now it should support all the instructions of the old ipfw.
Fix some bugs in the user interface, /sbin/ipfw.
Please check this code against your rulesets, so i can fix the
remaining bugs (if any, i think they will be mostly in /sbin/ipfw).
Once we have done a bit of testing, this code is ready to be MFC'ed,
together with a bunch of other changes (glue to ipfw, and also the
removal of some global variables) which have been in -current for
a couple of weeks now.
MFC after: 7 days
o Fix zero payloading, unbreak ping -s 0.
o Increase socket recieve buffer, ping -s 65467 is working now.
Submitted by: anti-magic sweep based on kris's patch
Reviewed by: bde, silence on -audit
MFC after: 2 months
This code makes use of variable-size kernel representation of rules
(exactly the same concept of BPF instructions, as used in the BSDI's
firewall), which makes firewall operation a lot faster, and the
code more readable and easier to extend and debug.
The interface with the rest of the system is unchanged, as witnessed
by this commit. The only extra kernel files that I am touching
are if_fw.h and ip_dummynet.c, which is quite tied to ipfw. In
userland I only had to touch those programs which manipulate the
internal representation of firewall rules).
The code is almost entirely new (and I believe I have written the
vast majority of those sections which were taken from the former
ip_fw.c), so rather than modifying the old ip_fw.c I decided to
create a new file, sys/netinet/ip_fw2.c . Same for the user
interface, which is in sbin/ipfw/ipfw2.c (it still compiles to
/sbin/ipfw). The old files are still there, and will be removed
in due time.
I have not renamed the header file because it would have required
touching a one-line change to a number of kernel files.
In terms of user interface, the new "ipfw" is supposed to accepts
the old syntax for ipfw rules (and produce the same output with
"ipfw show". Only a couple of the old options (out of some 30 of
them) has not been implemented, but they will be soon.
On the other hand, the new code has some very powerful extensions.
First, you can put "or" connectives between match fields (and soon
also between options), and write things like
ipfw add allow ip from { 1.2.3.4/27 or 5.6.7.8/30 } 10-23,25,1024-3000 to any
This should make rulesets slightly more compact (and lines longer!),
by condensing 2 or more of the old rules into single ones.
Also, as an example of how easy the rules can be extended, I have
implemented an 'address set' match pattern, where you can specify
an IP address in a format like this:
10.20.30.0/26{18,44,33,22,9}
which will match the set of hosts listed in braces belonging to the
subnet 10.20.30.0/26 . The match is done using a bitmap, so it is
essentially a constant time operation requiring a handful of CPU
instructions (and a very small amount of memmory -- for a full /24
subnet, the instruction only consumes 40 bytes).
Again, in this commit I have focused on functionality and tried
to minimize changes to the other parts of the system. Some performance
improvement can be achieved with minor changes to the interface of
ip_fw_chk_t. This will be done later when this code is settled.
The code is meant to compile unmodified on RELENG_4 (once the
PACKET_TAG_* changes have been merged), for this reason
you will see #ifdef __FreeBSD_version in a couple of places.
This should minimize errors when (hopefully soon) it will be time
to do the MFC.
imposed by the filesystem structure itself remains. With 16k blocks,
the maximum file size is now just over 128TB.
For now, the UFS1 file size limit is left unchanged so as to remain
consistent with RELENG_4, but it too could be removed in the future.
Reviewed by: mckusick
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.
Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.
Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).
Sponsored by: DARPA & NAI Labs.
Reviewed by: Poul-Henning Kamp <phk@freebsd.org>
that are used if none at all are specified for a partition. Don't
keep replaying the last field if we run out of fields when processing
a line. Use a 8:1 frag:block ratio for both defaults.
More work here is required. I think disklabel should not attempt
to choose default filesystem parameters, and instead let newfs pick
any defaults if required.
PR: i386/38703
Reported by: Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>
- /0 if matches ::/128
- /64 if matches 2000::/3 and lowermost 64 bit is all 0
- /128 if matches 2000::/3 and lowermost 64 bit is non-zero 0
Obtained from: KAME/NetBSD
IFS had its fingers deep in the belly of the UFS/FFS split. IFS
will be reimplemented by the maintainer at a later date once the UFS
implementation is in place.
Requested by: adrian (maintainer)
am fairly certain that this should do it and that I may now remove the
UM_ macros from port.h. I will, however, wait a few days to ensure
that these can be safely removed.
