This was needed during the IPSEC->FAST_IPSEC->IPSEC transition
period to not break the build after picking up netipsec header
files. Now that the FAST_IPSEC kernel option is gone and the
default is IPSEC again those defines are superfluous.
Approved by: re (rwatson)
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.
Convert all calls to POSIX from historic BSD API:
- unsetenv returns an int.
- putenv takes a char * instead of const char *.
- putenv no longer makes a copy of the input string.
- errno is set appropriately for POSIX. Exceptions involve bad environ
variable and internal initialization code. These both set errno to
EFAULT.
Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit. A few I re-wrote to use setenv()
instead of putenv().
New regression module for tools/regression/environ to test these
functions. It also can be used to test the performance.
Bump __FreeBSD_version to 700050 due to API change.
PR: kern/99826
Approved by: wes
Approved by: re (kensmith)
be marked as HTTP/1.1 but "Connection: Keep-Alive" is added; this convinces
HTTP/1.0 servers and proxies to hold the TCP connection open despite not
being able to use HTTP pipelining.
This dramatically cuts down on the number of TCP connections (and thus port
numbers) used by portsnap when talking to an HTTP/1.0 proxy (e.g., squid),
and has the side benefit of improving performance in those cases.
Tested by: simon
Approved by: re (kensmith)
MFC After: 1 week
The man page part of the patch is my fault, the changes to the
periodic script is Dominik's.
PR: 88486
Submitted by: Dominik Brettnacher <domi@saargate.de>
Reviewed by: brian
Approved by: re
MFC after: 1 month
Improvements:
* /etc/rc.suspend,rc.resume are always run, no matter the source of the
suspend request (user or kernel, apm or acpi)
* suspend now requires positive user acknowledgement. If a user program
wants to cancel the suspend, they can. If one of the user programs
hangs or doesn't respond within 10 seconds, the system suspends anyway.
* /dev/apm is clonable, allowing multiple listeners for suspend events.
In the future, xorg-server can use this to be informed about suspend
even if there are other listeners (i.e. apmd).
Changes:
* Two new ACPI ioctls: REQSLPSTATE and ACKSLPSTATE. Request begins the
process of suspending by notifying all listeners. acpi is monitored by
devd(8) and /dev/apm listener(s) are also counted. Users register their
approval or disapproval via Ack. If anyone disapproves, suspend is vetoed.
* Old user programs or kernel modules that used SETSLPSTATE continue to
work. A message is printed once that this interface is deprecated.
* acpiconf gains the -k flag to ack the suspend request. This flag is
undocumented on purpose since it's only used by /etc/rc.suspend. It is
not intended to be a permanent change and will be removed once a better
power API is implemented.
* S5 (power off) is no longer supported via acpiconf -s 5 or apm -z/-Z.
This restores previous behavior of halt/shutdown -p being the interface.
* Miscellaneous improvements to error reporting
Approved by: re
This speeds up registration of packages considerably.
- style(9) police welcome!
PR: bin/112630
Submitted by: Stephen Montgomery-Smith <stephen@cauchy.math.missouri.edu>
Tested by: bento i386 experimental run
MFC after: 14 days
when linear acceleration (-a) was enabled with a <1 value to slow them down.
Previously, rounding errors would eat small movements so the mouse had to be
moved a certain distance to get any movement at all. We now calculate the
rounding errors and take them into account when reporting movement.
PR: bin/113749
Submitted by: Oliver Fromme <olli -at- secnetix.de>
MFC after: 3 days
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.
In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.
The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs. E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM. When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made. Then it'll be
enough to set the expire field in future for the commands to run
again. And so on.
Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.
X-Security: should benefit as users have access to cron(8) by default
- Add and document the KVM and KVM_SUPPORT options that
are needed for the ifmcstats(3) makefile
- Garbage collect unused variables
- Add missing inclusion of bsd.own.mk where needed
Approved by: kan (mentor)
Reviewed by: ru
and protocol-independent host mode multicast. The code is written to
accomodate IPv6, IGMPv3 and MLDv2 with only a little additional work.
This change only pertains to FreeBSD's use as a multicast end-station and
does not concern multicast routing; for an IGMPv3/MLDv2 router
implementation, consider the XORP project.
The work is based on Wilbert de Graaf's IGMPv3 code drop for FreeBSD 4.6,
which is available at: http://www.kloosterhof.com/wilbert/igmpv3.html
Summary
* IPv4 multicast socket processing is now moved out of ip_output.c
into a new module, in_mcast.c.
* The in_mcast.c module implements the IPv4 legacy any-source API in
terms of the protocol-independent source-specific API.
* Source filters are lazy allocated as the common case does not use them.
They are part of per inpcb state and are covered by the inpcb lock.
* struct ip_mreqn is now supported to allow applications to specify
multicast joins by interface index in the legacy IPv4 any-source API.
