4486 Commits

Author SHA1 Message Date
andre
eba7c4085c Make 'ipfw tee' behave as inteded and designed. A tee'd packet is copied
and sent to the DIVERT socket while the original packet continues with the
next rule.  Unlike a normally diverted packet no IP reassembly attemts are
made on tee'd packets and they are passed upwards totally unmodified.

Note: This will not be MFC'd to 4.x because of major infrastucture changes.

PR:		kern/64240 (and many others collapsed into that one)
2004-09-13 16:46:05 +00:00
alfred
536630fee2 WARNS=4 safe. 2004-09-12 07:06:48 +00:00
alfred
970c31768a Fix build. 2004-09-12 02:24:01 +00:00
alfred
0b5cabf950 Hook mount_autofs to the build. 2004-09-12 01:25:47 +00:00
csjp
b1981485f7 Currently when ipfw(8) generates the micro-instructions for rules which
contain O_UID, O_GID and O_JAIL opcodes, the F_NOT or F_OR logical
operator bits get clobbered. Making it impossible to use the ``NOT'' or
``OR'' operators with uid, gid and jail based constraints.

The ipfw_insn instruction template contains a ``len'' element which
stores two pieces of information, the size of the instruction
(in 32-bit words) in the low 6 bits of "len" with the 2 remaining
bits to implement OR and NOT.

The current code clobbers the OR and NOT bits by initializing the
``len'' element to the size, rather than OR'ing the bits. This change
fixes this by changing the initialization of cmd->len to an OR operation
for the O_UID, O_GID and O_JAIL opcodes.

This may be a MFC candidate for RELENG_5.

Reviewed by:	andre
Approved by:	luigi
PR:		kern/63961 (partially)
2004-09-11 19:44:29 +00:00
maxim
e510005b1a o Initialize a local variable and make gcc happy.
PR:		bin/71485
Submitted by:	Jukka A. Ukkonen
2004-09-10 13:42:24 +00:00
phk
d99f64fa38 Fix a type bug which sometimes wrote unusable lock sectors on the disk. 2004-09-10 12:16:54 +00:00
brooks
0073b704f8 The disk labels generated by bsdlabel can no address more than
0xffffffff sectors.  Document this limit and avoid installing bogus
labels on disks with more sectors.

Allowing the installation of labels addressing as much of the disk as
possiable may be a useful addition in some situations, but this was easy
to implement and should reduce confusion.

PR:		bin/71408
2004-09-09 07:46:53 +00:00
jmg
db223378ac add support for documented readonly option...
also print out the option that is unknow so that the user knows what (s)he
did wrong..

MFC after:	3 days
2004-09-08 20:28:29 +00:00
alfred
8337118014 sync with private code:
fix a 5.x'ism that 4.x needs protection from.
make this code compile standalone.
2004-09-08 08:44:14 +00:00
pjd
456c69d927 Fix/clean up return values checking. 2004-09-08 07:57:14 +00:00
pjd
75f67c7681 Allow to setup GBDE on providers which contain '/' in their names,
e.g. mirror/<name>, stripe/<name>.

Approved by:	phk
2004-09-06 13:42:09 +00:00
brooks
ba918da2a5 Use a spare byte in struct if_data to store the structure size without
increasing it.  Add code to ifconfig to use this size to find the
sockaddr_dl after the struct if_data in the routing message.  This
allows struct if_data to grow (up to 255 bytes) without breaking
ifconfig.

Submitted by:	peter
2004-09-01 18:22:14 +00:00
scottl
684e377891 Move back to WARNS=2 2004-09-01 08:26:39 +00:00
scottl
6703db1346 Create DIP_SET() and IBLK_SET() macros to fix lvalue warnings.
Inspired by: kan
2004-09-01 05:48:06 +00:00
alfred
e39e879ede Enter the autofs. 2004-08-31 16:26:01 +00:00
trhodes
d3a487d586 Correct a style bug: remove a gratuitous space between ( and ".
Ok'ed by:	fjoe
2004-08-31 05:19:57 +00:00
peter
78508cab26 Add a suffix descriptor for the acpi thermal values as a hint for the userland
sysctl tool to print a more readable value for temperatures.
2004-08-30 22:42:10 +00:00
pjd
5d5c60a5a5 When configuring RAID3 with verification option, force synchronization
of parity component, because we can't return an EIO error for read of
every sector which wasn't written first.

