Commit Graph

1475 Commits

Author SHA1 Message Date
emaste
c86cbe211d regen src.conf.5 after r313169
Sponsored by:	The FreeBSD Foundation
2017-03-02 02:10:59 +00:00
glebius
745bcd6fba Remove SVR4 (System V Release 4) binary compatibility support.
UNIX System V Release 4 is operating system released in 1988. It ceased
to exist in early 2000-s.
2017-02-28 05:14:42 +00:00
imp
36fafdbb83 Remove EISA bus support for add-in cards. Remove related kernel and
compile options. Remove doxygen pointers to now deleted files. Remove
EISA and VME as examples in bus_space.9.

Retained EISA mode code for IO PIC and MPTABLES because that's not
EISA bus, per se, and some people have abused EISA to mean "EISA-like
behavior as opposed to ISA" rather than using it for EISA add-in
cards.

Relnotes: yes
2017-02-16 21:57:35 +00:00
nyan
dd885e962b Regen after r312910. 2017-01-28 02:25:33 +00:00
kib
5c7955abff Document mount option "nonc" for tmpfs.
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D9258
2017-01-22 19:50:23 +00:00
kib
d1597b221e Editing and clarifications for tmpfs(5).
Submitted by:	wblock
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D9211
2017-01-22 19:46:14 +00:00
kib
a9d8825913 Refresh tmpfs(5) man page.
Provide more useful explanation of features and quirks.

Reviewed by:	emaste, vangyzen
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D9211
2017-01-19 18:26:06 +00:00
cem
4d542f9fe8 ufs/extattr.h: Fix documentation of ea_name termination
The ea_name string is not nul-terminated.  Correct the documentation.

Because the subsequent field is padded to 8 bytes, and the padding is
zeroed, the ea_name string will appear to be nul-terminated whenever the
length isn't exactly one (mod eight).

This was introduced in r167010 (2007).

Additionally, mark the length fields as unsigned.  This particularly
matters for the single byte ea_namelength field, which can represent
extended attribute names up to 255 bytes long.

No functional change.

PR:		216127
Reported by:	dewayne at heuristicsystems.com.au
Reviewed by:	kib@
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D9206
2017-01-18 17:55:49 +00:00
ngie
656d99b82a Regenerate src.conf(5) after r311548
MFC after:	1 week
2017-01-06 21:14:07 +00:00
wblock
95d4425cb2 Fix src.conf(5) description of WITHOUT_USB_GADGET_EXAMPLES.
PR:		215831
Submitted by:	p5B2E9A8F@t-online.de
MFC after:	1 week
Sponsored by:	iXsystems
2017-01-06 16:43:45 +00:00
ngie
59b0ab49ed Regen src.conf after recent changes to tools/build/options/... and
src.opts.mk
2017-01-02 20:14:06 +00:00
emaste
8cf971138f Restore missing comment in src.conf.5
I'm not sure how I managed to generate src.conf.5 without the comment;
add it manually while looking into that.

Reported by:	gjb
2016-12-19 15:05:46 +00:00
emaste
4f0567702d src.conf.5: regen after r310268 (WITH_REPRODUCIBLE_BUILD) 2016-12-19 14:54:06 +00:00
def
f63c437216 Add support for encrypted kernel crash dumps.
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.

A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.

dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable.  Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.

When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore

A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.

Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.

savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.

decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.

Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.

EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.

Designed by:	def, pjd
Reviewed by:	cem, oshogbo, pjd
Partial review:	delphij, emaste, jhb, kib
Approved by:	pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
bapt
0a2a0bf8cc Regen after 309805 2016-12-10 13:30:18 +00:00
emaste
382ab60337 src.conf.5: regen after r309142 (WITH_LLD_AS_LD knob)
Reported by:	Nikolai Lifanov
Sponsored by:	The FreeBSD Foundation
2016-12-09 19:09:58 +00:00
martymac
d766eb8133 Fix path for per-user nsmb.conf file
~/nsmb.conf, as erroneously introduced by r214387, is never used. Fix the man
page to specify that ~/.nsmbrc is used instead.

PR:		210652
Submitted by:	ganael.laplanche@corp.ovh.com
Approved by:	gjb (doceng@)
2016-11-24 10:04:20 +00:00
bapt
53358ca35c Regen 2016-10-15 12:11:30 +00:00
kp
3fbefcb2d1 pf: port extended DSCP support from OpenBSD
Ignore the ECN bits on 'tos' and 'set-tos' and allow to use
DCSP names instead of having to embed their TOS equivalents
as plain numbers.

Obtained from:	OpenBSD
Sponsored by:	OPNsense
Differential Revision:	https://reviews.freebsd.org/D8165
2016-10-13 20:34:44 +00:00
emaste
17523e9e06 src.conf.5: regen after r306965 2016-10-10 15:47:30 +00:00
emaste
636c0ef2f8 Regen src.conf.5 after r306649
Sponsored by:	The FreeBSD Foundation
2016-10-05 20:18:17 +00:00
kp
077476b686 pf: remove fastroute tag
The tag fastroute came from ipf and was removed in OpenBSD in 2011. The code
allows to skip the in pfil hooks and completely removes the out pfil invoke,
albeit looking up a route that the IP stack will likely find on its own.
The code between IPv4 and IPv6 is also inconsistent and marked as "XXX"
for years.

