Commit Graph

5133 Commits

Author SHA1 Message Date
julian
ff9e317817 Allow ipfw to forward to a destination that is specified by a table.
for example:
  fwd tablearg ip from any to table(1)
where table 1 has entries of the form:
1.1.1.0/24 10.2.3.4
208.23.2.0/24 router2

This allows trivial implementation of a secondary routing table implemented
in the firewall layer.

I expect more work (under discussion with Glebius) to follow this to clean
up some of the messy parts of ipfw related to tables.

Reviewed by:	Glebius
MFC after:	1 month
2006-08-17 22:49:50 +00:00
brian
768073acd7 Bump the document date. s/dhclient/.Nm/
Suggested by: ru
2006-08-17 20:11:21 +00:00
brian
68f1f47647 Correct usage() 2006-08-17 17:27:42 +00:00
brian
a3922ffaf6 Add a -p switch to dhclient. The switch tells dhclient to persist
despite the interface link status.

Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface).  These can be used to give
interface specific flags to dhclient.

Reviewed by:	brooks@
2006-08-17 17:12:27 +00:00
kan
a006062051 Regularly scheduled patch to unbreak regularly scheduled post-ipfilter
buildworld breakage.

Exclude loglevel.c from the build. It does not appear to be used by
anything in the tree and buildworld succeeds just fine without it.
2006-08-17 03:19:38 +00:00
julian
6e2c7c961f Take IP_FIREWALL_EXTENDED out of the man page too.
MFC after: 1 week
2006-08-17 00:46:06 +00:00
thomas
ec5f8c0e3a Clarify documentation of '-L' command line switch: the snapshot is
unlinked as soon as the dump starts (and removed when the dump is
completed, and the dump process exits). Previous wording was confusing
because users might expect the snapshot to be visible in the .snap
subdirectory while dump is running.

MFC after:	1 week
2006-08-16 16:28:30 +00:00
guido
d020b899e4 Adapt to ipf 4.1.13 2006-08-16 12:25:00 +00:00
mjacob
2a3041e6c3 If rawname returns NULL, deal with it appropriately.
PR:		94045
Submitted by:	Andrey Elsukov
MFC after:	1 week
2006-08-15 17:53:37 +00:00
ru
a6794a47d1 Fix printing of integer Kelvins broken in rev. 1.71, which is
fatal on sizeof(int) != sizeof(long) systems (such as amd64).

MFC after:	1 day
2006-08-15 13:32:39 +00:00
dd
462216939a Print packet loss figures with one decimal place. ping6 already does
this, and OpenBSD and NetBSD pings do it too. This is primarily useful
for comparing low levels of packet loss.
2006-08-14 07:54:17 +00:00
obrien
f6dcb46835 Add an extension to the UINT & ULONG types. The XINT & XLONG types behave
the same, except sysctl(8) will print out the values in hex.
2006-08-12 23:33:10 +00:00
yar
d58bb87de4 Restore the "plumb" compatibility command, which was lost
due to the recent change by sam@ to clone operations in ifconfig(8).
2006-08-12 18:07:17 +00:00
sam
ff4c4ea3a3 fixup list station support:
o add sanity check to avoid possible looping
o use intended api for IEEE80211_IOC_STA_INFO
o when operating in sta mode get the sta info for the ap
2006-08-10 06:06:13 +00:00
maxim
73fe45cc82 o Spell.
Submitted by:	ru
2006-08-10 01:13:38 +00:00
maxim
e14db770e3 o Strip eol whitespaces. 2006-08-09 19:41:34 +00:00
maxim
a1d59e56fe o New sentence, new line.
o Touch Dd for -r.
2006-08-09 18:35:31 +00:00
pjd
b2ae936be5 Allow geli to operate on read-only providers.
Initial patch from:	vd
MFC after:		2 weeks
2006-08-09 18:11:14 +00:00
pjd
1022710a43 Add missing #. 2006-08-07 20:09:09 +00:00
marck
a86a4a9602 Eliminate a pair of unneeded parentheses slipped in from previous version of
fix.

Noticed by:	ru
2006-08-06 14:23:50 +00:00
marck
c55c300765 strlen(3) returns size_t, which is not strictly equivalent to int an 64-bit
archs, hence printf(3) warning.  Fix this.