/etc/exports. Oversized lines were unlikely due to the large 10k
limit, but any found would cause mountd to exit with an error. Also
fix one or two compiler warnings.
fields as discussed in the commit to ip_fw.c:1.186
On top of this, a ton of non functional changes to clean up the code,
write functions to replace sections of code that were replicated
multiple times (e.g. the printing or matching of flags and options),
splitting long sections of inlined code into separate functions,
and the like.
I have tested the code quite a bit, but some typos (using one variable
in place of another) might have escaped.
The "embedded manpage" is a bit inconsistent, but i am leaving fixing
it for later. The current format makes no sense, it is over 40 lines
long and practically unreadable. We can either split it into sections
( ipfw -h options , ipfw -h pipe , ipfw -h queue ...)
or remove it altogether and refer to the manpage.
+ setting a bandwidth too large for a pipe (above 2Gbit/s) could
cause the internal representation (which is int) to wrap to a
negative number, causing an infinite loop in the kernel;
+ (see PR bin/35628): when configuring RED parameters for a queue,
the values are not passed to the kernel resulting in panics at
runtime (part of the problem here is also that the kernel does
not check for valid parameters being passed, but this will be
fixed in a separate commit).
These are both critical fixes which need to be merged into 4.6-RELEASE.
MFC after: 1 day
- reimplement -z
- use syslog()
- improve consistancy of messages
- allow -f to recover cleared dumps
- return bufsize to 1024 * 1024
- return the ability to write sparse files
- update man page
- fix minfree to require 2k for info file instead of the kernel size
- include Berkeley copyright too due to amount of old code copied
Submitted by: Chad David <davidc@acns.ab.ca>
restores the check_space() function with small modifications
to make it work with the current code. The patch was slightly
modified by Bill Fenner to handle error messages better.
Reviewed by: fenner
fatal if the declaration of strdup() isn't in scope. The upper 32 bits
of the pointer are lost since it defaults to returning "int". Fix some
warnings while here, including trying to make gcc-3.1 happy.
more on how ipfw(8) deals with tiny fragments. While we're at it, add
a quick log message to even let people know we dropped a packet. (Note
that the second FINE POINT is somewhat redundant given the first, but
since the code is there, leave the docs for it.)
MFC after: 1 day
around. If the kernel boots successfully, the record of this kernel
is erased, it is intended to be a one-shot option for testing
kernels.
This could be improved by having the loader remove the record of
the next kernel to boot, it is currently removed in /etc/rc immediately
after disks are mounted r/w.
I'd like to MFC this before the 4.6 freeze unless there is violent
objection.
Reviewed by: Several on IRC
MFC after: 4 days
Use only one filedescriptor. Open in R/O or R/W based in the '-N' option.
Make the filedescriptor a global variable instead of passing it around
as semi-global variable(s).
Remove the undocumented ability to specify type without '-T' option.
Replace fatal() with straight err(3)/errx(3). Save calls to strerror()
where applicable. Loose the progname variable.
Get the sense of the cpgflag test correct so we only issue warnings if
people specify cpg and can't get that. It can be argued that this
should be an error.
Remove the check to see if the disk is mounted: Open for writing
would fail if it were mounted.
Attempt to get the sectorsize and mediasize with the generic disk
ioctls, fall back to disklabel and /etc/disktab as we can.
Notice that on-disk labels still take precedence over /etc/disktab,
this is probably wrong, but not as wrong as the entire concept of
/etc/disktab is.
Sponsored by: DARPA & NAI Labs.
the filesystem type isn't given in the command line. In the case of
an IPv6 address containing ':', one must use the '@' separator for it
to be properly parsed (mount_nfs(8) still needs fixing at the moment
though).
PR: bin/37230
Reviewed by: obrien
MFC after: 1 week
blocksizes, etc
does not give the default of -b
only mentiones rdump in the NAME section
uses both filesystem and file system in similar contexts
PR: 34248
Submitted by: Gary W. Swearingen <swear@blarg.net>
MFC after: 3 days
--change "-s newboot" to "-s newboot2" in an example
--Fixed spelling
--Fixed some confusion between slice/parition/primary partition and other
things.
PR: 35947 and 35951
Noticed by: Gary W. Swearingen <swear@blarg.net>
Reviewed by: keramida
Thanks to: grog
MFC after: 2 days
o Implement -c (clear) to clear previously kept headers (note that
dumps not cleared will remain until -c is used),
o Implement -f (force) to allow re-saving a previously saved dump,
o Implement -k (keep) and make clearing the dump header the default,
o Implement -v (verbose) and make most output conditional upon it,
o Emit minimal output for the non-verbose case with the assumption
that savecore is run mostly from within /etc/rc,
o Update usage message to reflect what is and what's not,
o mark -d as obsolete.