* In UDP, an incoming multicast datagram only requires that the source
port matches the 4-tuple if the socket was already bound by source port.
An unbound socket SHOULD be able to receive multicasts sent from an
ephemeral source port.
* The UDP socket multicast filter mode defaults to exclusive, that is,
sources present in the per-socket list will be blocked from delivery.
* The RFC 3678 userland functions have been added to libc: setsourcefilter,
getsourcefilter, setipv4sourcefilter, getipv4sourcefilter.
* Definitions for IGMPv3 are merged but not yet used.
* struct sockaddr_storage is now referenced from <netinet/in.h>. It
is therefore defined there if not already declared in the same way
as for the C99 types.
* The RFC 1724 hack (specify 0.0.0.0/8 addresses to IP_MULTICAST_IF
which are then interpreted as interface indexes) is now deprecated.
* A patch for the Rhyolite.com routed in the FreeBSD base system
is available in the -net archives. This only affects individuals
running RIPv1 or RIPv2 via point-to-point and/or unnumbered interfaces.
* Make IPv6 detach path similar to IPv4's in code flow; functionally same.
* Bump __FreeBSD_version to 700048; see UPDATING.
This work was financially supported by another FreeBSD committer.
Obtained from: p4://bms_netdev
Submitted by: Wilbert de Graaf (original work)
Reviewed by: rwatson (locking), silence from fenner,
net@ (but with encouragement)
ntpd's "-4" and "-6" options are described in the original documentation
(contrib/ntp/html/ntpd.html). It may be original's doc bug.
PR: docs/112642
Submitted by: Seth Hieronymus<shieronymus@speakeasy.net>
Discussed with: ume
MFC after: 1 week
id used by sysinstall when enabling anonymous FTP.
Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.
PR: 93284
Approved by: ru (mentor)
Reviewed by: simon
change the way of what ppp submits to the RADIUS server
as NAS-Port-Id. Possible options are: the PID of the process
owning the corresponding interface, tun(4) interface number,
interface index (as it would get returned by if_nametoindex(3)),
or it's possible to keep the default behavior. Check the ppp(8)
manual page for details.
PR: bin/112764
Submitted by: novel (myself)
Reviewed by: flz
Approved by: flz
MFC after: 1 month
this bug and submitted these patches to dunstan@. He sent them to me
to test, and I discovered they were needed for the atmel kernel config
files. Since we were playing with them in the terminal room after the
developer's summit today, I thought I'd go ahead and commit them to
allow those folks that now have atmel hardware (thanks Andre) a chance
to try it out w/o my help. Since dunstan@ is asleep right now, risk
stepping on his toes a little by going ahead and committing this
change.
Submitted by: dunstan@, bde@
Tested by: bde@
operating with the "-b basedir" option would not correctly update files
which had flags set or were hardlinked.
Submitted by: Karsten Schmidt
Pointy hat to: cperciva
MFC after: 1 week
is caused by my latest changes to config(8). You're supposed to install new
config(8) in order to prevent yourself from seeing a warning about old
version of that tool.
You should configure the kernel with a new config(8) then.
Oked by: rwatson, cognet (mentor)
Remember about tricky cases, where options contain unfriendly characters,
from the ANSI-C string point of view ('"' in this case). The x09 build
breakage was caused by SC_CUT_SEPCHARS options.
I did test this patch number of times; each time unprofessionally and
inappropriately.
OKed by: cognet (mentor)
This change will let us to have full configuration of a running kernel
available in sysctl:
sysctl -b kern.conftxt
The same configuration is also contained within the kernel image. It can be
obtained with:
config -x <kernelfile>
Current functionality lets you to quickly recover kernel configuration, by
simply redirecting output from commands presented above and starting kernel
build procedure. "include" statements are also honored, which means options
and devices from included files are also included.
Please note that comments from configuration files are not preserved by
default. In order to preserve them, you can use -C flag for config(8). This
will bring configuration file and included files literally; however,
redirection to a file no longer works directly.
This commit was followed by discussion, that took place on freebsd-current@.
For more details, look here:
http://lists.freebsd.org/pipermail/freebsd-current/2007-March/069994.htmlhttp://lists.freebsd.org/pipermail/freebsd-current/2007-May/071844.html
Development of this patch took place in Perforce, hierarchy:
//depot/user/wkoszek/wkoszek_kconftxt/
Support from: freebsd-current@ (links above)
Reviewed by: imp@
Approved by: imp@
Not because I admit they are technically wrong and not because of bug
reports (I receive nothing). But because I surprisingly meets so
strong opposition and resistance so lost any desire to continue that.
Anyone who interested in POSIX can dig out what changes and how
through cvs diffs.
traceroute6(8) force -w flag (wait time) to be > 1 sec. Make it
possible to use 1 sec wait time.