Noticed by:	tinderbox
Approved by:	rse
2006-08-06 08:37:46 +00:00
stefanf
e39de9bd5c Use the SLIST_NEXT macro instead of sle_next.
Checked with:	cmp(1)
2006-08-05 13:58:50 +00:00
rse
16e908679a Do not pass-through the tailing newline character from the ctime(3)
output to setproctitle(3) in order to get rid of the ugly two-character
escape sequence "\n" in the ps(1) output of a dump(8) process:

<< [...] finished in 0:00 at Sat Aug  5 14:44:39 2006\n (dump)
>> [...] finished in 0:00 at Sat Aug  5 14:44:39 2006 (dump)
2006-08-05 12:50:38 +00:00
njl
844254bd87 Use floating point instead of hacking something together. Suggested by
bde@.  Fix nearby int conversion and a couple style bugs.

MFC after:	1 day
2006-08-04 07:31:55 +00:00
bms
87adc023e9 Block a variety of signals which may afffect reboot(8), before killing
init(8), to avoid losing a race to them and dying before being able
to call reboot(2).

PR:		bin/64664
Submitted by:	maxim
Obtained from:	NetBSD
MFC after:	30 days
2006-08-02 13:05:38 +00:00
bms
03b3f7bd6f Block SIGHUP before killing init(8), to avoid a race condition which may
kill the current process and hang the system when attempting reboot.

PR:		bin/64664
Reviewed by:	ssouhal, phk (historic)
MFC after:	30 days
2006-08-02 12:42:20 +00:00
yar
54901d291e Add eye candy while I'm here: a blank line between
the license and the $FreeBSD$ line.
2006-07-27 18:28:14 +00:00
yar
2c0c3489ce INET6 has no effect on rtsol, it's an IPv6-only tool with its
code independent of the macro.  This utility is just omitted
from the build as a whole by ../Makefile if MK_INET6 is set to false.

Pointed out by:	ume
Tested with:	cmp(1)
2006-07-27 17:56:57 +00:00
yar
7f4c5045cc rtsol is just a stripped-down version of rtsold and as such it should
be built only if MK_INET6 is true: it's specific to IPv6.

Pointed out by:	ume
2006-07-27 17:50:05 +00:00
yar
b8f7c89828 These IPv6-only tools have no explicit dependency on the INET6 macro.
Tested with:	cmp(1)
2006-07-27 15:31:13 +00:00
yar
51c5aa346a Obey MK_INET6_SUPPORT.
This is also a good chance to apply style.Makefile(5) in some cases.
2006-07-27 13:26:29 +00:00
sam
9b29855762 add beacon miss threshold control
Submitted by:	Henrik Brix Andersen <henrik@brixandersen.dk>
MFC after:	2 weeks
2006-07-26 03:08:45 +00:00
oleg
1d7baed662 Specify correct argument range for tag/untag keywords.
Approved by:	glebius (mentor)
2006-07-25 11:07:31 +00:00
njl
bfbd4eba2c Fix printing of negative decimal values in Kelvin to Celsius conversion.
MFC after:	3 days
2006-07-25 02:28:43 +00:00
stefanf
8d9a675f53 style.Makefile(5): Remove -Wall from CFLAGS. 2006-07-17 20:53:25 +00:00
stefanf
3eec5dce88 Remove duplicated assignment. 2006-07-17 20:48:36 +00:00
des
72b19002fe Teach mount(8) about a 'late' keyword, which means the file system should
not be mounted unless the -l flag was specified.

Add an rc script, mountlate, which basically runs 'mount -a -l'.  It runs
after DAEMON but before LOGIN.

This is useful for things like loopback mounts, because mountcritremote
runs before mountd  / nfsd (since /usr might be a remote file system), so
an attempt to mount a loopback network file system in mountcritremote will
fail.

Also add a progress message to mountcritlocal, for the sake of symmetry
with similar messages in mountcritremote and mountlate.