Low-level changes:
o Rename devname to device, for devname mirrors a global declaration
and GCC 3.x warns about it,
o Open the dump device R/W for clear and !keep to work,
o Reorder the locals of DoFile according to style(9),
o Remove newlines from strings passed to warn* and err*,
o Use stat(2) to check if a dump has been saved before,
o Truncate existing core and info files to support force,
o First check for the magic and the version before we complain about
parity errors. This prevents emitting parity error messages when
there's no dump,
o Keep track of the number of headers found and the number of headers
saved to support the minimal output,
o Close files we opened in DoFile. Not critical, but cleaner.
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.
I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
particular as there may not be one. Remove #if 0'ed code which might
mislead people to think otherwise.
unifdef -ULOSTDIR, fsck can make lost+found on the fly.
Sponsored by: DARPA & NAI Labs
Pick up the c-partitions magicness from sys/disklabel.h instead
of defining our own magicness for it, remove trivial comment.
Sponsored by: DARPA and NAI Labs.
that might have changed, then did a byte-by-byte comparison with
the alternate. If any unused fields got used, they had to be added
to the exception list. Such changes caused too many false alarms.
So, I have changed the comparison algorithm to compare a selected
set of fields that are not expected to change. This new algorithm
causes far fewer false hits and still does a good job of detecting
problems when they have really occurred. In particular, this change
should ease the transition to kernels supporting UFS2 which make
some significant changes to the superblock.
Sponsored by: DARPA, NAI Labs
in dump byte order (=network byte order). Swap blocksize and dumptime
to avoid extraneous padding on 64-bit architectures. Use CTASSERT
instead of runtime checks to make sure the header is 512 bytes large.
Various style(9) fixes.
Reviewed by: phk, bde, mike
Commandline compatible with the previous savecore unless you specify
any options, none of them are implemented (yet).
Scans all devices marked "dump" or "swap" for dump header signatures
and saves dumps off under a name which is a MD5 hash of the header
information. This should give unique filenames. A *.info file contains
ascii version of the header information.
Caveats:
The new savecore program is not complete in the sense that it emulates
enough of the old savecores features to do the job, but implements none
of the options yet.
I would appreciate if a userland hacker could help me out getting savecore
to do what we want it to do from a users point of view, compression,
email-notification, space reservation etc etc. (send me email if
you are interested).
Currently, savecore will scan all devices marked as "swap" or "dump" in
/etc/fstab _or_ any devices specified on the command-line.
All architectures but i386 lack an implementation of dumpsys(), but
looking at the i386 version it should be trivial for anybody familiar
with the platform(s) to provide this function.
Documentation is quite sparse at this time, more to come.
Sponsored by: DARPA, NAI Labs
Details:
Dumpon now opens the device and uses ioctl(DIOCGKERNELDUMP) to set it
to be the dumpdevice. When "off" is set, /dev/null is used.
that could be used to set/get arbitrary length link level
addresses. Alias "lladdr" parameter and "ether" family
to the new "link" family for backward compatibility.
PR: bin/31476
MFC after: 1 week
It does not help modern compilers, and some may take some hit from it.
(I also found several functions that listed *every* of its 10 local vars with
"register" -- just how many free registers do people think machines have?)
diskdrives do neither need nor want:
-O create a 4.3BSD format filesystem
-d rotational delay between contiguous blocks
-k sector 0 skew, per track
-l hardware sector interleave
-n number of distinguished rotational positions
-p spare sectors per track
-r revolutions/minute
-t tracks/cylinder
-x spare sectors per cylinder
No change in the produced filesystem image unless one or more of
these options were used.
Approved by: mckusick
open "/dev/stdout". This doesn't actually affect growfs, but does affect
ffsinfo, permitting ffsinfo to output to the shell's stdout rather than
requiring it be dumped to a file or explicitly pointed at a special
device.
Reviewed by: peter
Add a couple of simple regression tests accessible with "make test", they
depend on the md(4) driver.
FYI I have also tried running the test against a week old newfs and it
passed.
anyone needs a newfs without it. Remove the #ifdef's from around
the code and the -DFSIRAND from the Makefile. Also remove redundant
declarations of random() and srandomdev().
for i386 and alpha. Although it builds on sparc64, it does not yet work.