PR: bin/110933
Submitted by: Dmitry Marakasov
Reviewed by: freebsd-net (silence)
MFC after: 1 month
- Allow the "-t" option to take a regular expression naming command
line processes to attach process PMCs to.
- Update the manual page and add an example showing the use of the
new functionality.
- Update the (c) year on the affected source files.
that the MSI mapping window is fixed at 0xfee00000 and the capability
does not include two more dwords used to program the address. Supporting
this mostly results in quieting spurious warnings during boot about
non-default MSI mapping windows.
- HT 2.00b also added a new HT capability type, so support that in pciconf.
MFC after: 3 days
Tested by: jmg
- The '-c' option now takes a comma-separated list of CPU
numbers, or a literal '*' denoting all CPUs in the system.
Subsequent system PMCs are allocated on the CPUs so specified.
Change the default behaviour to allocate system PMCs on all CPUs,
not just CPU 0.
Update the manual page and add an example of how to use the new
functionality.
- Attach PMCs to a (commandline) child process more reliably. This
fixes a long standing bug in counting events incurred by short-lived
processes.
1) The man page should describe the code, not the other way around.
2) Internal variables should not be documented or exposed, except in
controlled circumstances (i.e. - That's what the -C flag is for).
The variable should have been saved to the config file in save_config().
3) The next available userid doesn't get automatically updated. The
end-result is the same (user gets added with the correct uid),
but in an interactive session the default uid doesn't get updated in
the display.
So,
o Use the uidstart variable instead of uuid (bug #3)
o Actually save the variable to adduser.conf (bug #2)
o (bug #1 to be fixed in an upcomming commit to adduser.conf.5)
MFC After: 2 weeks
* Build with or without INET, INET6, or KVM features.
* When built without KVM, the sysctl-based getifmaddrs() function
is used as the back-end for the utility.
* Reflect the fact that FreeBSD now uses the in_multi refcount as
a true refcount.
* Style.
The utility may now be run without super-user privilege, albeit with
a less detailed display, equivalent to that of the soon-to-be-retired
netstat -g host-mode output.
MFC after: 3 weeks
unmount jail-friendly file systems from within a jail.
Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and
PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user.
It is turned off by default.
A jail-friendly file system is a file system which driver registers
itself with VFCF_JAIL flag via VFS_SET(9) API.
The lsvfs(1) command can be used to see which file systems are
jail-friendly ones.
There currently no jail-friendly file systems, ZFS will be the first one.
In the future we may consider marking file systems like nullfs as
jail-friendly.
Reviewed by: rwatson
to sockaddr ones and using svc_getrpccaller instead of svc_getcaller.
A similar patch was committed to rpc.lockd back in 2002 .
PR: bin/42004
MFC after: 1 week
the user's newly created home directory. If omitted, it's derived
from the current umask.
PR: bin/16880, bin/83253 (partially), bin/104248
MFC in: 1 month
Possibly merge or split with netstat -g.
TODO: Make !defined(INET6) clean.
TODO: Add -M/-N instead of -k.
TODO: Use sysctls instead of kvm.
Obtained from: KAME
MFC after: 2 weeks
# ls -ld /mnt/{foo,bar}
drwxr-xr-x 3 root wheel 512 Mar 16 06:56 /mnt/bar
lrwxr-xr-x 1 root wheel 3 Mar 16 12:10 /mnt/foo -> bar
# grep /mnt/foo /etc/fstab
/dev/da1 /mnt/foo ufs rw 0 0
Which means, we give symbolic link as a mount point to mount(8), but mount(8)
use realpath(3) before mounting the file systems, so we get:
# mount | grep /dev/da1
/dev/da1 on /mnt/bar (ufs, local)
Before the commit:
# snapinfo /mnt/foo
usage: snapinfo [-v] -a
snapinfo [-v] mountpoint
# snapinfo /mnt/bar
/mnt/bar/snap
This commit makes snapinfo(8) to first realpath(3) the given mount point and
now we have:
# snapinfo /mnt/foo
/mnt/bar/snap
# snapinfo /mnt/bar
/mnt/bar/snap
point path. This way we properly handle the case when file system listed
in /etc/fstab was unmounted and another file system was mounted on the
same mount point.
the acceleration algorithm. It can be used together with the '-a' flag for
regular acceleration.
PR: bin/110003
Submitted by: Oliver Fromme <olli -at- lurza.secnetix.de>
MFC after: 1 week
sockets. Instead of rejecting all unix domain connections when the
-C flag is given, allow them instead. Aragon tested an earlier
version of the patch.
PR: 109315
MFC after: 2 weeks
Tested-by: Aragon Gouveia <aragon@phat.za.net>
as crontab(5) states it can be. This is supported by all vixie-cron derived
implementations; not sure why FreeBSD was any different.