Reviewed by:	freebsd-rc
MFC after:	3 weeks
2006-07-12 16:05:51 +00:00
sam
5fe5db7b92 o replace special handling of clone operations by a clone callback
mechanism
o change vlan cloning to use callback and pass all vlan parameters
  on create using the new SIOCREATE2 ioctl
o update vlan set logic to match existing practice
2006-07-09 06:10:23 +00:00
marcel
c946bc9408 Fix cut-n-paste bug: compare argument s against known aliases,
not the global optarg. This bug goes unnoticed because optarg
is so far always the actual argument for the formal argument s.
2006-07-07 02:44:23 +00:00
jkim
47919b584b Send client identifier unconditionally. My ancient D-Link router response
with NACK if I don't set it.  Setting 'option dhcp-client-identifier' is
alternative but it is inconvenient because I have to keep the list of
all MAC addresses.  As bin/94743 pointed out, it is always sent from
Windows clients and I found Mac OS X does the same.

OK'd by:	brooks
2006-07-03 22:05:38 +00:00
sam
c028917853 remove display of the ERP ie from the list sta output (it's always
zero); replace it with station capabilities

MFC after:	1 month
2006-06-23 17:22:03 +00:00
marcel
4499ab6746 Improve support for Intel based Macs:
o  Accept hfs as partition type.
o  Print Apple HFS partitions using a friendly name.
2006-06-22 22:22:32 +00:00
marcel
abc600ba4a Move the duplicated logic of parsing partition types into a new
function called parse_uuid().
2006-06-22 22:05:28 +00:00
mlaier
f5cde2819f Import interface groups from OpenBSD. This allows to group interfaces in
order to - for example - apply firewall rules to a whole group of
interfaces.  This is required for importing pf from OpenBSD 3.9

Obtained from:	OpenBSD (with changes)
Discussed on:	-net (back in April)
2006-06-19 22:20:45 +00:00
simon
80d29aa8a8 - Fail with an understandable error message if we cannot detect the
sector size, instead of later failing with an error about /boot/mbr
  not being a multiple of the sector size (since we end up with an
  assumed sector size of MAX_SEC_SIZE * 2).
- We query the sector size via an IOCTL anyway, so if that succeeds
  use that instead of probing for it via read(2) calls.  This fixes
  the problem with fdisk failing to operate on at least graid3 and
  md(4) devices on kernels with src/sys/geom/geom_dev.c before
  rev. 1.90, due to fdisk failing to detect the sector size.
- When detecting the root device allow "/" characters in it, which
  happens with e.g. gmirror devices.

Reviewed by:	cperciva
MFC after:	1 week
2006-06-18 22:02:22 +00:00
oleg
7a65db868d Add support of 'tablearg' feature for:
- 'tag' & 'untag' action parameters.
- 'tagged' & 'limit' rule options.
Rule examples:
	pipe 1 tag tablearg ip from table(1) to any
	allow ip from any to table(2) tagged tablearg
	allow tcp from table(3) to any 25 setup limit src-addr tablearg

sbin/ipfw/ipfw2.c:
1) new macros
   GET_UINT_ARG - support of 'tablearg' keyword, argument range checking.
   PRINT_UINT_ARG - support of 'tablearg' keyword.
2) strtoport(): do not silently truncate/accept invalid port list expressions
   like: '1,2-abc' or '1,2-3-4' or '1,2-3x4'. style(9) cleanup.

Approved by:	glebius (mentor)
MFC after:	1 month
2006-06-15 09:39:22 +00:00
maxim
99fa74bcc2 o Revert a previous delta as strlcpy(3) operates with NUL-terminated
strings and cp is not.  Fix logic in the original code and eliminate
core dumps on lines without '\n'.
2006-06-14 15:09:52 +00:00
maxim
dd28c26ad5 o Replace (an incorrect) string copy gymnastics with strlcpy(3).
PR:		bin/98905
Submitted by:	Fabian Keil
MFC after:	1 week
2006-06-14 11:45:01 +00:00
maxim
107ec690fc o Fix typo.
Obtained from:	DragonFlyBSD
2006-06-11 15:53:36 +00:00
trhodes
1a50da1db5 Fix a typo s/Made/Make. Use .Pp for a line break, it will quiet the
mdoc(7) warning.
2006-06-10 09:45:26 +00:00