A similar hack as what is used on the sparc64 MD macros can be used to
make ia64 build too, but there doesn't seem to be much point.
Old code obfuscates long (but single-line) messages by printing them in
pieces using %s. Rev.1.41 obfuscated some new long messages using ISO
string concatenation. This commit only fixes the new obfuscations.
by Sheldon.
For a detailed description look at the commit log for sysctl.c
rev.1.42 -- i do not think it is appropriate to put the full
description in this manpage, and the "boot" and "loader" manpages
where this description might go are also missing a description of
a number of similar variables, so i think this it is ok to limit
documentation to this now, and update it later when I (or someone
else) have a chance to revise "boot" and "loader".
machdep.guessed_bootdev, and add code to sysctl to parse its value
and give a (not necessarily correct) name to the device we booted
from (the main motivation for this code is to use the info in the
PicoBSD boot scripts, and the impact on the kernel is minimal).
NOTE: the information available in bootdev is not always reliable,
so you should not trust it too much. The parsing code is the same
as in boot2.c, and cannot cover all cases -- as it is, it seems to
work fine with floppies and IDE disks recognised by the BIOS. It
_should_ work as well with SCSI disks recognised by the BIOS.
Booting from a CDROM in floppy emulation will return /dev/fd0 (because
this is what the BIOS tells us).
Booting off the network (e.g. with etherboot) leaves bootdev unset so
the value will be printed as "invalid (0xffffffff)".
Finally, this feature might go away at some point, hopefully when we
have a more reliable way to get the same information.
MFC-after: 5 days
src/contrib/isc-dhcp/includes/minires/resolv.h has a 'extern' definition
but it makes an error when linking crunched binary just like this:
dhclient.lo: In function `MRres_nquery':
dhclient.lo(.text+0x2dcce): undefined reference to `__h_errno_set'
dhclient.lo(.text+0x2dd5b): undefined reference to `__h_errno_set'
dhclient.lo: In function `MRres_nquerydomain':
dhclient.lo(.text+0x2de53): undefined reference to `__h_errno_set'
The author understands this will be a problem (see comments in resolv.h).
Murray said that the author will fix this, but as a temporary solution,
modifying the source code and not to use __h_errno_set.
BTW, I'm sorry that previous commitlog in src/sbin/dhclient/Makefile should
read "Found by:" instead of "Confirmed by"; I just found that rev 1.15
has a typo so fixed.
Tested on: ushi.jp.FreeBSD.org with today's 5-current source code.
(belive me, "make release.4" works fine now)
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being). Accordingly, change users of
xucred to set and check this field as appropriate. In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former. This also has the pleasant sideaffect of removing some
duplicate code.
Reviewed by: rwatson
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386
Reviewed by: bde, jake, tmm
after an EOT-terminated volume. We keep track of the current record
number, and synchronise it with the c_tapea field each time we read
a header. Avoid the use of c_firstrec because some bugs in dump can
cause it to be set incorrectly.
Move the initialisation of some variables to avoid compiler warnings.
volume if we missed some earlier tapes (the user can still enter
'none' later if the tapes are unavailable). Previously with 'x'
restores, we might not ask for all tapes if the tapes are supplied
in reverse order.
Clarify the message that describes what volume should be mounted
first; reverse order is only efficient when extracting a few files.
for monitoring automated backups. This is based on a patch by Mikhail
Teterin, with some changes to make its operation clearer and to
update the proctitle more frequently.
PR: bin/32138
volumes are available, instead of getting stuck in a loop calling
getvol(). Normally restore in 'x' or 'i' modes will ask for a new
(earlier) volume when the current inode number on the tape is greater
than the last inode to be restored, since there can be no further
inodes of interest on that volume. However we don't want to change
volumes in this case either if the user explicitly said that there
are no more tapes, or if we are looking at the first volume.
When no more volumes are available but there are still inodes that
we have not found, we now just fall through to the code that prints
out a list of any missing files, so the restore completes normally.
Also simplify the logic a bit by always returning to the start of
the main for(;;) loop whenever the volume has changed.
This should completely fix the "Changing volumes on pipe input" bug
that is often observed when restoring dumps of active filesystems.
PR: bin/4176, bin/34604, misc/34675
to multi-volume restores:
- In findinode(), keep a copy of header->c_type so that we don't
exit the do-while loop until we have processed the current header.