Discussed with:	phk
2004-08-30 22:08:00 +00:00
maxim
d003e4e10f o Restore a historical ipfw1 logamount behaviour: rules with 'log'
keyword but without 'logamount' limit the amount of their log messages
by net.inet.ip.fw.verbose_limit sysctl value.

RELENG_5 candidate.

PR:		kern/46080
Submitted by:	Dan Pelleg
MFC after:	1 week
2004-08-29 08:25:02 +00:00
pjd
826fb4fba8 Warn the user if we are not going to use the whole provider's space. 2004-08-28 02:49:28 +00:00
pjd
2d011d4672 Warn the user if we are not going to use whole provider space.
Requested by:	Michael Handler <handler@grendel.net>
2004-08-28 02:34:10 +00:00
pjd
bf3acf8f03 - If error string begins with "warning: ", don't exit, treat it as a warning
only.
- Use getprogname() function when informing about versions problem.
2004-08-28 02:29:40 +00:00
pjd
aa05ee70bc Fix 'show' command for pipes and queues.
PR:		bin/70311
Submitted by:	Pawel Malachowski <pawmal-posting@freebsd.lublin.pl>
MFC after:	3 days
2004-08-23 19:20:27 +00:00
pjd
529a80f729 Add missing GEOM classes, which are aware of geom(8).
Submitted by:	kuriyama
2004-08-23 06:23:17 +00:00
pjd
0f9a709922 Fix sysctl name. 2004-08-22 16:22:20 +00:00
pjd
7e2ef21ad9 Implementation of 'verify reading' algorithm, which uses parity data for
verification of regular data when device is in complete state.
On verification error, EIO error is returned for the bio and sysctl
kern.geom.raid3.stat.parity_mismatch is increased.

Suggested by:	phk
2004-08-22 16:21:12 +00:00
pjd
c3c6740d1a Implement new reading algorithm, which will use parity component for reading
as well, even if device is in complete state.
I observe 40% of speed-up with this option for random read operations,
but slowdown for sequential reads.
Basically, without this option reading from a RAID3 device built from 5
components (c0-c4) looks like this:

	Request no.	Used components
	1		c0+c1+c2+c3
	2		c0+c1+c2+c3
	3		c0+c1+c2+c3

With the new feature:

	Request no.	Used components
	1		c0+c1+c2+c3
	2		(c1^c2^c3^c4)+c1+c2+c3
	3		c0+(c0^c2^c3^c4)+c2+c3
	4		c0+c1+(c0^c1^c3^c4)+c3
	5		c0+c1+c2+(c0^c1^c2^c4)
	6		c0+c1+c2+c3
	[...]
2004-08-21 18:11:46 +00:00
jhb
e4ddba3ab3 Generalize the UFS bad magic value used to determine when a filesystem
has only been partly initialized via newfs(8) so that it applies to both
UFS1 and UFS2.

Submitted by:	"Xin LI" delphij at frontfree dot net
MFC:		maybe?
2004-08-19 11:09:13 +00:00
pjd
7418c74fe3 - Add a manual page for graid3(8) utility.
- Connect it to the build.
- Inform geom(8) about it.
2004-08-18 16:41:30 +00:00
pjd
f03be4709b Add a line to BUGS section about the need of implementation description. 2004-08-18 16:37:04 +00:00
pjd
e04dc12e69 Add some missing empty lines. 2004-08-18 16:14:24 +00:00
pjd
6dbbed758e Fix typo. 2004-08-18 16:09:20 +00:00
pjd
dde223fb01 Actually one can specify more than one device to stop. 2004-08-18 15:56:02 +00:00
pjd
beaa57d66f Ok, let's try again:
Add manual page for gmirror(8) utility.
2004-08-18 15:54:52 +00:00
pjd
b871b4b089 - Add a manual page for gmirror(8) utility.
- Connect it to the build.
- Inform geom(8) manual page about it.

Reviewed by:	trhodes
2004-08-18 15:48:18 +00:00
ru
c392760f6f Use a local "compress" symbol corresponding to a variable in BSS,
rather than the one from libz, corresponding to a function, when
linking statically.

