drunk when I wrote this...
MFC after:	3 days
2013-08-20 07:19:58 +00:00
Jilles Tjoelker
595ab5638b init: Set kernel login class and CPU mask on new processes.
In particular, this makes the kernel login class on processes started from
/etc/rc "daemon" instead of "default".

Reviewed by:	trasz
2013-08-13 18:51:26 +00:00
Marcel Moolenaar
e01c6f329a Change <sys/diskpc98.h> to not redefine the same symbols that are
being defined in <sys/diskmbr.h>. Instead give the symbols here a
"PC98_" prefix. This way, both <sys/diskmbr.h> and <sys/diskpc98.h>
can be included in the same C source file.

The renaming is trivial. The only gotcha is that DOSBBSECTOR is
also redefined from 0 to 1. This because DOSBBSECTOR was always
used in conjunction with an addition of 1. The PC98_BBSECTOR symbol
is defined as 1 and the expression is simplified.

Note: it is not believed that ports are seriously impacted; or at
all for that matter.

Approved by: nyan@
2013-08-07 00:00:48 +00:00
Chris Rees
454283379f Note NULL encryption method for GELI
PR:		docs/180551
Submitted by:	r4721@tormail.org
Approved by:	gjb (mentor)
2013-08-05 10:38:34 +00:00
Hiroki Sato
15768a8b07 Fix boundary check of sockaddr array.
Reported by:	uqs
2013-08-01 04:50:46 +00:00
Xin LI
5428273365 Make two buffer variables static for now. It is not safe to
reference stack memory after return.

MFC after:	2 weeks
2013-07-31 07:09:35 +00:00
Xin LI
cab9f71ffe Resolve fflag with realpath().
MFC after:	2 weeks
2013-07-31 07:06:58 +00:00
Scott Long
80d5f59d57 Document the -S flag to fsck_ffs
Obtained from:	Netflix
2013-07-31 04:51:12 +00:00
Scott Long
ce779f3756 Add a 'surrender' mode to fsck_ffs. With the -S flag, once hard read errors
are encountered, the fsck will stop instead of wasting time chewing through
possibly other errors.

Obtained from:	Netflix
MFC after:	3 days
2013-07-30 22:57:12 +00:00
Andriy Gapon
a29cc9a34b Revert r253748,253749
This WIP should not have been committed yet.

Pointyhat to:	avg
2013-07-28 18:44:17 +00:00
Andriy Gapon
c722ec3a51 remove needless inclusion of machine/cpu.h in userland
MFC after:	21 days
2013-07-28 18:35:43 +00:00
Stefan Eßer
8310a2b88c Remove duplicated parapgraph.
MFC after:	3 days
2013-07-24 08:36:29 +00:00
Hiroki Sato
d2034d1b22 Fix a bug in cp += SA_SIZE() in RTA_* loop. This could prevent
RTA_IFP from displaying correctly in route get subcommand.

Spotted by:	dim
2013-07-24 04:05:48 +00:00
Luiz Otavio O Souza
cc320e372e Add a new flag (ETHERSWITCH_VID_VALID) to say what vlangroups are in use.
This fix the case when etherswitch is printing the information of port 0
vlan group (in port based vlan mode) with no member ports.

Add the ETHERSWITCH_VID_VALID support to ip17x driver.

Add the ETHERSWITCH_VID_VALID support to rt8366 driver.

arswitch doesn't need to be updated as it doesn't support vlans management
yet.

Approved by:	adrian (mentor)
2013-07-23 13:56:38 +00:00
Luiz Otavio O Souza
da2a0dcb7a Fix the usage error message. The valid range is up to max. vlan - 1 since vlangroups starts at 0.
Approved by:	adrian (mentor)
2013-07-23 13:40:26 +00:00
Hiroki Sato
9ae3241587 - Use getnameinfo() for both of AF_INET and AF_INET6 in routename().
- Add missing "static".
2013-07-21 14:27:07 +00:00
Hiroki Sato
1addf6e47a - Fix nflag in routename().
- Display a AF_LINK address in #linkN when sdl_{nlen,alen,slen) == 0 and
  sdl_index != 0.
- Reduce unnecessary loop in pmsg_addrs().
- Remove iso_ntoa().  This is not used.
2013-07-21 11:59:41 +00:00
Hiroki Sato
247ba4776c - Simplify getaddr() and print_getmsg() by using RTAX_* instead of RTA_*
as the argument.
- Reduce unnecessary loop in print_getmsg().
2013-07-20 16:46:51 +00:00
Hiroki Sato
b3e0158e59 Show "default" for the zero-filled address consistently when nflag == 0. 2013-07-20 15:58:43 +00:00
Hiroki Sato
74ff9accb4 Add cast to (void *) to the following cases to suppress warnings by
-Wcast-align.  These do not increase the alignment requirement:

- rtm = (struct rt_msghdr *)(rtm + rtm->rtm_msglen)
- struct sockaddr *sa = &sa0; sX = (struct sockaddr_X *)sa
2013-07-20 15:23:42 +00:00