Exiting too early leaves curfile.ino set to 0, which confuses
the logic in createfiles(), so multi-volume restores with the
'x' command don't work if you follow the instructions and supply
the tapes in reverse order. This appears to have been broken
by CSRG revision 5.33 tape.c (Oct 1992).
- The logic in getvol() for deciding how many records to skip after
the volume header was confused; sometimes it would skip too few
records and sometimes too many, leading to "resync restore"
warnings and missing files. Skip to the next header only when
the current action is not `USING'. Work around a dump bug that
sets c_count incorrectly in the volume header of the first tape.
Some of the problems here date back to at least 1991.
- Back out revision 1.23. This appeared to avoid warnings about
missing files in the 'rN' verification case, but it made the
problems with the 'x' command worse by stopping getvol() from
even attempting to find the first inode number on the newly
inserted tape. The bug it addressed is fixed by correcting the
skipping logic as described above.
- Save the value of `tpblksread' in case the wrong volume is
supplied, because it is incremented each time we read a volume
header. We already saved `blksread' for the same reson.
Normally trewind() performs a close-open-close cycle to rewind the
tape when closing the device, but this is not ideal for fifos. We
now skip the final open-close if the output descriptor is a fifo.
PR: bin/25474
Submitted by: Alex Bakhtin <bakhtin@amt.ru>
MFC after: 1 week
blocks allocated by some inode. Indirect blocks are printed
recursively, so beware :), the list could become lengthy...
(We should probably add some output pager to fsdb.)
MFC after: 1 month
bloats the resulting binary file by forcing them out of .bss into
.data, while the C standard already guarantees them to become
initialized to 0 at program startup.
MFC after: 1 week
Cure the "lets put everything in registers" ailment.
Set WARNS=2
Fix two problems where casting messed up large quotafiles.
PR: 34108
Submitted by: Maxim Katargin <kmv@asplinux.ru>
MFC after: 3 weeks
This works by retokenizing a line with a split limit so that if the
argument count for a command is greater than the number of arguments
formed by splitting apart the line of user input, the last argument
is instead all of the remainder of the input line.
Yes, I needed this capability at one point to fix a filesystem manually,
which happened to break with a problematic space-containing directory
entry.
This allows obtaining crash dumps from the panics occured during late stages
of kernel initialisation before system enters into single-user mode.
MFC after: 2 weeks
Any of readfds, writefds, and exceptfds may be given as nil
pointers if no descriptors are of interest.
neither wfds nor efds were of interest so now they are nil.
also, do a little better then making an educated guess for nfds.
time_to_xxx() and xxx_to_time() functions. e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard. They will eventually be replaced when a real standard
comes out of committee.
camcontrol.
This enables rescanning all busses or resetting all busses in a system.
The current implementation is not the ideal way to do it -- the ideal way
to do it would be for the transport layer to handle wildcarded busses on
bus rescan and reset operations. The current implementation enumerates all
the busses and sends a rescan or reset CCB individually. Handling this
behavior in the transport layer will happen later.
Reviewed by: imp
Tested by: joerg
MFC after: 1 week
socket so that routing daemons and other interested parties
know when an interface is attached/detached.
PR: kern/33747
Obtained from: NetBSD
MFC after: 2 weeks
variable RELEASE_BUILD_FIXIT is defined, a camcontrol binary will be
built that only knows the "rescan" and "reset" subcommands. The
resulting code is small enough to still fit onto the boot floppy.
Reviewed by: ken
MFC after: 1 week
not return ENOBUFS for unreliable protocols like divert.
This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.
Spotted by: chkno@dork.com
Explained by: luigi
Reviewed by: Ari Suutari <ari.suutari@syncrontech.com>
MFC after: 2 weeks
The first "synopsis" example has a "[/prefixlength]" which shouldn't
be there, since that stuff is part of the preceeding "address" as is
explained in the description of "address".
(The way it is now, 192.168.0.1/16/prefixlength would be a proper
operand. Note that "prefixlength" is not mentioned by name anywhere.)
PR: 32462
Submitted by: Gary W. Swearingen <swear@blarg.net>
disklabel(8)'s "Reading the disk label" section starts out "To examine
or save the label on a disk drive,...". This is confusing. The given
command (disklabel [-r] disk) doesn't save anything (except to standard
out, but that should go without saying). It reads as if the command
might save something on the disk drive.
PR: 32452
Submitted by: Gary W. Swearingen <swear@blarg.net>