PR:		bin/70392
2004-08-16 07:02:14 +00:00
pjd
5719aaaa5f Connect RAID3 GEOM class to the build. 2004-08-16 06:36:21 +00:00
pjd
8394d51046 Introduce GEOM RAID3 class, i.e. kernel module, which implements RAID3
transformation and graid3(8) userland utility, which can be used for
configuration. No manual page yet, sorry.

Hardware provided by:	Daniel Seuffert
2004-08-16 06:23:14 +00:00
stefanf
bcdeb8e73c Avoid using void pointers in additive expressions.
PR:		56653
2004-08-14 17:46:10 +00:00
phk
1874b31277 Don't declare everything we find on a loopback interface for passive:
Only the actual loopback address should be declared passive, other
addresses are very likely to be desirable to announce.

Check for IFF_LOOPBACK instead of IFF_PASSIVE to determine if we have
an unknown interface type.
2004-08-14 08:36:35 +00:00
ru
8bb28f0420 Removed commented out bitrot. 2004-08-13 14:18:24 +00:00
csjp
d0ccd82499 Remove trailing whitespace and change "prisoniD" to "prisonID".
Pointed out by:	simon
Approved by:	bmilekic (mentor)
2004-08-13 02:50:59 +00:00
csjp
6661aed38d Add the ability to associate ipfw rules with a specific prison ID.
Since the only thing truly unique about a prison is it's ID, I figured
this would be the most granular way of handling this.

This commit makes the following changes:

- Adds tokenizing and parsing for the ``jail'' command line option
  to the ipfw(8) userspace utility.
- Append the ipfw opcode list with O_JAIL.
- While Iam here, add a comment informing others that if they
  want to add additional opcodes, they should append them to the end
  of the list to avoid ABI breakage.
- Add ``fw_prid'' to the ipfw ucred cache structure.
- When initializing ucred cache, if the process is jailed,
  set fw_prid to the prison ID, otherwise set it to -1.
- Update man page to reflect these changes.

This change was a strong motivator behind the ucred caching
mechanism in ipfw.

A sample usage of this new functionality could be:

    ipfw add count ip from any to any jail 2

It should be noted that because ucred based constraints
are only implemented for TCP and UDP packets, the same
applies for jail associations.

Conceptual head nod by:	pjd
Reviewed by:	rwatson
Approved by:	bmilekic (mentor)
2004-08-12 22:06:55 +00:00
pjd
3e11d41b47 The geom(8) utility needs dynamic linker functionality to work, so it can't
be staticaly linked.
This fixes problems on systems compiled with NO_DYNAMICROOT.
2004-08-12 13:15:52 +00:00
harti
d093c6fa50 Add support for the examination and modification of the devices.
This is implemented through SNMP and requires the ilmi daemon to
run on the system. To prevent bloat in rescue the atmconfig for
rescue is compiled without this stuff.
2004-08-12 12:31:43 +00:00
pjd
f0d4b9a881 Forgot to commit those: introduce hardcoded provider functionality,
which allow to store provider's name in the metadata and avoid
problems when few providers share the same last sector.
2004-08-10 19:52:12 +00:00
andre
649b4336f4 New ipfw option "antispoof":
For incoming packets, the packet's source address is checked if it
 belongs to a directly connected network.  If the network is directly
 connected, then the interface the packet came on in is compared to
 the interface the network is connected to.  When incoming interface
 and directly connected interface are not the same, the packet does
 not match.

Usage example:

 ipfw add deny ip from any to any not antispoof in

Manpage education by:	ru
2004-08-09 16:12:10 +00:00
des
d8c5c6847c The multiplier prefix is actually a multiplier suffix. 2004-08-09 14:43:50 +00:00
pjd
a98f255700 - Introduce option for hardcoding providers' names into metadata.
It allows to fix problems when last provider's sector is shared between few
  providers.
- Bump version number for CONCAT and STRIPE and add code for backward
  compatibility.
- Do not bump version number of MIRROR, as it wasn't officially introduced yet.
  Even if someone started to play with it, there is no big deal, because
  wrong MD5 sum of metadata will deny those providers.
- Update manual pages.
- Add version history to g_(stripe|concat).h files.
2004-08-09 11:29:42 +00:00