PR: bin/106442
MFC after: 2 weeks
from an URL (i.e., do it the same way as when installing
from a file). This fixes the lossage of the setuid bits.
It wasn't a problem before because GNU tar(1) implied the
-p option for root, but BSD tar(1) doesn't do that.
Discussed with: tobez and some advanced users :)
complete the boot and enter into sysinstall, and only then inserts
a CD into the CDROM drive and tries to select that as the install
media the first call to mount(2) generates EIO but the second call
to mount(2) will succeed. This was 100% reproducible on 6.2-RELEASE,
RELENG_6, and HEAD. If the user inserts the disc into the CDROM
while the machine is booting off the floppies the first call to mount(2)
succeeds with no problems. The problem was originally reported in
PR #56952 against 5.1-CURRENT so it's been there for a while now.
PR: bin/56952
MFC after: 2 weeks
- Pass the address of the variable we are reading to kvm_read() rather
than the index into the nlist array.
- Properly report errors from kvm_read() which returns -1 on error, not
0.
MFC after: 3 days
in fstab and they are normally mounted as /a/b, if /b is not mounted,
the various quota utilities will incorrectly operate with the quotas on
/a (silently) when operations are attemted on /b.
Sync up all the hasquota() routines between all the different
quota utilities and change it to detect if the file system we are
attempting to perform quota operations on is not currently mounted
and warn the user accordingly.
PR: bin/38918
will operate directly on the quota file. It will incorrectly write
the prototype user's usage information for each new quota it sets.
Fixed to read in the current quota information and update the
file correctly.
If quotas are enabled the kernel handles this case fine.
PR: bin/15410
via a new -c flag to be used with -l. Some simple parsing code is
present for the following capabilities: Power Management, AGP, VPD,
MSI, PCI-X, HyperTransport, Vendor-specific, EHCI Debug Port, PCI-PCI
bridge subvendor ID, PCI-express, and MSI-X.
- Fix a few warnings in pciconf.c.
- Update some cruft in pciconf(8):
- PCI 2.1 is no longer a revolutionary standard, and subvendor ID's are
fairly common at this point, so reflect that.
- Header type 2 is used for PCI-CardBus bridges.
- Describe the -v option for -l after completing the basic -l description
instead of disrupting the flow in the middle.
Reviewed by: imp (partially)
MFC after: 1 week
added with a single invocation of pkg_add, replacing it with something
rather more dynamic.
Approved by: portmgr (pav)
Tested by: full pointyhat package run
MFC after: 1 week
warnx(3) to be compiled on systems that have it (e.g. FreeBSD),
while the intention was opposite, i.e., compile them on systems
that don't have them. Also fixes static linkage of pkg_sign(1).
/boot/kernel can fail. Try to remove /boot/kernel.prev and cope the
best we can if that fails.
PR: bin/106376
Submitted by: Nobuyuki Koganemaru
Approved by: ru
MFC after: 2 weeks
* Change the API of bridge_get_basemac to take a maximum buffer length.
bridge_if.c
* Adopt to new API.
* In bridge_attach_newif() remove an additional pointer to the buffer
by shuffling the code a bit. Also makes the code more readable.
bridge_sys.c
* bridge_get_basemac():
- Adopt to the new API.
- Change check for error code of getifaddrs().
- First check for sa_family != AF_LINK.
- Copy sockaddr_dl * to get around alignment constraints on some
platforms.
- Use strcmp instead of strncmp so that "foo11" != "foo1".
* other functions:
- Allocate n times of the struct we need instead of arbitrary len,
cast to the type we want it to be and pass around struct *s instead
of char *s. This gets us around alignment restrictions on some
platforms and in addition it is more clear what data is passed around.
- Name variables for same types consistently.
Reviewed by: syrinx
Note that while later versions of the ntpd documentation use the term
"dual logarithm", the text added here is consistent with the remainder
of the current document.
PR: docs/106926
Submitted by: Jeremy Chadwick
This is consistent with kern.module_path sysctl and also compensates
for the unconventional syntax of asf(8) where the last of multiple
arguments is the output file, which prevents us from using the
traditional Unix syntax "foo file ..." to specify multiple module
dirs.
Submitted by: emaste
MFC after: 1 week
SNMP option argument. That way the compiler will give a warning in
case of a missing or an extra but unknown 'case:'.
Do the same for SNMP LEAF objects to be prepared once gensnmptree will
auto-generate enums for those too.
Add an abort() after the switch() instead of the 'default:' to catch
any errors. The nice side effect is that the compiler will correctly
track supposed to be 'uninitialized' variables with that.
When trying to set a value sanity check it before calling the OS
dependent API of snmp_bridge to tell whether it is an attempt to
set a bad value or a general error.
Suggested by: harti (first part)
Approved by: bz (mentor)