Submitted by:	Franco Fichtner <franco@opnsense.org>
Differential Revision:	https://reviews.freebsd.org/D8058
2016-10-04 19:35:14 +00:00
bdrewery
66ee57c162 Regenerate. 2016-09-21 21:42:06 +00:00
bapt
4942d71a20 Modify manually given makeman is broken due to errors in share/mk/* 2016-09-18 15:40:36 +00:00
bdrewery
33601968a3 Regenerate 2016-08-23 15:31:53 +00:00
emaste
a6dba4727b Regenerate src.conf.5 after r304616 2016-08-22 17:53:18 +00:00
emaste
d108bf1437 Regenerate src.conf.5 after r303394 2016-07-28 13:35:46 +00:00
markj
a04ed73d0b Remove more references to mroute6d, which was removed in r298512. 2016-07-14 00:41:37 +00:00
jtl
be49875b46 Regenerate for WITH_EXTRA_TCP_STACKS updates.
Approved by:	re (gjb)
Sponsored by:	Juniper Networks
2016-06-28 13:42:50 +00:00
bdrewery
452fe84d9b Regenerate
Approved by:	re (implicit, r302177)
2016-06-24 20:00:39 +00:00
kp
b06d3a64e7 pf: Filter on and set vlan PCP values
Adopt the OpenBSD syntax for setting and filtering on VLAN PCP values. This
introduces two new keywords: 'set prio' to set the PCP value, and 'prio' to
filter on it.

Reviewed by:    allanjude, araujo
Approved by:	re (gjb)
Obtained from:  OpenBSD (mostly)
Differential Revision:  https://reviews.freebsd.org/D6786
2016-06-17 18:21:55 +00:00
bdrewery
a048478c50 Renegerate for WITH_META_MODE updates.
Approved by:	re (implicit)
Sponsored by:	EMC / Isilon Storage Division
2016-06-14 18:41:18 +00:00
trasz
d477060046 Fix a bunch of "xref refers to *this* page" igor(1) warnings.
MFC after:	1 month
2016-06-09 06:55:00 +00:00
markj
5c6d3bcb51 Implement an NSS backend for netgroups and add getnetgrent_r(3).
This support appears to have been documented in nsswitch.conf(5) for some
time. The implementation adds two NSS netgroup providers to libc. The
default, compat, provides the behaviour documented in netgroup(5), so this
change does not make any user-visible behaviour changes. A files provider
is also implemented.

innetgr(3) is implemented as an optional NSS method so that providers such
as NIS which are able to implement efficient reverse lookup can do so.
A fallback implementation is used otherwise. getnetgrent_r(3) is added for
convenience and to provide compatibility with glibc and Solaris.

With a small patch to net/nss_ldap, it's possible to specify an ldap
netgroup provider, allowing one to query nisNetgroupTriple entries.

Sponsored by:	EMC / Isilon Storage Division
2016-06-09 01:28:44 +00:00
bdrewery
564e334e47 Regenerate 2016-06-08 12:46:54 +00:00
trasz
2db9a593c0 Fix some trailing whitespaces.
MFC after:	1 month
2016-06-08 10:26:17 +00:00
trasz
b0bb34128b Last few instances of "sentence not on new line".
MFC after:	1 month
2016-06-08 09:36:07 +00:00
araujo
67ba759b09 Bump date in both manpages.
Reported by:	rodrigc
2016-06-07 07:04:05 +00:00
araujo
93e484e00e Add an entry on rc.conf(5) explaining the new options
nis_ypldap_enable and nis_ypldap_flags.

Also add an entry on ypldap(8) that it is a feature ready and
appears on FreeBSD 11.0.

Requested by:	rodrigc
Relnotes:	Yes
2016-06-07 01:00:08 +00:00
bdrewery
13d132737e Regenerate 2016-06-05 23:16:27 +00:00
bdrewery
899ce37fb5 Regenerate 2016-06-05 23:10:05 +00:00
bdrewery
8d9f7ad551 Regenerate 2016-05-24 23:19:03 +00:00
bdrewery
c234fb9e56 Regenerate 2016-05-21 01:35:48 +00:00
bdrewery
6d37daa2e5 Regenerate 2016-05-20 19:25:57 +00:00
jhb
002c0ad487 Remove the reiserfs(5) manpage and an example of loading the kernel module. 2016-05-17 18:42:38 +00:00
jamie
cfbfb8c551 Clarify when happens when there is a "depend" parameter in jail.conf,
and how this affects the "jail_list" option in rc.conf.
2016-04-30 21:27:41 +00:00
bapt
72855a7c5d Add a savecore_enable variable support for the savecore rc script
By default set to 'YES' so it does not change the current behaviour for users,
this variable allows to decide to not extract crach dumps from the dump
device at boot time by setting it to "NO" in rc.conf.

Sponsored by:	Gandi.net
2016-04-29 12:23:56 +00:00
bcr
5e29f72e7d The default value of MINFREE is defined to be 8% in
ufs/ffs/fs.h and not 10%.  The newfs(8) and tunefs(8)
man pages had this change already, but fs(5) did not.
This change makes it consistent again.

Bump Dd.

PR:             204929
Submitted by:   amutu@amutu.com
MFC after:      3 days
Sponsored by:   Essen Linuxhotel Hackathon 2016
2016-04-23 20:45:52 +00:00
gjb
6549ef7d12 MFH
Sponsored by:	The FreeBSD Foundation
2016-04-16 02:32:12 +00:00
bdrewery
b8bfec12ef Regenerate 2016-04-14 22:10:37 +00:00